Larusso Posted March 13, 2013 ID:656455 Share Posted March 13, 2013 please open the terminal and type in ls. Is if the the mbr.zip is listed, move on with the command above. If not, let me know. Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656460 Share Posted March 13, 2013 Not there. I just went back into windows to double check, and it's in the same folder as mbrbackup. Checked a second time in xpud, only mbrbackup is listed. Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656463 Share Posted March 13, 2013 I also checked view hidden files, still not there Link to post Share on other sites More sharing options...
Larusso Posted March 13, 2013 ID:656469 Share Posted March 13, 2013 Your PC drives me to drink I am a little bit out of training in Bash but lets give it a try. Expand mnt, sda3 -> Tool --> Terminal and type in.find / -name mbr.zip Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656476 Share Posted March 13, 2013 Going to have a glass of wine myself. File was in sda 4. Ran the command you gave me (please don't tell me it was supposed to generate a file, because it didn't, lol) and booted into normal mode. So far, so good. Usually by now, I've had notifications from mbam pop up, but none have so far. Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656479 Share Posted March 13, 2013 Ah crap it's back. Hasn't crashed yet, though. Link to post Share on other sites More sharing options...
Larusso Posted March 13, 2013 ID:656480 Share Posted March 13, 2013 I prefer a cup of coffee No, no file has been generated.So, you are in normal mode ( Windows ) now and the system seems to run stable than we took the bull by the horns. it is 3.30am here and have to get up 9am. So this will be my last instruction for now.Download ComboFix from this location:Link 1* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that. Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656484 Share Posted March 13, 2013 K will do. Guess we're not a good time zone match as I'm in Chicago. Sleep well. Link to post Share on other sites More sharing options...
Larusso Posted March 13, 2013 ID:656486 Share Posted March 13, 2013 and I always work at nite ( like a vampire ) Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656501 Share Posted March 13, 2013 I ran combofix twice and am including both logs. I thought I'd disabled Norton completely, but it started scanning something in the middle of the combofix scan, so I figured better safe than sorry.first scan:ComboFix 13-03-12.02 - Pam 03/12/13 21:56:22.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3284 [GMT -5:00]Running from: c:\users\Pam\Desktop\ComboFix.exeAV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\programdata\Microsoft\Windows\DRM\A172.tmpc:\programdata\Microsoft\Windows\DRM\A183.tmpc:\users\Pam\314_gotomypc.exec:\users\Pam\370_gotomypc.exec:\users\Pam\AppData\Local\assembly\tmpc:\users\Pam\AppData\Local\ie_runner_app.exec:\users\Pam\Desktop\Internet Explorer.lnkc:\users\Pam\WINDOWSc:\windows\Downloaded Program Files\DM.0c:\windows\Downloaded Program Files\DM.1c:\windows\Downloaded Program Files\DM.1\DMService.exec:\windows\Downloaded Program Files\DM.1\WhlMgr.dllc:\windows\TEMP\jna8284382155021705789.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_DMService-------\Service_DMService..((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))..2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2013-03-13 03:10 . 2013-03-13 03:10 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328]"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816]R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160]R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576]R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mozyFilter*Deregistered* - MPFP.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43].2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://news.yahoo.com/?umLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: intuit.com\ttlcTrusted Zone: paycycle.com\wwwTrusted Zone: turbotax.comTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exeWow6432Node-HKCU-Run-Upromise Update - c:\program files (x86)\Upromise\dca-ua.exeWow6432Node-HKCU-Run-Upromise Tray - c:\program files (x86)\Upromise\UpromiseTray.exeSafeBoot-27303051.sysSafeBoot-86078694.sysSafeBoot-95364534.sysSafeBoot-mcmscsvcSafeBoot-MCODSHKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-Upromise TurboSaver - c:\program files (x86)\Upromise\uninstall.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exec:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe.**************************************************************************.Completion time: 2013-03-12 22:23:58 - machine was rebootedComboFix-quarantined-files.txt 2013-03-13 03:23.Pre-Run: 564,631,904,256 bytes freePost-Run: 564,211,740,672 bytes free.- - End Of File - - D1CA6FB3A2F1CE1E71D1F8B9D52158D6second scan:ComboFix 13-03-12.02 - Pam 03/12/13 22:43:02.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3963 [GMT -5:00]Running from: c:\users\Pam\Desktop\ComboFix.exeAV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\jna8271226750236814921.dll..((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))..2071-07-25 15:13 . 2006-11-22 02:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-13 03:55 . 2013-03-13 03:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-03-13 00:56 . 2013-03-13 00:56 -------- d-----w- c:\programdata\PreEmptive Solutions2013-03-13 00:30 . 2013-03-13 00:30 -------- d-----w- c:\programdata\VS2013-03-12 03:33 . 2013-03-12 03:33 -------- d-----w- C:\FRST2013-03-11 14:58 . 2013-03-11 14:58 -------- d-----w- c:\program files (x86)\Common Files\Java2013-03-11 14:58 . 2013-03-11 14:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-11 14:57 . 2013-03-11 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-03-11 11:22 . 2013-03-11 11:22 -------- d-----w- c:\users\Pam\AppData\Roaming\Tific2013-03-11 11:15 . 2013-03-11 11:15 -------- d-----w- c:\users\Pam\AppData\Local\Symantec2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\programdata\Malwarebytes2013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-03-11 03:25 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-11 03:24 . 