trojan.agent infection, system crashing every few minutes

pjgibbons · March 11, 2013

My kids' computer crashed last night. It's a Dell XPS 430 running windows 7. It normally runs like a champ, rarely have any issues with it. When I took a look at it, it was very slow to reboot, and within a minute or two of it reloading everything, it would crash again. I get messages that files are missing (including the hard drive at one point), ie 9 won't run, and it is incredibly slow. It does not crash in safe mode. Managed to get mbam on and ran it. It identified several copies of trojan.agent and trojan.redirrdll. It got rid of the redirdll, but every time it reboots, trojan.agent is still there. Tried several things, including steps from another post in this forum. I was able to run security check, adwcleaner and roguekiller without it crashing. All found threats, but don't seem to be removing the bugger. I tried to run tdsskiller, but it crashes halfway through, and now it's back to crashing as soon as it's back up again (in regular mode) - it doesn't give me enough time to download or run anything before it crashes again. Tried running tdsskiller in safe mode once, with no success. It didn't come up automatically like it did in regular mode, after I checked 'loaded modules' and it rebooted, so perhaps there's another step? Any help will be greatly appreciated! I have 2 teenagers who aren't happy about being offline!

Larusso · March 11, 2013

Hy there.

Could you please tell me if this is a 32 or 64 bit Windows ?

pjgibbons · March 11, 2013

64 bit

Larusso · March 11, 2013

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

pjgibbons · March 12, 2013

<div>Thanks for your help!</div>

<div>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01</div>

<div>Ran by SYSTEM at 11-03-2013 19:34:12</div>

<div>Running from F:\</div>

<div>Windows 7 Home Premium (X64) OS Language: English(US) </div>

<div>The current controlset is ControlSet001</div>

<div>==================== Registry (Whitelisted) ===================</div>

<div>HKLM\...\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]</div>

<div>HKLM\...\Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)</div>

<div>HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [443904 2008-05-22] (IDT, Inc.)</div>

<div>HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)</div>

<div>HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.)</div>

<div>HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-14] (Advanced Micro Devices, Inc.)</div>

<div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)</div>

<div>HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)</div>

<div>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)</div>

<div>HKU\Administrator\...\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)</div>

<div>HKU\Administrator\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]</div>

<div>HKU\Pam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]</div>

<div>HKU\Pam\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-11-08] (Siber Systems)</div>

<div>HKU\Pam\...\Run: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [x]</div>

<div>HKU\Pam\...\Run: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [x]</div>

<div>HKU\Pam\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)</div>

<div>HKU\Pam\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)</div>

<div>HKU\Pam\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)</div>

<div>HKU\Pam\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|" [468408 2009-06-05] (Adobe Systems, Inc.)</div>

<div>HKU\QBDataServiceUser18\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]</div>

<div>HKU\QBDataServiceUser18\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [x]</div>

<div>Tcpip\Parameters: [DhcpNameServer] 192.168.2.1</div>

<div>Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div>

<div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div>

<div>Startup: C:\ProgramData\Start Menu\Programs\Startup\CrashPlan Tray.lnk</div>

<div>ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)</div>

<div>Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk</div>

<div>ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)</div>

<div>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div>

<div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div>

<div>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div>

<div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div>

<div>Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div>

<div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div>

<div>==================== Services (Whitelisted) ===================</div>

<div>2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan)</div>

<div>2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.)</div>

<div>2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-06] (Dell Inc.)</div>

<div>3 DMService; C:\Windows\Downloaded Program Files\DM.1\DMService.exe [487312 2010-11-25] (Microsoft Corporation)</div>

<div>2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)</div>

<div>2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)</div>

<div>2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)</div>

<div>2 QuickBooksDB18; C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)</div>

<div>2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)</div>

<div>3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]</div>

<div>3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]</div>

<div>==================== Drivers (Whitelisted) =====================</div>

<div>1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)</div>

<div>1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)</div>

<div>3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)</div>

<div>1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation)</div>

<div>3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-13] (Symantec Corporation)</div>

<div>1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)</div>

<div>3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2011-03-30] (http://libusb-win32.sourceforge.net)</div>

<div>3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)</div>

<div>3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.)</div>

<div>1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.)</div>

<div>3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)</div>

<div>3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)</div>

<div>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS [126192 2013-03-11] (Symantec Corporation)</div>

<div>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS [2087664 2013-03-11] (Symantec Corporation)</div>

<div>3 psdrv3; C:\Windows\System32\Drivers\psdrv3.sys [23816 2011-05-08] (Prime Sense Ltd.)</div>

<div>1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)</div>

<div>1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)</div>

<div>0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)</div>

<div>0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)</div>

<div>3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-21] (Symantec Corporation)</div>

<div>1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [53808 2010-05-05] (Symantec Corporation)</div>

<div>1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)</div>

<div>1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)</div>

<div>3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)</div>

<div>3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)</div>

<div>3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)</div>

<div>3 27303051; C:\Windows\System32\drivers\33678759.sys [x]</div>

<div>3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]</div>

<div>3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]</div>

<div>3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]</div>

<div>3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]</div>

<div>3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]</div>

<div>3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]</div>

<div>3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]</div>

<div>3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]</div>

<div>==================== NetSvcs (Whitelisted) ====================</div>

<div>==================== One Month Created Files and Folders ========</div>

<div>2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp</div>

<div>2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp</div>

<div>2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp</div>

<div>2013-03-11 11:13 - 2013-03-11 11:14 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp</div>

<div>2013-03-11 11:06 - 2013-03-11 11:07 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp</div>

<div>2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe</div>

<div>2013-03-11 10:51 - 2013-03-11 10:52 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt</div>

<div>2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt</div>

<div>2013-03-11 10:43 - 2013-03-11 10:50 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine</div>

<div>2013-03-11 10:41 - 2013-03-11 10:42 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe</div>

<div>2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt</div>

<div>2013-03-11 10:35 - 2013-03-11 10:36 - 00007739 ____A C:\AdwCleaner[s1].txt</div>

<div>2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe</div>

<div>2013-03-11 07:54 - 2013-03-11 07:55 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe</div>

<div>2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp</div>

<div>2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp</div>

<div>2013-03-11 07:17 - 2013-03-11 07:18 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp</div>

<div>2013-03-11 06:58 - 2013-03-11 06:57 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll</div>

<div>2013-03-11 06:58 - 2013-03-11 06:57 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</div>

<div>2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}</div>

<div>2013-03-11 06:36 - 2013-03-11 06:49 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe</div>

<div>2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific</div>

<div>2013-03-11 03:19 - 2013-03-11 03:20 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp</div>

<div>2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}</div>

<div>2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec</div>

<div>2013-03-10 19:46 - 2013-03-10 19:47 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp</div>

<div>2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}</div>

<div>2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2013-03-10 19:25 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</div>

<div>2013-03-10 18:47 - 2013-03-10 18:48 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp</div>

<div>2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}</div>

<div>2013-02-22 13:56 - 2013-03-10 16:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat</div>

<div>2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe</div>

<div>2013-02-13 09:04 - 2013-03-10 12:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}</div>

<div>2013-02-13 01:01 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</div>

<div>2013-02-13 01:01 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</div>

<div>2013-02-13 01:01 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div>

<div>2013-02-13 01:01 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</div>

<div>2013-02-13 01:01 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</div>

<div>2013-02-13 01:01 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div>

<div>2013-02-13 01:01 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</div>

<div>2013-02-13 01:01 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div>

<div>2013-02-12 18:07 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div>

<div>2013-02-12 18:07 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div>

<div>2013-02-12 18:07 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div>

<div>2013-02-12 18:07 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div>

<div>2013-02-12 18:07 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div>

<div>2013-02-12 18:07 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</div>

<div>2013-02-12 18:07 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div>

<div>2013-02-12 18:07 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div>

<div>2013-02-12 18:07 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div>

<div>2013-02-12 18:07 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div>

<div>2013-02-12 18:07 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</div>

<div>2013-02-12 18:07 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</div>

<div>==================== One Month Modified Files and Folders =======</div>

<div>2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp</div>

<div>2013-03-11 16:29 - 2012-02-19 16:36 - 00000000 ____D C:\Windows\Minidump</div>

<div>2013-03-11 16:29 - 2009-06-17 04:23 - 687996484 ____A C:\Windows\MEMORY.DMP</div>

<div>2013-03-11 11:40 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Pam\Tracing</div>

<div>2013-03-11 11:37 - 2011-05-13 15:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>2013-03-11 11:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div>

<div>2013-03-11 11:37 - 2009-07-13 20:51 - 01488204 ____A C:\Windows\setupact.log</div>

<div>2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp</div>

<div>2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp</div>

<div>2013-03-11 11:14 - 2013-03-11 11:13 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp</div>

<div>2013-03-11 11:07 - 2013-03-11 11:06 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp</div>

<div>2013-03-11 10:58 - 2009-12-05 15:01 - 01704193 ____A C:\Windows\WindowsUpdate.log</div>

<div>2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe</div>

<div>2013-03-11 10:52 - 2013-03-11 10:51 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt</div>

<div>2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>2013-03-11 10:50 - 2013-03-11 10:43 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine</div>

<div>2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt</div>

<div>2013-03-11 10:47 - 2009-07-13 21:13 - 00876842 ____A C:\Windows\System32\PerfStringBackup.INI</div>

<div>2013-03-11 10:43 - 2013-01-24 08:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div>

<div>2013-03-11 10:42 - 2013-03-11 10:41 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe</div>

<div>2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt</div>

<div>2013-03-11 10:36 - 2013-03-11 10:35 - 00007739 ____A C:\AdwCleaner[s1].txt</div>

<div>2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe</div>

<div>2013-03-11 10:13 - 2011-05-13 15:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>2013-03-11 08:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF</div>

<div>2013-03-11 08:01 - 2011-05-18 13:16 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Skype</div>

<div>2013-03-11 07:55 - 2013-03-11 07:54 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe</div>

<div>2013-03-11 07:52 - 2009-07-13 21:08 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT</div>

<div>2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp</div>

<div>2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp</div>

<div>2013-03-11 07:18 - 2013-03-11 07:17 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp</div>

<div>2013-03-11 07:07 - 2009-12-05 14:44 - 00532140 ____A C:\Windows\PFRO.log</div>

<div>2013-03-11 06:59 - 2009-01-04 08:56 - 00000000 ____D C:\ProgramData\Adobe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:58 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll</div>

<div>2013-03-11 06:57 - 2013-03-11 06:58 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe</div>

<div>2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</div>

<div>2013-03-11 06:57 - 2011-03-27 07:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll</div>

<div>2013-03-11 06:57 - 2009-01-04 08:51 - 00000000 ____D C:\Program Files (x86)\Java</div>

<div>2013-03-11 06:52 - 2009-12-05 14:23 - 00000000 ____D C:\users\Administrator</div>

<div>2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}</div>

<div>2013-03-11 06:49 - 2013-03-11 06:36 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe</div>

<div>2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific</div>

<div>2013-03-11 03:20 - 2013-03-11 03:19 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp</div>

<div>2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}</div>

<div>2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec</div>

<div>2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files\Bonjour</div>

<div>2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour</div>

<div>2013-03-10 21:37 - 2011-08-16 11:41 - 00000000 ____D C:\Program Files\CrashPlan</div>

<div>2013-03-10 21:37 - 2011-07-10 17:49 - 00000000 ____D C:\Program Files (x86)\Ring Factory</div>

<div>2013-03-10 21:37 - 2011-07-08 18:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update</div>

<div>2013-03-10 21:37 - 2011-06-20 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze</div>

<div>2013-03-10 21:37 - 2010-11-10 18:43 - 00000000 ____D C:\Python26</div>

<div>2013-03-10 21:37 - 2010-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\Finale 2011</div>

<div>2013-03-10 21:37 - 2010-04-21 05:06 - 00000000 ____D C:\ProgramData\Norton</div>

<div>2013-03-10 21:37 - 2009-12-05 14:23 - 00000000 ____D C:\users\QBDataServiceUser18</div>

<div>2013-03-10 21:37 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV</div>

<div>2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep</div>

<div>2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration</div>

<div>2013-03-10 21:37 - 2009-06-03 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes</div>

<div>2013-03-10 21:37 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Kevin</div>

<div>2013-03-10 19:47 - 2013-03-10 19:46 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp</div>

<div>2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}</div>

<div>2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes</div>

<div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2013-03-10 18:48 - 2013-03-10 18:47 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp</div>

<div>2013-03-10 18:48 - 2009-12-05 14:23 - 00000000 ____D C:\users\Pam</div>

<div>2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}</div>

<div>2013-03-10 17:06 - 2012-06-27 08:53 - 00000024 ____A C:\Users\Pam\random.dat</div>

<div>2013-03-10 17:02 - 2010-10-01 18:07 - 00000000 ____D C:\Users\Pam\Documents\Sara 2</div>

<div>2013-03-10 16:56 - 2013-02-22 13:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat</div>

<div>2013-03-10 16:56 - 2011-10-25 18:14 - 00000032 ____A C:\Users\Pam\jagex_cl_runescape_LIVE.dat</div>

<div>2013-03-10 12:50 - 2013-02-13 09:04 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}</div>

<div>2013-03-01 09:52 - 2011-02-12 07:53 - 00000000 ____D C:\Users\Pam\AppData\Local\{1339582B-495A-4F41-96DE-D29C21E8004D}</div>

<div>2013-02-26 20:43 - 2013-01-24 08:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</div>

<div>2013-02-26 20:43 - 2011-06-29 04:59 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</div>

<div>2013-02-22 13:56 - 2012-06-27 08:53 - 00000000 ____D C:\Users\Pam\jagexcache</div>

<div>2013-02-19 18:20 - 2010-10-02 11:53 - 00000509 ____A C:\Windows\demdata.txt</div>

<div>2013-02-13 21:20 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Personal</div>

<div>2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe</div>

<div>2013-02-13 19:11 - 2008-10-29 10:53 - 00000000 ____D C:\Users\Pam\Documents\QB 2008 data files</div>

<div>2013-02-13 14:47 - 2006-07-17 14:08 - 00000000 ____D C:\Users\Pam\Documents\JDM</div>

<div>2013-02-13 14:43 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Insctr</div>

<div>2013-02-13 07:21 - 2012-05-10 18:11 - 00000000 ____D C:\Users\Pam\Documents\Quicken</div>

<div>2013-02-13 01:41 - 2009-07-13 20:45 - 00648776 ____A C:\Windows\System32\FNTCACHE.DAT</div>

<div>2013-02-13 01:20 - 2009-01-08 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help</div>

<div>2013-02-13 01:09 - 2009-12-12 06:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</div>

<div>2013-02-12 21:04 - 2013-01-24 16:58 - 00000000 ____D C:\Users\Pam\AppData\Local\{94636BCD-8EC9-4864-A7BC-33E9FFF0E645}</div>

<div>==================== Known DLLs (Whitelisted) =================</div>

<div>==================== Bamital & volsnap Check =================</div>

<div>C:\Windows\System32\winlogon.exe => MD5 is legit</div>

<div>C:\Windows\System32\wininit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div>

<div>C:\Windows\explorer.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div>

<div>C:\Windows\System32\svchost.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div>

<div>C:\Windows\System32\services.exe => MD5 is legit</div>

<div>C:\Windows\System32\User32.dll => MD5 is legit</div>

<div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div>

<div>C:\Windows\System32\userinit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div>

<div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div>

<div>TDL4: custom:26000022 <===== ATTENTION!</div>

<div>==================== EXE ASSOCIATION =====================</div>

<div>HKLM\...\.exe: exefile => OK</div>

<div>HKLM\...\exefile\DefaultIcon: %1 => OK</div>

<div>HKLM\...\exefile\open\command: "%1" %* => OK</div>

<div>==================== Restore Points =========================</div>

<div>Restore point made on: 2013-03-08 20:19:04</div>

<div>Restore point made on: 2013-03-11 06:57:10</div>

<div>==================== Memory info =========================== </div>

<div>Percentage of memory in use: 12%</div>

<div>Total physical RAM: 6077.91 MB</div>

<div>Available physical RAM: 5337.75 MB</div>

<div>Total Pagefile: 6076.06 MB</div>

<div>Available Pagefile: 5343.98 MB</div>

<div>Total Virtual: 8192 MB</div>

<div>Available Virtual: 8191.88 MB</div>

<div>==================== Partitions =============================</div>

<div>1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:505.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</div>

<div>2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.3 GB) NTFS</div>

<div>4 Drive f: () (Removable) (Total:1.92 GB) (Free:1.59 GB) FAT</div>

<div>9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</div>

<div> Disk ### Status Size Free Dyn Gpt</div>

<div> Disk 0 Online 698 GB 0 B </div>

<div> Disk 1 Online 1967 MB 0 B </div>

<div> Disk 2 No Media 0 B 0 B </div>

<div> Disk 3 No Media 0 B 0 B </div>

<div> Disk 4 No Media 0 B 0 B </div>

<div> Disk 5 No Media 0 B 0 B </div>

<div>Partitions of Disk 0:</div>

<div> Partition ### Type Size Offset</div>

<div> Partition 1 OEM 62 MB 31 KB</div>

<div> Partition 2 Primary 15 GB 63 MB</div>

<div> Partition 3 Primary 683 GB 15 GB</div>

<div>Partition 1</div>

<div>Hidden: Yes</div>

<div>Active: No</div>

<div> Volume ### Ltr Label Fs Type Size Status Info</div>

<div>* Volume 8 FAT Partition 62 MB Healthy Hidden </div>

<div>Partition 2</div>

<div>Hidden: No</div>

<div>Active: No</div>

<div> Volume ### Ltr Label Fs Type Size Status Info</div>

<div>* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy </div>

<div>Partition 3</div>

<div>Hidden: No</div>

<div>Active: Yes</div>

<div> Volume ### Ltr Label Fs Type Size Status Info</div>

<div>* Volume 2 C OS NTFS Partition 683 GB Healthy </div>

<div>Partitions of Disk 1:</div>

<div> Partition ### Type Size Offset</div>

<div> Partition 1 Primary 1966 MB 16 KB</div>

<div>Partition 1</div>

<div>Hidden: No</div>

<div>Active: Yes</div>

<div> Volume ### Ltr Label Fs Type Size Status Info</div>

<div>* Volume 3 F FAT Removable 1966 MB Healthy </div>

<div>============================== MBR Partition Table ==================</div>

<div>Partitions of Disk 0:</div>

<div>Partition 1:</div>

<div>Active: YES</div>

<div>ATTENTION ===> 0 byte partition bootkit on partition 1</div>

<div>Partition 2:</div>

<div>Active: NO</div>

<div>Partition 3:</div>

<div>Hex: 0008010807FEFFFF00F801000000E001</div>

<div>Active: NO</div>

<div>Partition 4:</div>

<div>Hex: 80FEFFFF07FEFFFF00F8E10100607255</div>

<div>Active: YES</div>

<div>Partitions of Disk 1:</div>

<div>Partition 1:</div>

<div>Active: YES</div>

Larusso · March 12, 2013

Hy there and thanks for posting the logfile.

I have to clarify something with the developer and will be back with the next set of instructions as soon as possible.

Larusso · March 12, 2013

Hy again.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt


Disk=0 partition=3 inactive
Disk=0 partition=3 active
Disk=0 partition=3 inactive
Disk=0 partition=3 active
TDL4: custom:26000022 <===== ATTENTION!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST by typing F:\frst64 and press the Fix button just once and wait.

Note: You might need to choose a different drive letter.

The tool will make a log on the flashdrive ( Fixlog.txt ) please post it to your reply.

Please try to boot your System in Normal Mode now and let me know how things going

pjgibbons · March 12, 2013

<p>Here's the fixlog.txt:</p>

<div>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2013 01</div>

<div>Ran by SYSTEM at 2013-03-12 09:55:36 Run:1</div>

<div>Running from F:\</div>

<div>The operation completed successfully.</div>

<div>==== End of Fixlog ====</div>

<div>I restarted into normal mode. It seemed to load a bit faster than it has in the last couple of days. Mbam notification window popped up that said "mbam blocked & quarantined a threat: c:\windows\svchost.exe trojan.agent"</div>

<div>When I displayed the quarantine, it showed 254 threats, most are copies of trojan.agent. Trojan.redirdll was also on there. Before I could get a copy of the list to send to you, the computer crashed.</div>

Larusso · March 12, 2013

hy there.

Please try the following steps in Normal Mode.

If either one or both wont work, please try in Safemode.

Download DDS and save it to your desktop from here.

Double click DDS to run the tool and press Start

Don't change any stettings without instruction

When done, DDS will save two (2) logs to your desktop:
1. DDS.txt
2. Attach.txt
[*].Please post them in your next reply

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

pjgibbons · March 12, 2013

Tried to run dds in normal mode, but it crashed before program loaded. Ran both dds & tdsskiller in safe mode, logs below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2

Run by Pam at 11:43:33 on 2013-03-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.5413 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\System32\WerFault.exe

C:\Windows\system32\ctfmon.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.yahoo.com/?u

uWindow Title = Internet Explorer provided by Dell

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uProxyServer = :0

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} -

TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll

EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe

uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: turbotax.com

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://xtier.d211.org/InternalSite/WhlCompMgr.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59}\2656C6B696E6E253637333 : DHCPNameServer = 192.168.2.1

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.dell4me.com/myway

x64-mDefault_Page_URL = hxxp://www.dell4me.com/myway

x64-mDefault_Search_URL = hxxp://www.google.com/ie

x64-mSearchAssistant = hxxp://www.google.com/ie

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - LocalServer32 - <no file>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]

S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSviA64.sys [2013-3-8 513184]

S1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-1-4 308296]

S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]

S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2009-1-4 191896]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-10 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-10 682344]

S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]

S2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-21 150928]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\Downloaded Program Files\DM.1\DMService.exe [2011-12-1 487312]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]

S3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2010-11-12 43456]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-10 24176]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-1-4 102472]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-1-4 40904]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-1-4 49480]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]

S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-4-15 23816]

S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\System32\drivers\tascusb2.sys [2012-2-19 419160]

S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2012-2-19 31576]

S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\System32\drivers\tscusb2a.sys [2012-2-19 53080]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2071-07-25 15:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-03-12 16:43:26 20480 ----a-w- C:\Windows\svchost.exe

2013-03-12 16:39:51 -------- d-----w- C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}

2013-03-12 15:00:52 -------- d-----w- C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}

2013-03-12 03:33:58 -------- d-----w- C:\FRST

2013-03-11 14:58:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-11 14:57:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-11 14:50:33 -------- d-----w- C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}

2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 11:16:21 -------- d-----w- C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}

2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec

2013-03-11 03:44:07 -------- d-----w- C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}

2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-11 03:25:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-11 03:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs

2013-03-11 02:45:09 -------- d-----w- C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}

2013-03-11 01:06:39 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A183.tmp

2013-03-11 01:06:39 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A172.tmp

2013-02-13 17:04:43 -------- d-----w- C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}

2013-02-13 09:04:07 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 09:04:07 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:07:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 02:07:50 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:07:49 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 02:07:38 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 02:07:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 02:07:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 02:07:35 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 02:07:35 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 02:07:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 02:07:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 02:07:32 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 02:07:32 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-03-11 14:57:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-27 04:43:00 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-27 04:43:00 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

.

============= FINISH: 11:51:52.38 ===============

will post tdsskiller log in another post - too long for this one

pjgibbons · March 12, 2013

<div>11:53:50.0045 0288 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42</div>

<div>11:53:50.0076 0288 Current date / time: 2013/03/12 11:53:50.0076</div>

<div>11:53:50.0076 0288 SystemInfo:</div>

<div>11:53:50.0076 0288 OS Version: 6.1.7601 ServicePack: 1.0</div>

<div>11:53:50.0076 0288 Product type: Workstation</div>

<div>11:53:50.0076 0288 ComputerName: MAIN-DELL</div>

<div>11:53:50.0076 0288 UserName: Pam</div>

<div>11:53:50.0076 0288 Windows directory: C:\Windows</div>

<div>11:53:50.0076 0288 System windows directory: C:\Windows</div>

<div>11:53:50.0076 0288 Running under WOW64</div>

<div>11:53:50.0076 0288 Processor architecture: Intel x64</div>

<div>11:53:50.0076 0288 Number of processors: 4</div>

<div>11:53:50.0388 0288 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</div>

<div>11:53:50.0388 0288 Drive \Device\Harddisk1\DR1 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'</div>

<div>11:53:50.0419 0288 \Device\Harddisk0\DR0:</div>

<div>11:53:50.0419 0288 MBR partitions:</div>

<div>11:53:50.0419 0288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000</div>

<div>11:53:50.0419 0288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x55726000</div>

<div>11:53:50.0419 0288 \Device\Harddisk1\DR1:</div>

<div>11:53:50.0419 0288 MBR partitions:</div>

<div>11:53:50.0419 0288 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0</div>

<div>11:53:50.0450 0288 C: <-> \Device\Harddisk0\DR0\Partition2</div>

<div>11:53:50.0482 0288 D: <-> \Device\Harddisk0\DR0\Partition1</div>

<div>11:53:50.0482 0288 Initialize success</div>

<div>11:54:06.0955 0484 Scan started</div>

<div>11:54:06.0955 0484 Mode: Manual; </div>

<div>11:54:07.0018 0484 ================ Scan system memory ========================</div>

<div>11:54:07.0018 0484 System memory - ok</div>

<div>11:54:07.0018 0484 ================ Scan services =============================</div>

<div>11:54:07.0189 0484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys</div>

<div>11:54:07.0252 0484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys</div>

<div>11:54:07.0298 0484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys</div>

<div>11:54:07.0298 0484 AcpiPmi - ok</div>

<div>11:54:07.0423 0484 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</div>

<div>11:54:07.0423 0484 AdobeARMservice - ok</div>

<div>11:54:07.0564 0484 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</div>

<div>11:54:07.0564 0484 AdobeFlashPlayerUpdateSvc - ok</div>

<div>11:54:07.0610 0484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys</div>

<div>11:54:07.0642 0484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys</div>

<div>11:54:07.0642 0484 adpahci - ok</div>

<div>11:54:07.0673 0484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys</div>

<div>11:54:07.0720 0484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll</div>

<div>11:54:07.0720 0484 AeLookupSvc - ok</div>

<div>11:54:07.0782 0484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys</div>

<div>11:54:07.0829 0484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys</div>

<div>11:54:07.0829 0484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe</div>

<div>11:54:07.0844 0484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys</div>

<div>11:54:07.0844 0484 aliide - ok</div>

<div>11:54:07.0907 0484 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe</div>

<div>11:54:07.0907 0484 AMD External Events Utility - ok</div>

<div>11:54:07.0922 0484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys</div>

<div>11:54:07.0922 0484 amdide - ok</div>

<div>11:54:07.0938 0484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys</div>

<div>11:54:08.0141 0484 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys</div>

<div>11:54:08.0250 0484 amdkmdag - ok</div>

<div>11:54:08.0281 0484 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys</div>

<div>11:54:08.0281 0484 amdkmdap - ok</div>

<div>11:54:08.0312 0484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys</div>

<div>11:54:08.0312 0484 AmdPPM - ok</div>

<div>11:54:08.0375 0484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys</div>

<div>11:54:08.0375 0484 amdsata - ok</div>

<div>11:54:08.0375 0484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys</div>

<div>11:54:08.0390 0484 amdsbs - ok</div>

<div>11:54:08.0406 0484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys</div>

<div>11:54:08.0406 0484 amdxata - ok</div>

<div>11:54:08.0453 0484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys</div>

<div>11:54:08.0453 0484 AppID - ok</div>

<div>11:54:08.0484 0484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll</div>

<div>11:54:08.0484 0484 AppIDSvc - ok</div>

<div>11:54:08.0531 0484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll</div>

<div>11:54:08.0531 0484 Appinfo - ok</div>

<div>11:54:08.0609 0484 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>11:54:08.0609 0484 Apple Mobile Device - ok</div>

<div>11:54:08.0624 0484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys</div>

<div>11:54:08.0640 0484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys</div>

<div>11:54:08.0640 0484 arcsas - ok</div>

<div>11:54:08.0780 0484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</div>

<div>11:54:08.0780 0484 aspnet_state - ok</div>

<div>11:54:08.0796 0484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys</div>

<div>11:54:08.0796 0484 AsyncMac - ok</div>

<div>11:54:08.0843 0484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys</div>

<div>11:54:08.0843 0484 atapi - ok</div>

<div>11:54:09.0014 0484 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys</div>

<div>11:54:09.0061 0484 atikmdag - ok</div>

<div>11:54:09.0108 0484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll</div>

<div>11:54:09.0124 0484 AudioEndpointBuilder - ok</div>

<div>11:54:09.0124 0484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll</div>

<div>11:54:09.0139 0484 AudioSrv - ok</div>

<div>11:54:09.0186 0484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll</div>

<div>11:54:09.0186 0484 AxInstSV - ok</div>

<div>11:54:09.0248 0484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys</div>

<div>11:54:09.0280 0484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys</div>

<div>11:54:09.0342 0484 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys</div>

<div>11:54:09.0420 0484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll</div>

<div>11:54:09.0420 0484 BDESVC - ok</div>

<div>11:54:09.0436 0484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys</div>

<div>11:54:09.0514 0484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll</div>

<div>11:54:09.0716 0484 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys</div>

<div>11:54:09.0732 0484 BHDrvx64 - ok</div>

<div>11:54:09.0779 0484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll</div>

<div>11:54:09.0826 0484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys</div>

<div>11:54:09.0826 0484 blbdrive - ok</div>

<div>11:54:09.0935 0484 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe</div>

<div>11:54:09.0950 0484 Bonjour Service - ok</div>

<div>11:54:09.0982 0484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys</div>

<div>11:54:09.0997 0484 bowser - ok</div>

<div>11:54:10.0013 0484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys</div>

<div>11:54:10.0013 0484 BrFiltLo - ok</div>

<div>11:54:10.0028 0484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys</div>

<div>11:54:10.0028 0484 BrFiltUp - ok</div>

<div>11:54:10.0060 0484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll</div>

<div>11:54:10.0060 0484 Browser - ok</div>

<div>11:54:10.0075 0484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys</div>

<div>11:54:10.0091 0484 Brserid - ok</div>

<div>11:54:10.0106 0484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys</div>

<div>11:54:10.0106 0484 BrSerWdm - ok</div>

<div>11:54:10.0122 0484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys</div>

<div>11:54:10.0122 0484 BrUsbMdm - ok</div>

<div>11:54:10.0138 0484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys</div>

<div>11:54:10.0138 0484 BrUsbSer - ok</div>

<div>11:54:10.0138 0484 BTCFilterService - ok</div>

<div>11:54:10.0169 0484 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys</div>

<div>11:54:10.0169 0484 BthEnum - ok</div>

<div>11:54:10.0184 0484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys</div>

<div>11:54:10.0184 0484 BTHMODEM - ok</div>

<div>11:54:10.0216 0484 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys</div>

<div>11:54:10.0216 0484 BthPan - ok</div>

<div>11:54:10.0278 0484 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys</div>

<div>11:54:10.0278 0484 BTHPORT - ok</div>

<div>11:54:10.0294 0484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll</div>

<div>11:54:10.0309 0484 bthserv - ok</div>

<div>11:54:10.0325 0484 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys</div>

<div>11:54:10.0325 0484 BTHUSB - ok</div>

<div>11:54:10.0372 0484 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys</div>

<div>11:54:10.0372 0484 btusbflt - ok</div>

<div>11:54:10.0387 0484 [ A44AD9AB3BF98A65EB58662E3C78EAE0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys</div>

<div>11:54:10.0387 0484 btwaudio - ok</div>

<div>11:54:10.0418 0484 [ A441D453821A6336F516F97F79BBFA17 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys</div>

<div>11:54:10.0418 0484 btwavdt - ok</div>

<div>11:54:10.0450 0484 [ B550C75397D96251A92391555FE5534C ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys</div>

<div>11:54:10.0450 0484 btwrchid - ok</div>

<div>11:54:10.0528 0484 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys</div>

<div>11:54:10.0543 0484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys</div>

<div>11:54:10.0590 0484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys</div>

<div>11:54:10.0606 0484 cdrom - ok</div>

<div>11:54:10.0637 0484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll</div>

<div>11:54:10.0637 0484 CertPropSvc - ok</div>

<div>11:54:10.0684 0484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys</div>

<div>11:54:10.0684 0484 circlass - ok</div>

<div>11:54:10.0715 0484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys</div>

<div>11:54:10.0793 0484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</div>

<div>11:54:10.0793 0484 clr_optimization_v2.0.50727_32 - ok</div>

<div>11:54:10.0855 0484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe</div>

<div>11:54:10.0855 0484 clr_optimization_v2.0.50727_64 - ok</div>

<div>11:54:10.0933 0484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</div>

<div>11:54:10.0933 0484 clr_optimization_v4.0.30319_32 - ok</div>

<div>11:54:10.0964 0484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</div>

<div>11:54:10.0964 0484 clr_optimization_v4.0.30319_64 - ok</div>

<div>11:54:10.0980 0484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys</div>

<div>11:54:10.0980 0484 CmBatt - ok</div>

<div>11:54:11.0027 0484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys</div>

<div>11:54:11.0027 0484 cmdide - ok</div>

<div>11:54:11.0058 0484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys</div>

<div>11:54:11.0089 0484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys</div>

<div>11:54:11.0089 0484 Compbatt - ok</div>

<div>11:54:11.0120 0484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys</div>

<div>11:54:11.0120 0484 CompositeBus - ok</div>

<div>11:54:11.0120 0484 COMSysApp - ok</div>

<div>11:54:11.0230 0484 [ E2CEC73B4D221B9FFE906748D1F5FC54 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe</div>

<div>11:54:11.0230 0484 CrashPlanService - ok</div>

<div>11:54:11.0245 0484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys</div>

<div>11:54:11.0245 0484 crcdisk - ok</div>

<div>11:54:11.0261 0484 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll</div>

<div>11:54:11.0261 0484 CryptSvc - ok</div>

<div>11:54:11.0308 0484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll</div>

<div>11:54:11.0323 0484 DcomLaunch - ok</div>

<div>11:54:11.0354 0484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll</div>

<div>11:54:11.0354 0484 defragsvc - ok</div>

<div>11:54:11.0401 0484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys</div>

<div>11:54:11.0432 0484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll</div>

<div>11:54:11.0479 0484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys</div>

<div>11:54:11.0479 0484 discache - ok</div>

<div>11:54:11.0510 0484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys</div>

<div>11:54:11.0588 0484 [ ADBFBACB97C73ED85A2B6DF89CAB57DB ] DLPWD C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE</div>

<div>11:54:11.0588 0484 DLPWD - ok</div>

<div>11:54:11.0635 0484 [ A411AB2E7CD15CC7AD9D8E19A6ADD7A7 ] DLSDB C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE</div>

<div>11:54:11.0635 0484 DLSDB - ok</div>

<div>11:54:11.0713 0484 [ 4E82A6C63AF27769D116EAB576E5357E ] DMService C:\Windows\Downloaded Program Files\DM.1\DMService.exe</div>

<div>11:54:11.0713 0484 DMService - ok</div>

<div>11:54:11.0760 0484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll</div>

<div>11:54:11.0760 0484 Dnscache - ok</div>

<div>11:54:11.0776 0484 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe</div>

<div>11:54:11.0776 0484 DockLoginService - ok</div>

<div>11:54:11.0822 0484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll</div>

<div>11:54:11.0838 0484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll</div>

<div>11:54:11.0900 0484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys</div>

<div>11:54:11.0900 0484 drmkaud - ok</div>

<div>11:54:11.0947 0484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys</div>

<div>11:54:11.0963 0484 DXGKrnl - ok</div>

<div>11:54:11.0994 0484 [ 099E01A94167CA8BDA2CF72037AD0E28 ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys</div>

<div>11:54:11.0994 0484 e1express - ok</div>

<div>11:54:12.0041 0484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll</div>

<div>11:54:12.0041 0484 EapHost - ok</div>

<div>11:54:12.0103 0484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys</div>

<div>11:54:12.0134 0484 ebdrv - ok</div>

<div>11:54:12.0212 0484 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys</div>

<div>11:54:12.0212 0484 eeCtrl - ok</div>

<div>11:54:12.0259 0484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe</div>

<div>11:54:12.0275 0484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe</div>

<div>11:54:12.0290 0484 ehRecvr - ok</div>

<div>11:54:12.0322 0484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe</div>

<div>11:54:12.0322 0484 ehSched - ok</div>

<div>11:54:12.0384 0484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys</div>

<div>11:54:12.0384 0484 elxstor - ok</div>

<div>11:54:12.0446 0484 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys</div>

<div>11:54:12.0446 0484 EraserUtilRebootDrv - ok</div>

<div>11:54:12.0446 0484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys</div>

<div>11:54:12.0446 0484 ErrDev - ok</div>

<div>11:54:12.0478 0484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll</div>

<div>11:54:12.0493 0484 EventSystem - ok</div>

<div>11:54:12.0509 0484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys</div>

<div>11:54:12.0509 0484 exfat - ok</div>

<div>11:54:12.0524 0484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys</div>

<div>11:54:12.0540 0484 fastfat - ok</div>

<div>11:54:12.0587 0484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe</div>

<div>11:54:12.0602 0484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys</div>

<div>11:54:12.0649 0484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll</div>

<div>11:54:12.0649 0484 fdPHost - ok</div>

<div>11:54:12.0649 0484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll</div>

<div>11:54:12.0649 0484 FDResPub - ok</div>

<div>11:54:12.0665 0484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys</div>

<div>11:54:12.0665 0484 FileInfo - ok</div>

<div>11:54:12.0680 0484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys</div>

<div>11:54:12.0680 0484 Filetrace - ok</div>

<div>11:54:12.0696 0484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys</div>

<div>11:54:12.0696 0484 flpydisk - ok</div>

<div>11:54:12.0712 0484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys</div>

<div>11:54:12.0712 0484 FltMgr - ok</div>

<div>11:54:12.0743 0484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll</div>

<div>11:54:12.0758 0484 FontCache - ok</div>

<div>11:54:12.0821 0484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe</div>

<div>11:54:12.0821 0484 FontCache3.0.0.0 - ok</div>

<div>11:54:12.0836 0484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys</div>

<div>11:54:12.0836 0484 FsDepends - ok</div>

<div>11:54:12.0852 0484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys</div>

<div>11:54:12.0883 0484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys</div>

<div>11:54:12.0883 0484 fvevol - ok</div>

<div>11:54:12.0930 0484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys</div>

<div>11:54:12.0946 0484 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys</div>

<div>11:54:12.0946 0484 GEARAspiWDM - ok</div>

<div>11:54:12.0977 0484 getPlusHelper - ok</div>

<div>11:54:13.0008 0484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll</div>

<div>11:54:13.0008 0484 gpsvc - ok</div>

<div>11:54:13.0102 0484 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div>

<div>11:54:13.0102 0484 gupdate - ok</div>

<div>11:54:13.0117 0484 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</div>

<div>11:54:13.0117 0484 gupdatem - ok</div>

<div>11:54:13.0148 0484 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe</div>

<div>11:54:13.0148 0484 gusvc - ok</div>

<div>11:54:13.0164 0484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys</div>

<div>11:54:13.0211 0484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys</div>

<div>11:54:13.0211 0484 HdAudAddService - ok</div>

<div>11:54:13.0273 0484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys</div>

<div>11:54:13.0273 0484 HDAudBus - ok</div>

<div>11:54:13.0289 0484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys</div>

<div>11:54:13.0289 0484 HidBatt - ok</div>

<div>11:54:13.0304 0484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys</div>

<div>11:54:13.0304 0484 HidBth - ok</div>

<div>11:54:13.0320 0484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys</div>

<div>11:54:13.0320 0484 HidIr - ok</div>

<div>11:54:13.0351 0484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll</div>

<div>11:54:13.0351 0484 hidserv - ok</div>

<div>11:54:13.0382 0484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys</div>

<div>11:54:13.0382 0484 HidUsb - ok</div>

<div>11:54:13.0414 0484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll</div>

<div>11:54:13.0414 0484 hkmsvc - ok</div>

<div>11:54:13.0460 0484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll</div>

<div>11:54:13.0460 0484 HomeGroupListener - ok</div>

<div>11:54:13.0492 0484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll</div>

<div>11:54:13.0507 0484 HomeGroupProvider - ok</div>

<div>11:54:13.0523 0484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys</div>

<div>11:54:13.0523 0484 HpSAMD - ok</div>

<div>11:54:13.0554 0484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys</div>

<div>11:54:13.0601 0484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys</div>

<div>11:54:13.0601 0484 hwpolicy - ok</div>

<div>11:54:13.0648 0484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys</div>

<div>11:54:13.0710 0484 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe</div>

<div>11:54:13.0710 0484 IAANTMON - ok</div>

<div>11:54:13.0757 0484 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys</div>

<div>11:54:13.0757 0484 iaStor - ok</div>

<div>11:54:13.0788 0484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys</div>

<div>11:54:13.0804 0484 iaStorV - ok</div>

<div>11:54:13.0850 0484 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</div>

<div>11:54:13.0850 0484 IDriverT - ok</div>

<div>11:54:13.0882 0484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe</div>

<div>11:54:13.0897 0484 idsvc - ok</div>

<div>11:54:13.0991 0484 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys</div>

<div>11:54:14.0006 0484 IDSVia64 - ok</div>

<div>11:54:14.0038 0484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys</div>

<div>11:54:14.0038 0484 iirsp - ok</div>

<div>11:54:14.0084 0484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll</div>

<div>11:54:14.0100 0484 IKEEXT - ok</div>

<div>11:54:14.0116 0484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys</div>

<div>11:54:14.0116 0484 intelide - ok</div>

<div>11:54:14.0131 0484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys</div>

<div>11:54:14.0131 0484 intelppm - ok</div>

<div>11:54:14.0194 0484 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe</div>

<div>11:54:14.0194 0484 IntuitUpdateService - ok</div>

<div>11:54:14.0240 0484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll</div>

<div>11:54:14.0240 0484 IPBusEnum - ok</div>

<div>11:54:14.0287 0484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys</div>

<div>11:54:14.0287 0484 IpFilterDriver - ok</div>

<div>11:54:14.0318 0484 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll</div>

<div>11:54:14.0334 0484 iphlpsvc - ok</div>

<div>11:54:14.0365 0484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys</div>

<div>11:54:14.0365 0484 IPMIDRV - ok</div>

<div>11:54:14.0381 0484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys</div>

<div>11:54:14.0381 0484 IPNAT - ok</div>

<div>11:54:14.0443 0484 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe</div>

<div>11:54:14.0459 0484 iPod Service - ok</div>

<div>11:54:14.0474 0484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys</div>

<div>11:54:14.0474 0484 IRENUM - ok</div>

<div>11:54:14.0474 0484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys</div>

<div>11:54:14.0490 0484 isapnp - ok</div>

<div>11:54:14.0521 0484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys</div>

<div>11:54:14.0537 0484 iScsiPrt - ok</div>

<div>11:54:14.0552 0484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys</div>

<div>11:54:14.0552 0484 kbdclass - ok</div>

<div>11:54:14.0568 0484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys</div>

<div>11:54:14.0568 0484 kbdhid - ok</div>

<div>11:54:14.0584 0484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe</div>

<div>11:54:14.0584 0484 KeyIso - ok</div>

<div>11:54:14.0615 0484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys</div>

<div>11:54:14.0615 0484 KSecDD - ok</div>

<div>11:54:14.0646 0484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys</div>

<div>11:54:14.0646 0484 KSecPkg - ok</div>

<div>11:54:14.0677 0484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys</div>

<div>11:54:14.0677 0484 ksthunk - ok</div>

<div>11:54:14.0708 0484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll</div>

<div>11:54:14.0724 0484 KtmRm - ok</div>

<div>11:54:14.0740 0484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll</div>

<div>11:54:14.0740 0484 LanmanServer - ok</div>

<div>11:54:14.0786 0484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll</div>

<div>11:54:14.0786 0484 LanmanWorkstation - ok</div>

<div>11:54:14.0818 0484 Lavasoft Kernexplorer - ok</div>

<div>11:54:14.0864 0484 [ 285954C6C6EF43B78AB84034750FAC6A ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys</div>

<div>11:54:14.0864 0484 libusb0 - ok</div>

<div>11:54:14.0896 0484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys</div>

<div>11:54:14.0896 0484 lltdio - ok</div>

<div>11:54:14.0927 0484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll</div>

<div>11:54:14.0927 0484 lltdsvc - ok</div>

<div>11:54:14.0942 0484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll</div>

<div>11:54:14.0942 0484 lmhosts - ok</div>

<div>11:54:14.0974 0484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys</div>

<div>11:54:14.0989 0484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys</div>

<div>11:54:15.0005 0484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys</div>

<div>11:54:15.0005 0484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys</div>

<div>11:54:15.0036 0484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys</div>

<div>11:54:15.0036 0484 luafv - ok</div>

<div>11:54:15.0083 0484 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys</div>

<div>11:54:15.0083 0484 MBAMProtector - ok</div>

<div>11:54:15.0145 0484 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>

<div>11:54:15.0145 0484 MBAMScheduler - ok</div>

<div>11:54:15.0192 0484 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>11:54:15.0208 0484 MBAMService - ok</div>

<div>11:54:15.0239 0484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll</div>

<div>11:54:15.0286 0484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys</div>

<div>11:54:15.0286 0484 megasas - ok</div>

<div>11:54:15.0301 0484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys</div>

<div>11:54:15.0301 0484 MegaSR - ok</div>

<div>11:54:15.0332 0484 [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys</div>

<div>11:54:15.0332 0484 mfeavfk - ok</div>

<div>11:54:15.0348 0484 [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys</div>

<div>11:54:15.0348 0484 mfehidk - ok</div>

<div>11:54:15.0379 0484 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys</div>

<div>11:54:15.0379 0484 mferkdk - ok</div>

<div>11:54:15.0410 0484 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys</div>

<div>11:54:15.0410 0484 mfesmfk - ok</div>

<div>11:54:15.0442 0484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll</div>

<div>11:54:15.0442 0484 MMCSS - ok</div>

<div>11:54:15.0457 0484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys</div>

<div>11:54:15.0457 0484 Modem - ok</div>

<div>11:54:15.0504 0484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys</div>

<div>11:54:15.0504 0484 monitor - ok</div>

<div>11:54:15.0504 0484 motccgp - ok</div>

<div>11:54:15.0520 0484 motccgpfl - ok</div>

<div>11:54:15.0520 0484 MotoSwitchService - ok</div>

<div>11:54:15.0535 0484 Motousbnet - ok</div>

<div>11:54:15.0551 0484 motusbdevice - ok</div>

<div>11:54:15.0582 0484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys</div>

<div>11:54:15.0582 0484 mouclass - ok</div>

<div>11:54:15.0598 0484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys</div>

<div>11:54:15.0598 0484 mouhid - ok</div>

<div>11:54:15.0629 0484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys</div>

<div>11:54:15.0629 0484 mountmgr - ok</div>

<div>11:54:15.0644 0484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys</div>

<div>11:54:15.0660 0484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys</div>

<div>11:54:15.0660 0484 mpsdrv - ok</div>

<div>11:54:15.0707 0484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll</div>

<div>11:54:15.0707 0484 MpsSvc - ok</div>

<div>11:54:15.0754 0484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys</div>

<div>11:54:15.0754 0484 MRxDAV - ok</div>

<div>11:54:15.0816 0484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys</div>

<div>11:54:15.0816 0484 mrxsmb - ok</div>

<div>11:54:15.0847 0484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys</div>

<div>11:54:15.0847 0484 mrxsmb10 - ok</div>

<div>11:54:15.0863 0484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys</div>

<div>11:54:15.0863 0484 mrxsmb20 - ok</div>

<div>11:54:15.0878 0484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys</div>

<div>11:54:15.0878 0484 msahci - ok</div>

<div>11:54:15.0894 0484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys</div>

<div>11:54:15.0910 0484 msdsm - ok</div>

<div>11:54:15.0910 0484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe</div>

<div>11:54:15.0910 0484 MSDTC - ok</div>

<div>11:54:15.0956 0484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys</div>

<div>11:54:15.0972 0484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys</div>

<div>11:54:15.0972 0484 mshidkmdf - ok</div>

<div>11:54:15.0972 0484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys</div>

<div>11:54:15.0972 0484 msisadrv - ok</div>

<div>11:54:16.0019 0484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll</div>

<div>11:54:16.0019 0484 MSiSCSI - ok</div>

<div>11:54:16.0019 0484 msiserver - ok</div>

<div>11:54:16.0050 0484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys</div>

<div>11:54:16.0050 0484 MSKSSRV - ok</div>

<div>11:54:16.0066 0484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys</div>

<div>11:54:16.0066 0484 MSPCLOCK - ok</div>

<div>11:54:16.0081 0484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys</div>

<div>11:54:16.0081 0484 MSPQM - ok</div>

<div>11:54:16.0128 0484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys</div>

<div>11:54:16.0128 0484 MsRPC - ok</div>

<div>11:54:16.0128 0484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys</div>

<div>11:54:16.0128 0484 mssmbios - ok</div>

<div>11:54:16.0237 0484 MSSQL$SQLEXPRESS - ok</div>

<div>11:54:16.0315 0484 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE</div>

<div>11:54:16.0315 0484 MSSQLServerADHelper100 - ok</div>

<div>11:54:16.0331 0484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys</div>

<div>11:54:16.0331 0484 MSTEE - ok</div>

<div>11:54:16.0346 0484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys</div>

<div>11:54:16.0346 0484 MTConfig - ok</div>

<div>11:54:16.0362 0484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys</div>

<div>11:54:16.0424 0484 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe</div>

<div>11:54:16.0471 0484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll</div>

<div>11:54:16.0471 0484 napagent - ok</div>

<div>11:54:16.0518 0484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys</div>

<div>11:54:16.0518 0484 NativeWifiP - ok</div>

<div>11:54:16.0627 0484 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS</div>

<div>11:54:16.0627 0484 NAVENG - ok</div>

<div>11:54:16.0690 0484 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS</div>

<div>11:54:16.0721 0484 NAVEX15 - ok</div>

<div>11:54:16.0768 0484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys</div>

<div>11:54:16.0799 0484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys</div>

<div>11:54:16.0799 0484 NdisCap - ok</div>

<div>11:54:16.0814 0484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys</div>

<div>11:54:16.0814 0484 NdisTapi - ok</div>

<div>11:54:16.0830 0484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys</div>

<div>11:54:16.0830 0484 Ndisuio - ok</div>

<div>11:54:16.0861 0484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys</div>

<div>11:54:16.0861 0484 NdisWan - ok</div>

<div>11:54:16.0908 0484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys</div>

<div>11:54:16.0908 0484 NDProxy - ok</div>

<div>11:54:16.0939 0484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys</div>

<div>11:54:16.0939 0484 NetBIOS - ok</div>

<div>11:54:16.0955 0484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys</div>

<div>11:54:16.0955 0484 NetBT - ok</div>

<div>11:54:16.0970 0484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe</div>

<div>11:54:16.0970 0484 Netlogon - ok</div>

<div>11:54:17.0017 0484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll</div>

<div>11:54:17.0033 0484 Netman - ok</div>

<div>11:54:17.0080 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0080 0484 NetMsmqActivator - ok</div>

<div>11:54:17.0080 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0080 0484 NetPipeActivator - ok</div>

<div>11:54:17.0095 0484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll</div>

<div>11:54:17.0111 0484 netprofm - ok</div>

<div>11:54:17.0111 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0111 0484 NetTcpActivator - ok</div>

<div>11:54:17.0111 0484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</div>

<div>11:54:17.0111 0484 NetTcpPortSharing - ok</div>

<div>11:54:17.0158 0484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys</div>

<div>11:54:17.0173 0484 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll</div>

<div>11:54:17.0173 0484 NlaSvc - ok</div>

<div>11:54:17.0204 0484 nosGetPlusHelper - ok</div>

<div>11:54:17.0220 0484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys</div>

<div>11:54:17.0236 0484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll</div>

<div>11:54:17.0251 0484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys</div>

<div>11:54:17.0251 0484 nsiproxy - ok</div>

<div>11:54:17.0329 0484 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys</div>

<div>11:54:17.0360 0484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys</div>

<div>11:54:17.0407 0484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys</div>

<div>11:54:17.0423 0484 nvraid - ok</div>

<div>11:54:17.0438 0484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys</div>

<div>11:54:17.0438 0484 nvstor - ok</div>

<div>11:54:17.0470 0484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys</div>

<div>11:54:17.0548 0484 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE</div>

<div>11:54:17.0563 0484 odserv - ok</div>

<div>11:54:17.0579 0484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys</div>

<div>11:54:17.0626 0484 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE</div>

<div>11:54:17.0766 0484 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</div>

<div>11:54:17.0813 0484 osppsvc - ok</div>

<div>11:54:17.0860 0484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll</div>

<div>11:54:17.0860 0484 p2pimsvc - ok</div>

<div>11:54:17.0875 0484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll</div>

<div>11:54:17.0922 0484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys</div>

<div>11:54:17.0922 0484 Parport - ok</div>

<div>11:54:17.0969 0484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys</div>

<div>11:54:17.0969 0484 partmgr - ok</div>

<div>11:54:17.0984 0484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll</div>

<div>11:54:17.0984 0484 PcaSvc - ok</div>

<div>11:54:18.0016 0484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys</div>

<div>11:54:18.0031 0484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys</div>

<div>11:54:18.0031 0484 pciide - ok</div>

<div>11:54:18.0062 0484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys</div>

<div>11:54:18.0062 0484 pcmcia - ok</div>

<div>11:54:18.0078 0484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys</div>

<div>11:54:18.0109 0484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys</div>

<div>11:54:18.0109 0484 PEAUTH - ok</div>

<div>11:54:18.0187 0484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe</div>

<div>11:54:18.0187 0484 PerfHost - ok</div>

<div>11:54:18.0250 0484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll</div>

<div>11:54:18.0328 0484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll</div>

<div>11:54:18.0328 0484 PlugPlay - ok</div>

<div>11:54:18.0343 0484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll</div>

<div>11:54:18.0343 0484 PNRPAutoReg - ok</div>

<div>11:54:18.0499 0484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll</div>

<div>11:54:18.0515 0484 PNRPsvc - ok</div>

<div>11:54:18.0530 0484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll</div>

<div>11:54:18.0530 0484 PolicyAgent - ok</div>

<div>11:54:18.0577 0484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll</div>

<div>11:54:18.0577 0484 Power - ok</div>

<div>11:54:18.0624 0484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys</div>

<div>11:54:18.0624 0484 PptpMiniport - ok</div>

<div>11:54:18.0640 0484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys</div>

<div>11:54:18.0640 0484 Processor - ok</div>

<div>11:54:18.0686 0484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll</div>

<div>11:54:18.0686 0484 ProfSvc - ok</div>

<div>11:54:18.0702 0484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe</div>

<div>11:54:18.0702 0484 ProtectedStorage - ok</div>

<div>11:54:18.0749 0484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys</div>

<div>11:54:18.0749 0484 Psched - ok</div>

<div>11:54:18.0780 0484 [ 5F6085E17866C1BF098C42D30A894DED ] psdrv3 C:\Windows\system32\Drivers\psdrv3.sys</div>

<div>11:54:18.0780 0484 psdrv3 - ok</div>

<div>11:54:18.0827 0484 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe</div>

<div>11:54:18.0827 0484 QBCFMonitorService - ok</div>

<div>11:54:18.0858 0484 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe</div>

<div>11:54:18.0874 0484 QBFCService - ok</div>

<div>11:54:18.0920 0484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys</div>

<div>11:54:18.0967 0484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys</div>

<div>11:54:19.0030 0484 QuickBooksDB18 - ok</div>

<div>11:54:19.0045 0484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll</div>

<div>11:54:19.0061 0484 QWAVE - ok</div>

<div>11:54:19.0076 0484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys</div>

<div>11:54:19.0076 0484 QWAVEdrv - ok</div>

<div>11:54:19.0076 0484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys</div>

<div>11:54:19.0076 0484 RasAcd - ok</div>

<div>11:54:19.0092 0484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys</div>

<div>11:54:19.0092 0484 RasAgileVpn - ok</div>

<div>11:54:19.0108 0484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll</div>

<div>11:54:19.0108 0484 RasAuto - ok</div>

<div>11:54:19.0139 0484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys</div>

<div>11:54:19.0170 0484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll</div>

<div>11:54:19.0170 0484 RasMan - ok</div>

<div>11:54:19.0201 0484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys</div>

<div>11:54:19.0201 0484 RasPppoe - ok</div>

<div>11:54:19.0217 0484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys</div>

<div>11:54:19.0217 0484 RasSstp - ok</div>

<div>11:54:19.0264 0484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys</div>

<div>11:54:19.0264 0484 rdbss - ok</div>

<div>11:54:19.0279 0484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys</div>

<div>11:54:19.0279 0484 rdpbus - ok</div>

<div>11:54:19.0279 0484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys</div>

<div>11:54:19.0279 0484 RDPCDD - ok</div>

<div>11:54:19.0310 0484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys</div>

<div>11:54:19.0310 0484 RDPENCDD - ok</div>

<div>11:54:19.0310 0484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys</div>

<div>11:54:19.0310 0484 RDPREFMP - ok</div>

<div>11:54:19.0357 0484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys</div>

<div>11:54:19.0357 0484 RDPWD - ok</div>

<div>11:54:19.0388 0484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys</div>

<div>11:54:19.0404 0484 rdyboost - ok</div>

<div>11:54:19.0435 0484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll</div>

<div>11:54:19.0435 0484 RemoteAccess - ok</div>

<div>11:54:19.0451 0484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll</div>

<div>11:54:19.0451 0484 RemoteRegistry - ok</div>

<div>11:54:19.0498 0484 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys</div>

<div>11:54:19.0513 0484 RFCOMM - ok</div>

<div>11:54:19.0544 0484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll</div>

<div>11:54:19.0544 0484 RpcEptMapper - ok</div>

<div>11:54:19.0560 0484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe</div>

<div>11:54:19.0560 0484 RpcLocator - ok</div>

<div>11:54:19.0607 0484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll</div>

<div>11:54:19.0607 0484 RpcSs - ok</div>

<div>11:54:19.0638 0484 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys</div>

<div>11:54:19.0685 0484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys</div>

<div>11:54:19.0685 0484 rspndr - ok</div>

<div>11:54:19.0700 0484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe</div>

<div>11:54:19.0700 0484 SamSs - ok</div>

<div>11:54:19.0732 0484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys</div>

<div>11:54:19.0747 0484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll</div>

<div>11:54:19.0747 0484 SCardSvr - ok</div>

<div>11:54:19.0778 0484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys</div>

<div>11:54:19.0778 0484 scfilter - ok</div>

<div>11:54:19.0825 0484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll</div>

<div>11:54:19.0841 0484 Schedule - ok</div>

<div>11:54:19.0888 0484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll</div>

<div>11:54:19.0888 0484 SCPolicySvc - ok</div>

<div>11:54:19.0919 0484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll</div>

<div>11:54:19.0919 0484 SDRSVC - ok</div>

<div>11:54:19.0934 0484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys</div>

<div>11:54:19.0934 0484 secdrv - ok</div>

<div>11:54:19.0950 0484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll</div>

<div>11:54:19.0950 0484 seclogon - ok</div>

<div>11:54:19.0966 0484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll</div>

<div>11:54:19.0997 0484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll</div>

<div>11:54:19.0997 0484 SensrSvc - ok</div>

<div>11:54:20.0012 0484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys</div>

<div>11:54:20.0012 0484 Serenum - ok</div>

<div>11:54:20.0044 0484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys</div>

<div>11:54:20.0044 0484 Serial - ok</div>

<div>11:54:20.0059 0484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys</div>

<div>11:54:20.0059 0484 sermouse - ok</div>

<div>11:54:20.0106 0484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll</div>

<div>11:54:20.0106 0484 SessionEnv - ok</div>

<div>11:54:20.0106 0484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys</div>

<div>11:54:20.0106 0484 sffdisk - ok</div>

<div>11:54:20.0122 0484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys</div>

<div>11:54:20.0137 0484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys</div>

<div>11:54:20.0153 0484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys</div>

<div>11:54:20.0153 0484 sfloppy - ok</div>

<div>11:54:20.0200 0484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll</div>

<div>11:54:20.0215 0484 SharedAccess - ok</div>

<div>11:54:20.0231 0484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll</div>

<div>11:54:20.0231 0484 ShellHWDetection - ok</div>

<div>11:54:20.0246 0484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys</div>

<div>11:54:20.0246 0484 SiSRaid2 - ok</div>

<div>11:54:20.0262 0484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys</div>

<div>11:54:20.0262 0484 SiSRaid4 - ok</div>

<div>11:54:20.0340 0484 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe</div>

<div>11:54:20.0340 0484 SkypeUpdate - ok</div>

<div>11:54:20.0387 0484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys</div>

<div>11:54:20.0418 0484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe</div>

<div>11:54:20.0418 0484 SNMPTRAP - ok</div>

<div>11:54:20.0434 0484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys</div>

<div>11:54:20.0434 0484 spldr - ok</div>

<div>11:54:20.0480 0484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe</div>

<div>11:54:20.0480 0484 Spooler - ok</div>

<div>11:54:20.0574 0484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe</div>

<div>11:54:20.0605 0484 sppsvc - ok</div>

<div>11:54:20.0621 0484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll</div>

<div>11:54:20.0621 0484 sppuinotify - ok</div>

<div>11:54:20.0746 0484 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE</div>

<div>11:54:20.0761 0484 SQLAgent$SQLEXPRESS - ok</div>

<div>11:54:20.0808 0484 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe</div>

<div>11:54:20.0808 0484 SQLBrowser - ok</div>

<div>11:54:20.0870 0484 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</div>

<div>11:54:20.0870 0484 SQLWriter - ok</div>

<div>11:54:20.0948 0484 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS</div>

<div>11:54:20.0948 0484 SRTSP - ok</div>

<div>11:54:20.0964 0484 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS</div>

<div>11:54:20.0964 0484 SRTSPX - ok</div>

<div>11:54:21.0011 0484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys</div>

<div>11:54:21.0042 0484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys</div>

<div>11:54:21.0058 0484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys</div>

<div>11:54:21.0058 0484 srvnet - ok</div>

<div>11:54:21.0120 0484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll</div>

<div>11:54:21.0120 0484 SSDPSRV - ok</div>

<div>11:54:21.0120 0484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll</div>

<div>11:54:21.0120 0484 SstpSvc - ok</div>

<div>11:54:21.0167 0484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys</div>

<div>11:54:21.0167 0484 stexstor - ok</div>

<div>11:54:21.0214 0484 [ 6299F206F17E34EAD0EF63DAD8CD4272 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys</div>

<div>11:54:21.0229 0484 STHDA - ok</div>

<div>11:54:21.0276 0484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll</div>

<div>11:54:21.0276 0484 stisvc - ok</div>

<div>11:54:21.0292 0484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys</div>

<div>11:54:21.0292 0484 swenum - ok</div>

<div>11:54:21.0323 0484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll</div>

<div>11:54:21.0338 0484 swprv - ok</div>

<div>11:54:21.0338 0484 sxuptp - ok</div>

<div>11:54:21.0354 0484 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS</div>

<div>11:54:21.0354 0484 SymDS - ok</div>

<div>11:54:21.0416 0484 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS</div>

<div>11:54:21.0416 0484 SymEFA - ok</div>

<div>11:54:21.0432 0484 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS</div>

<div>11:54:21.0448 0484 SymEvent - ok</div>

<div>11:54:21.0479 0484 [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys</div>

<div>11:54:21.0479 0484 SymIM - ok</div>

<div>11:54:21.0510 0484 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS</div>

<div>11:54:21.0510 0484 SymIRON - ok</div>

<div>11:54:21.0541 0484 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS</div>

<div>11:54:21.0557 0484 SYMTDIv - ok</div>

<div>11:54:21.0635 0484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll</div>

<div>11:54:21.0650 0484 SysMain - ok</div>

<div>11:54:21.0682 0484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll</div>

<div>11:54:21.0682 0484 TabletInputService - ok</div>

<div>11:54:21.0728 0484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll</div>

<div>11:54:21.0728 0484 TapiSrv - ok</div>

<div>11:54:21.0775 0484 [ 79E084FCCFEF637580A06F3DC36C1A6C ] TASCAM_US122144 C:\Windows\system32\Drivers\tascusb2.sys</div>

<div>11:54:21.0791 0484 TASCAM_US122144 - ok</div>

<div>11:54:21.0822 0484 [ DE0AE9891AA5D08A9EC92C326D8000F9 ] TASCAM_US122L_MK2_MIDI C:\Windows\system32\drivers\tscusb2m.sys</div>

<div>11:54:21.0822 0484 TASCAM_US122L_MK2_MIDI - ok</div>

<div>11:54:21.0838 0484 [ BC94143174B92C181AE6135750DAEA7D ] TASCAM_US122L_MK2_WDM C:\Windows\system32\drivers\tscusb2a.sys</div>

<div>11:54:21.0838 0484 TASCAM_US122L_MK2_WDM - ok</div>

<div>11:54:21.0869 0484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll</div>

<div>11:54:21.0947 0484 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys</div>

<div>11:54:21.0962 0484 Tcpip - ok</div>

<div>11:54:21.0994 0484 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys</div>

<div>11:54:22.0009 0484 TCPIP6 - ok</div>

<div>11:54:22.0040 0484 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys</div>

<div>11:54:22.0040 0484 tcpipreg - ok</div>

<div>11:54:22.0087 0484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys</div>

<div>11:54:22.0087 0484 TDPIPE - ok</div>

<div>11:54:22.0118 0484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys</div>

<div>11:54:22.0118 0484 TDTCP - ok</div>

<div>11:54:22.0165 0484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys</div>

<div>11:54:22.0212 0484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys</div>

<div>11:54:22.0212 0484 TermDD - ok</div>

<div>11:54:22.0243 0484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll</div>

<div>11:54:22.0259 0484 TermService - ok</div>

<div>11:54:22.0259 0484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll</div>

<div>11:54:22.0274 0484 Themes - ok</div>

<div>11:54:22.0306 0484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll</div>

<div>11:54:22.0306 0484 THREADORDER - ok</div>

<div>11:54:22.0321 0484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll</div>

<div>11:54:22.0321 0484 TrkWks - ok</div>

<div>11:54:22.0399 0484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe</div>

<div>11:54:22.0399 0484 TrustedInstaller - ok</div>

<div>11:54:22.0430 0484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys</div>

<div>11:54:22.0446 0484 tssecsrv - ok</div>

<div>11:54:22.0477 0484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys</div>

<div>11:54:22.0493 0484 TsUsbFlt - ok</div>

<div>11:54:22.0540 0484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys</div>

<div>11:54:22.0540 0484 tunnel - ok</div>

<div>11:54:22.0555 0484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys</div>

<div>11:54:22.0633 0484 [ E212CD75C7558450C0890710F892084C ] uagqecsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe</div>

<div>11:54:22.0633 0484 uagqecsvc - ok</div>

<div>11:54:22.0680 0484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys</div>

<div>11:54:22.0711 0484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe</div>

<div>11:54:22.0711 0484 UI0Detect - ok</div>

<div>11:54:22.0727 0484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys</div>

<div>11:54:22.0727 0484 uliagpkx - ok</div>

<div>11:54:22.0758 0484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys</div>

<div>11:54:22.0758 0484 umbus - ok</div>

<div>11:54:22.0789 0484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys</div>

<div>11:54:22.0789 0484 UmPass - ok</div>

<div>11:54:22.0805 0484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll</div>

<div>11:54:22.0820 0484 upnphost - ok</div>

<div>11:54:22.0852 0484 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys</div>

<div>11:54:22.0852 0484 USBAAPL64 - ok</div>

<div>11:54:22.0898 0484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys</div>

<div>11:54:22.0898 0484 usbccgp - ok</div>

<div>11:54:22.0945 0484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys</div>

<div>11:54:22.0945 0484 usbcir - ok</div>

<div>11:54:22.0976 0484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys</div>

<div>11:54:22.0976 0484 usbehci - ok</div>

<div>11:54:23.0008 0484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys</div>

<div>11:54:23.0008 0484 usbhub - ok</div>

<div>11:54:23.0023 0484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys</div>

<div>11:54:23.0023 0484 usbohci - ok</div>

<div>11:54:23.0054 0484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys</div>

<div>11:54:23.0054 0484 usbprint - ok</div>

<div>11:54:23.0086 0484 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys</div>

<div>11:54:23.0086 0484 usbscan - ok</div>

<div>11:54:23.0132 0484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS</div>

<div>11:54:23.0132 0484 USBSTOR - ok</div>

<div>11:54:23.0148 0484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys</div>

<div>11:54:23.0148 0484 usbuhci - ok</div>

<div>11:54:23.0179 0484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll</div>

<div>11:54:23.0179 0484 UxSms - ok</div>

<div>11:54:23.0195 0484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe</div>

<div>11:54:23.0195 0484 VaultSvc - ok</div>

<div>11:54:23.0226 0484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys</div>

<div>11:54:23.0242 0484 vdrvroot - ok</div>

<div>11:54:23.0242 0484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe</div>

<div>11:54:23.0273 0484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys</div>

<div>11:54:23.0273 0484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys</div>

<div>11:54:23.0273 0484 VgaSave - ok</div>

<div>11:54:23.0304 0484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys</div>

<div>11:54:23.0304 0484 vhdmp - ok</div>

<div>11:54:23.0335 0484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys</div>

<div>11:54:23.0335 0484 viaide - ok</div>

<div>11:54:23.0366 0484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys</div>

<div>11:54:23.0366 0484 volmgr - ok</div>

<div>11:54:23.0398 0484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys</div>

<div>11:54:23.0398 0484 volmgrx - ok</div>

<div>11:54:23.0429 0484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys</div>

<div>11:54:23.0429 0484 volsnap - ok</div>

<div>11:54:23.0476 0484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys</div>

<div>11:54:23.0476 0484 vsmraid - ok</div>

<div>11:54:23.0616 0484 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys</div>

<div>11:54:23.0616 0484 VSPerfDrv100 - ok</div>

<div>11:54:23.0694 0484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe</div>

<div>11:54:23.0741 0484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys</div>

<div>11:54:23.0741 0484 vwifibus - ok</div>

<div>11:54:23.0756 0484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys</div>

<div>11:54:23.0756 0484 vwififlt - ok</div>

<div>11:54:23.0788 0484 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys</div>

<div>11:54:23.0788 0484 vwifimp - ok</div>

<div>11:54:23.0819 0484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll</div>

<div>11:54:23.0850 0484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys</div>

<div>11:54:23.0850 0484 WacomPen - ok</div>

<div>11:54:23.0850 0484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys</div>

<div>11:54:23.0850 0484 WANARP - ok</div>

<div>11:54:23.0866 0484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys</div>

<div>11:54:23.0866 0484 Wanarpv6 - ok</div>

<div>11:54:23.0912 0484 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe</div>

<div>11:54:23.0928 0484 WatAdminSvc - ok</div>

<div>11:54:23.0975 0484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe</div>

<div>11:54:23.0990 0484 wbengine - ok</div>

<div>11:54:24.0006 0484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll</div>

<div>11:54:24.0006 0484 WbioSrvc - ok</div>

<div>11:54:24.0053 0484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll</div>

<div>11:54:24.0053 0484 wcncsvc - ok</div>

<div>11:54:24.0068 0484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll</div>

<div>11:54:24.0068 0484 WcsPlugInService - ok</div>

<div>11:54:24.0084 0484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys</div>

<div>11:54:24.0131 0484 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys</div>

<div>11:54:24.0162 0484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll</div>

<div>11:54:24.0162 0484 WdiServiceHost - ok</div>

<div>11:54:24.0162 0484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll</div>

<div>11:54:24.0162 0484 WdiSystemHost - ok</div>

<div>11:54:24.0209 0484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll</div>

<div>11:54:24.0209 0484 WebClient - ok</div>

<div>11:54:24.0224 0484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll</div>

<div>11:54:24.0224 0484 Wecsvc - ok</div>

<div>11:54:24.0271 0484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll</div>

<div>11:54:24.0271 0484 wercplsupport - ok</div>

<div>11:54:24.0287 0484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll</div>

<div>11:54:24.0287 0484 WerSvc - ok</div>

<div>11:54:24.0334 0484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys</div>

<div>11:54:24.0334 0484 WfpLwf - ok</div>

<div>11:54:24.0349 0484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys</div>

<div>11:54:24.0349 0484 WIMMount - ok</div>

<div>11:54:24.0365 0484 WinDefend - ok</div>

<div>11:54:24.0365 0484 WinHttpAutoProxySvc - ok</div>

<div>11:54:24.0443 0484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll</div>

<div>11:54:24.0458 0484 Winmgmt - ok</div>

<div>11:54:24.0583 0484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll</div>

<div>11:54:24.0599 0484 WinRM - ok</div>

<div>11:54:24.0661 0484 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys</div>

<div>11:54:24.0661 0484 WinUsb - ok</div>

<div>11:54:24.0708 0484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll</div>

<div>11:54:24.0724 0484 Wlansvc - ok</div>

<div>11:54:24.0786 0484 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe</div>

<div>11:54:24.0786 0484 wlcrasvc - ok</div>

<div>11:54:24.0880 0484 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>

<div>11:54:24.0895 0484 wlidsvc - ok</div>

<div>11:54:24.0942 0484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys</div>

<div>11:54:24.0942 0484 WmiAcpi - ok</div>

<div>11:54:24.0958 0484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe</div>

<div>11:54:24.0958 0484 wmiApSrv - ok</div>

<div>11:54:24.0989 0484 WMPNetworkSvc - ok</div>

<div>11:54:24.0989 0484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll</div>

<div>11:54:24.0989 0484 WPCSvc - ok</div>

<div>11:54:25.0020 0484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll</div>

<div>11:54:25.0036 0484 WPDBusEnum - ok</div>

<div>11:54:25.0067 0484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys</div>

<div>11:54:25.0082 0484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll</div>

<div>11:54:25.0082 0484 wscsvc - ok</div>

<div>11:54:25.0129 0484 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys</div>

<div>11:54:25.0129 0484 WSDPrintDevice - ok</div>

<div>11:54:25.0160 0484 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys</div>

<div>11:54:25.0160 0484 WSDScan - ok</div>

<div>11:54:25.0176 0484 WSearch - ok</div>

<div>11:54:25.0238 0484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll</div>

<div>11:54:25.0270 0484 wuauserv - ok</div>

<div>11:54:25.0301 0484 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys</div>

<div>11:54:25.0301 0484 WudfPf - ok</div>

<div>11:54:25.0332 0484 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys</div>

<div>11:54:25.0348 0484 WUDFRd - ok</div>

<div>11:54:25.0379 0484 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll</div>

<div>11:54:25.0379 0484 wudfsvc - ok</div>

<div>11:54:25.0410 0484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll</div>

<div>11:54:25.0426 0484 WwanSvc - ok</div>

<div>11:54:25.0441 0484 ================ Scan global ===============================</div>

<div>11:54:25.0488 0484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll</div>

<div>11:54:25.0519 0484 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll</div>

<div>11:54:25.0535 0484 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll</div>

<div>11:54:25.0566 0484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll</div>

<div>11:54:25.0582 0484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe</div>

<div>11:54:25.0597 0484 [Global] - ok</div>

<div>11:54:25.0597 0484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0</div>

<div>11:54:25.0597 0484 Suspicious mbr (Forged): \Device\Harddisk0\DR0</div>

<div>11:54:25.0660 0484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected</div>

<div>11:54:25.0660 0484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)</div>

<div>11:54:25.0675 0484 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1</div>

<div>11:54:40.0604 0484 \Device\Harddisk1\DR1 - ok</div>

<div>11:54:40.0604 0484 [ 558935E347C8ECEE3B3AF00CCE866096 ] \Device\Harddisk0\DR0\Partition1</div>

<div>11:54:40.0604 0484 \Device\Harddisk0\DR0\Partition1 - ok</div>

<div>11:54:40.0620 0484 [ 9AF75B854291DF1541FF0996489C2EB8 ] \Device\Harddisk0\DR0\Partition2</div>

<div>11:54:40.0620 0484 \Device\Harddisk0\DR0\Partition2 - ok</div>

<div>11:54:40.0620 0484 [ 2ED775138C0F13AE7947B6D3D01EF753 ] \Device\Harddisk1\DR1\Partition1</div>

<div>11:54:40.0620 0484 \Device\Harddisk1\DR1\Partition1 - ok</div>

<div>11:54:40.0620 0484 Scan finished</div>

<div>11:54:40.0636 1948 Detected object count: 1</div>

<div>11:54:40.0636 1948 Actual detected object count: 1</div>

<div>11:55:04.0738 1948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user</div>

<div>11:55:04.0738 1948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip </div>

Larusso · March 12, 2013

Hy there.

A tiny nasty infection in your Master Boot Record.

Please re-run FRST.exe as instructed here --> http://forums.malwarebytes.org/index.php?showtopic=123733&view=findpost&p=656017

I want to make sure that the malicious partition is not aktiv anymore.

Do you have a USB drive handy ?

pjgibbons · March 12, 2013

Yes, I've been using a usb to move the programs you've had me using to the infected computer, since I can't get it to stay up long enough to download them directly. I inoculated the usb with the panda vaccine.

Larusso · March 12, 2013

Yes, I've been using a usb to move the programs..

and us also used it for FRST. I noticed this after clickin post. Epic fail

pjgibbons · March 12, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01

Ran by SYSTEM at 12-03-2013 16:29:35

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]

HKLM\...\Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [443904 2008-05-22] (IDT, Inc.)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-14] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\Administrator\...\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)

HKU\Administrator\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]

HKU\Pam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]

HKU\Pam\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-11-08] (Siber Systems)

HKU\Pam\...\Run: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [x]

HKU\Pam\...\Run: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [x]

HKU\Pam\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Pam\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)

HKU\Pam\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)

HKU\Pam\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|" [468408 2009-06-05] (Adobe Systems, Inc.)

HKU\QBDataServiceUser18\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]

HKU\QBDataServiceUser18\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [x]

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\ProgramData\Start Menu\Programs\Startup\CrashPlan Tray.lnk

ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan)

2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.)

2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-06] (Dell Inc.)

3 DMService; C:\Windows\Downloaded Program Files\DM.1\DMService.exe [487312 2010-11-25] (Microsoft Corporation)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)

2 QuickBooksDB18; C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)

2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)

3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]

3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)

1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)

3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-13] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)

3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2011-03-30] (http://libusb-win32.sourceforge.net)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.)

1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.)

3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS [126192 2013-03-11] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS [2087664 2013-03-11] (Symantec Corporation)

3 psdrv3; C:\Windows\System32\Drivers\psdrv3.sys [23816 2011-05-08] (Prime Sense Ltd.)

1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-21] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [53808 2010-05-05] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)

3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)

3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)

3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)

3 27303051; C:\Windows\System32\drivers\33678759.sys [x]

3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]

3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]

3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]

3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]

3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]

3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]

3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-12 08:52 - 2013-03-12 08:52 - 00043801 ____A C:\Users\Pam\Desktop\attach.txt

2013-03-12 08:52 - 2013-03-12 08:51 - 00022332 ____A C:\Users\Pam\Desktop\dds.txt

2013-03-12 08:43 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2013-03-12 08:42 - 2013-03-12 08:42 - 00275520 ____A C:\Windows\Minidump\031213-24507-01.dmp

2013-03-12 08:39 - 2013-03-12 08:40 - 00000000 ____D C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}

2013-03-12 08:36 - 2013-03-12 08:36 - 00275520 ____A C:\Windows\Minidump\031213-102445-01.dmp

2013-03-12 07:00 - 2013-03-12 07:02 - 00000000 ____D C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}

2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST

2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp

2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp

2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp

2013-03-11 11:13 - 2013-03-11 11:14 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp

2013-03-11 11:06 - 2013-03-11 11:07 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp

2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe

2013-03-11 10:51 - 2013-03-11 10:52 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt

2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt

2013-03-11 10:43 - 2013-03-11 10:50 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine

2013-03-11 10:41 - 2013-03-11 10:42 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe

2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt

2013-03-11 10:35 - 2013-03-11 10:36 - 00007739 ____A C:\AdwCleaner[s1].txt

2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe

2013-03-11 07:54 - 2013-03-11 07:55 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe

2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp

2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp

2013-03-11 07:17 - 2013-03-11 07:18 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp

2013-03-11 06:58 - 2013-03-11 06:57 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-03-11 06:58 - 2013-03-11 06:57 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}

2013-03-11 06:36 - 2013-03-11 06:49 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe

2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 03:19 - 2013-03-11 03:20 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp

2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}

2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec

2013-03-10 19:46 - 2013-03-10 19:47 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp

2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}

2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp

2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-10 19:25 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-03-10 18:47 - 2013-03-10 18:48 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp

2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}

2013-02-22 13:56 - 2013-03-10 16:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat

2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe

2013-02-13 09:04 - 2013-03-10 12:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}

2013-02-13 01:01 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-13 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-13 01:01 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-13 01:01 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-13 01:01 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-13 01:01 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-13 01:01 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-13 01:01 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-13 01:01 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-13 01:01 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-13 01:01 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-13 01:01 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-13 01:01 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-13 01:01 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-13 01:01 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-13 01:01 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-13 01:01 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-13 01:01 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-13 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 01:01 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-13 01:01 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-13 01:01 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-13 01:01 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-13 01:01 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-13 01:01 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-13 01:01 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-13 01:01 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-13 01:01 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-13 01:01 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-13 01:01 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-13 01:01 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-13 01:01 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-12 18:07 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-12 18:07 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-12 18:07 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-12 18:07 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-12 18:07 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-12 18:07 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-12 18:07 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-12 18:07 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-12 18:07 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-12 18:07 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-12 18:07 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-12 18:07 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

==================== One Month Modified Files and Folders =======

2013-03-12 08:52 - 2013-03-12 08:52 - 00043801 ____A C:\Users\Pam\Desktop\attach.txt

2013-03-12 08:51 - 2013-03-12 08:52 - 00022332 ____A C:\Users\Pam\Desktop\dds.txt

2013-03-12 08:42 - 2013-03-12 08:42 - 00275520 ____A C:\Windows\Minidump\031213-24507-01.dmp

2013-03-12 08:42 - 2012-02-19 16:36 - 00000000 ____D C:\Windows\Minidump

2013-03-12 08:42 - 2009-06-17 04:23 - 678886980 ____A C:\Windows\MEMORY.DMP

2013-03-12 08:40 - 2013-03-12 08:39 - 00000000 ____D C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}

2013-03-12 08:39 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Pam\Tracing

2013-03-12 08:37 - 2011-05-13 15:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-03-12 08:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-12 08:36 - 2013-03-12 08:36 - 00275520 ____A C:\Windows\Minidump\031213-102445-01.dmp

2013-03-12 08:36 - 2009-07-13 20:51 - 01499812 ____A C:\Windows\setupact.log

2013-03-12 07:02 - 2013-03-12 07:00 - 00000000 ____D C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}

2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST

2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp

2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp

2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp

2013-03-11 11:14 - 2013-03-11 11:13 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp

2013-03-11 11:07 - 2013-03-11 11:06 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp

2013-03-11 10:58 - 2009-12-05 15:01 - 01704193 ____A C:\Windows\WindowsUpdate.log

2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe

2013-03-11 10:52 - 2013-03-11 10:51 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt

2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-11 10:50 - 2013-03-11 10:43 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine

2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt

2013-03-11 10:47 - 2009-07-13 21:13 - 00876842 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-11 10:43 - 2013-01-24 08:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-11 10:42 - 2013-03-11 10:41 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe

2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt

2013-03-11 10:36 - 2013-03-11 10:35 - 00007739 ____A C:\AdwCleaner[s1].txt

2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe

2013-03-11 10:13 - 2011-05-13 15:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-03-11 08:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-03-11 08:01 - 2011-05-18 13:16 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Skype

2013-03-11 07:55 - 2013-03-11 07:54 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe

2013-03-11 07:52 - 2009-07-13 21:08 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp

2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp

2013-03-11 07:18 - 2013-03-11 07:17 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp

2013-03-11 07:07 - 2009-12-05 14:44 - 00532140 ____A C:\Windows\PFRO.log

2013-03-11 06:59 - 2009-01-04 08:56 - 00000000 ____D C:\ProgramData\Adobe

2013-03-11 06:57 - 2013-03-11 06:58 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-03-11 06:57 - 2013-03-11 06:58 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-03-11 06:57 - 2011-03-27 07:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-03-11 06:57 - 2009-01-04 08:51 - 00000000 ____D C:\Program Files (x86)\Java

2013-03-11 06:52 - 2009-12-05 14:23 - 00000000 ____D C:\users\Administrator

2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}

2013-03-11 06:49 - 2013-03-11 06:36 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe

2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific

2013-03-11 03:20 - 2013-03-11 03:19 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp

2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}

2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec

2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files\Bonjour

2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-03-10 21:37 - 2011-08-16 11:41 - 00000000 ____D C:\Program Files\CrashPlan

2013-03-10 21:37 - 2011-07-10 17:49 - 00000000 ____D C:\Program Files (x86)\Ring Factory

2013-03-10 21:37 - 2011-07-08 18:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-03-10 21:37 - 2011-06-20 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze

2013-03-10 21:37 - 2010-11-10 18:43 - 00000000 ____D C:\Python26

2013-03-10 21:37 - 2010-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\Finale 2011

2013-03-10 21:37 - 2010-04-21 05:06 - 00000000 ____D C:\ProgramData\Norton

2013-03-10 21:37 - 2009-12-05 14:23 - 00000000 ____D C:\users\QBDataServiceUser18

2013-03-10 21:37 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-03-10 21:37 - 2009-06-03 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-03-10 21:37 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Kevin

2013-03-10 19:47 - 2013-03-10 19:46 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp

2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}

2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp

2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-10 18:48 - 2013-03-10 18:47 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp

2013-03-10 18:48 - 2009-12-05 14:23 - 00000000 ____D C:\users\Pam

2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}

2013-03-10 17:06 - 2012-06-27 08:53 - 00000024 ____A C:\Users\Pam\random.dat

2013-03-10 17:02 - 2010-10-01 18:07 - 00000000 ____D C:\Users\Pam\Documents\Sara 2

2013-03-10 16:56 - 2013-02-22 13:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat

2013-03-10 16:56 - 2011-10-25 18:14 - 00000032 ____A C:\Users\Pam\jagex_cl_runescape_LIVE.dat

2013-03-10 12:50 - 2013-02-13 09:04 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}

2013-03-01 09:52 - 2011-02-12 07:53 - 00000000 ____D C:\Users\Pam\AppData\Local\{1339582B-495A-4F41-96DE-D29C21E8004D}

2013-02-26 20:43 - 2013-01-24 08:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-26 20:43 - 2011-06-29 04:59 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-22 13:56 - 2012-06-27 08:53 - 00000000 ____D C:\Users\Pam\jagexcache

2013-02-19 18:20 - 2010-10-02 11:53 - 00000509 ____A C:\Windows\demdata.txt

2013-02-13 21:20 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Personal

2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe

2013-02-13 19:11 - 2008-10-29 10:53 - 00000000 ____D C:\Users\Pam\Documents\QB 2008 data files

2013-02-13 14:47 - 2006-07-17 14:08 - 00000000 ____D C:\Users\Pam\Documents\JDM

2013-02-13 14:43 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Insctr

2013-02-13 07:21 - 2012-05-10 18:11 - 00000000 ____D C:\Users\Pam\Documents\Quicken

2013-02-13 01:41 - 2009-07-13 20:45 - 00648776 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-13 01:20 - 2009-01-08 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-02-13 01:09 - 2009-12-12 06:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-02-12 21:04 - 2013-01-24 16:58 - 00000000 ____D C:\Users\Pam\AppData\Local\{94636BCD-8EC9-4864-A7BC-33E9FFF0E645}

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-08 20:19:04

Restore point made on: 2013-03-11 06:57:10

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 6077.91 MB

Available physical RAM: 5338.51 MB

Total Pagefile: 6076.06 MB

Available Pagefile: 5345.73 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:505.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.3 GB) NTFS

4 Drive f: () (Removable) (Total:1.92 GB) (Free:1.59 GB) FAT

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 1967 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 88000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 62 MB 31 KB

Partition 2 Primary 15 GB 63 MB

Partition 3 Primary 683 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 FAT Partition 62 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 683 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1966 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 1966 MB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: 88000000

Partition 1:

=========

Hex: 80001E00000000001D00000000000000

Active: YES

Type: 00

Size: 0 byte

ATTENTION ===> 0 byte partition bootkit on partition 1

Partition 2:

=========

Hex: 00010100DEFE3F073F000000C9F50100

Active: NO

Type: DE

Size: 63 MB

Partition 3:

=========

Hex: 0008010807FEFFFF00F801000000E001

Active: NO

Type: 07 (NTFS)

Size: 15 GB

Partition 4:

=========

Hex: 80FEFFFF07FEFFFF00F8E10100607255

Active: YES

Type: 07 (NTFS)

Size: 684 GB

==============================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition 1:

=========

Hex: 800101000E0FA0BB20000000E0773D00

Active: YES

Type: 0E

Size: 2 GB

Last Boot: 2013-03-11 04:58

==================== End Of Log =============================

Larusso · March 12, 2013

Hy there. Log doesn't look as expected.

So we have to go the "long" manual way.

Lets try this tiny Linux first.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

Insert your USB drive
Press Start > My Computer > right click your USB drive > choose Format > Quick format
Double click the unetbootin-xpud-windows-387.exe that you just downloaded
Press Run then OK
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Browse to and select the xpud-0.9.2.iso file you downloaded
Verify the correct drive letter is selected for your USB device then click OK
It will install a little bootable OS on your USB device
Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
After it has completed do not choose to reboot the clean computer simply close the installer.

All commands are case sensitive !

Download xPUDtestdisk.exe and save it to the USB device.
Double click xPUDtestdisk.exe to extract the contents to your USB device
Remove the USB and insert it in the sick computer
Boot the Sick computer
Press F12 and choose to boot from the USB
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Press Tool at the top
Choose Open Terminal
Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

pjgibbons · March 12, 2013

Ok this is the first time I'm not sure - I expanded mnt and it lists sda 1-4. I'm not clear on what you want me to do next. Do I click tool, open terminal, then type exactly what you have above, or do I need to change the sd designation?

Larusso · March 12, 2013

So you dont see the sdb1 folder which means it is not mounted correctly. I am aware that this can happen with xPUD.

If this is the case, open sda1 and follow up with tool...

This should save the MBRbackup.zip on your hdd instead of the USB stick.

I want to avoid to have you download another Linux which are around 600MBs and you are able to boot your OS in safemode, please reboot into windows when done and look for the MBRBackup.zip on your C: drive and copy it to your USB to upload it here.

pjgibbons · March 12, 2013

Ok, I've tried this 3 times. I see the mbrbackup zip file in xpud, but i can't find it anywhere when I go into windows. I've searched the entire computer, and it doesn't show up anywhere.

When I type :dd if=/dev/sda of=MBRbackup.zip bs=512 count=1, its just sda in the line, not sda 1, correct?

Larusso · March 12, 2013

yes, just sda.

Odd thing.

So, you can try to copy it to your desktop in xPUD.

Expand mnt, sda1.

There should be a Users folder. Open it, look for your "User Name" Folder ( Pam ) --> Desktop and copy the MBRbackup.zip into the Desktop folder. It should be on your Desktop in Windows also

pjgibbons · March 13, 2013

Daniel, I don't know what to tell you. I've run this several times, coped it to several folders, searched in both safe and normal modes, but if i'm not in xpud, I can't find any trace of that file. There was a usr folder in xpud, but none with my name on it, so I copied the backup file to the usr folder, to the rdesktop folder and to the shared folder, but can't find it once I'm in windows. It's been ages since I've used DOS - is there a way to copy it through the command prompt? I don't know if external drives are recognized in DOS.

Larusso · March 13, 2013

lol, never run in problems like this.

Tried this on my Laptop and worked like a charm.

Yes, DOS recognize external drives but xPUD wont mount it in your case.

Do you see a "Windows" Folder when opening sda1 ?

pjgibbons · March 13, 2013

Allrighty then. Sda 1 had nothing in it, which apparently was the problem, lol. It was sda 3 that we wanted. The file is attached.MBRbackup.zip

Larusso · March 13, 2013

Well done !!!

As expected. Partitionstable is still infected.

Please download the attached mbr.zip and save in the same location as the MBRBackup.zip !!!

Note: Don't try to extract it. This is not a compressed file like you may know from windows.

Reboot your system into xPUD, open the same folder where you saved the mbr.zip --> Tool --> open Terminal and type in the command below.

dd if=mbr.zip of=/dev/sda bs=512 count=1

Please reboot into Windows and let me know how things going.

Note: I will be online till I heard from you because this is not a simple modification.

This file was written for this machine only. Do not use it on any other systems

mbr.zip

pjgibbons · March 13, 2013

I copied the file in windows into the same directory as mbrbackup. Now I'm in xpud, I see mbrbackup, but I don't see the mbr zip file. Do I go ahead with typing the command in the terminal, or do we have another problem?

trojan.agent infection, system crashing every few minutes

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information