2013-03-11 03:24 -------- d-----w- c:\users\Pam\AppData\Local\Programs2013-02-13 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-13 02:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-13 02:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-02-13 02:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys2013-02-13 02:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll2013-02-13 02:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-02-13 02:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-02-13 02:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-02-13 02:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-02-13 02:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe2013-02-13 02:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-02-13 02:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-13 02:39 . 2009-12-12 14:06 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-13 01:39 . 2013-03-13 02:00 512 ----a-w- C:\mbr.zip2013-03-13 01:39 . 2013-03-13 01:44 512 ----a-w- c:\users\mbr.zip2013-03-13 01:04 . 2011-05-08 20:05 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll2013-03-13 00:43 . 2013-01-24 16:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-03-13 00:43 . 2011-06-29 12:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 20:09 . 2013-03-13 01:44 512 ----a-w- c:\users\MBRbackup.zip2013-03-11 14:57 . 2011-03-27 15:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-01-21 00:11 . 2013-01-21 00:11 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp2013-01-04 04:43 . 2013-02-13 02:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 160328]"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]R2 QuickBooksDB18;QuickBooksDB18;c:\program files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 128536]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]R3 27303051;27303051;c:\windows\system32\drivers\33678759.sys [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-31 43456]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;c:\windows\system32\Drivers\psdrv3.sys [2011-05-08 23816]R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-29 419160]R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-29 31576]R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-29 53080]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 513184]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 191896]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 150928]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]..--- Other Services/Drivers In Memory ---.*Deregistered* - mozyFilter*Deregistered* - MPFP.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-03-06 03:14 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 00:43].2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56].2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://news.yahoo.com/?umLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: intuit.com\ttlcTrusted Zone: paycycle.com\wwwTrusted Zone: turbotax.comTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-12 22:58:22ComboFix-quarantined-files.txt 2013-03-13 03:58ComboFix2.txt 2013-03-13 03:23.Pre-Run: 564,720,992,256 bytes freePost-Run: 564,411,543,552 bytes free.- - End Of File - - 0A8D42F28F788AF32E9BC5492DEF8DE6 Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656618 Share Posted March 13, 2013 I ran a mbam scan this morning and it came up clean Link to post Share on other sites More sharing options...
Larusso Posted March 13, 2013 ID:656628 Share Posted March 13, 2013 Hy there. Before we move on.How is your system behaving now ? Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656636 Share Posted March 13, 2013 It's been fine. I left it on all night (it's 10:40am here) and it hasn't crashed. Did a mbam scan, came up clean. Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656641 Share Posted March 13, 2013 Will be offline for 2-3 hours - post what you want me to do next, and I will take care of it as soon as I'm back. Link to post Share on other sites More sharing options...
Larusso Posted March 13, 2013 ID:656645 Share Posted March 13, 2013 Glad to hear this Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.Close the ESET online scan, and let me know how things are now. Link to post Share on other sites More sharing options...
pjgibbons Posted March 13, 2013 Author ID:656728 Share Posted March 13, 2013 Wow this is taking forever. It's been running for an hour and a half, and it says it's only 36% done. So far, no threats found. Link to post Share on other sites More sharing options...
pjgibbons Posted March 14, 2013 Author ID:656795 Share Posted March 14, 2013 C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A172.tmp.vir Win64/Olmarik.AY trojanC:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A183.tmp.vir Win64/Olmarik.AY trojanC:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js Win32/TrojanDownloader.Tracur.V trojan Link to post Share on other sites More sharing options...
Larusso Posted March 14, 2013 ID:656830 Share Posted March 14, 2013 Open notepad and copy/paste the text in the Code-box below into it:ClearJavaCache::File::C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.jsReboot:: Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Please launch DDS.Make sure that the following options are checked: DDS.txt attach.txtPress the Start Button.When done, DDS will open both logfiles which will also be saved on your desktop.Please post them in your next reply. Link to post Share on other sites More sharing options...
pjgibbons Posted March 14, 2013 Author ID:656863 Share Posted March 14, 2013 Combo fix log:ComboFix 13-03-12.02 - Pam 03/13/13 20:52:57.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.3456 [GMT -5:00]Running from: C:\Users\Pam\Desktop\ComboFix.exeCommand switches used :: L:\CFScript.txtAV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FILE ::"C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Default\aagddhgdgfdigcdedbddddgedegbdedb\background.js"((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\Windows\TEMP\jna6072080013482144580.dll((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 )))))))))))))))))))))))))))))))2071-07-25 15:13:30 . 2006-11-22 02:48:08 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\QBDataServiceUser18\AppData\Local\temp2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Default\AppData\Local\temp2013-03-14 02:03:13 . 2013-03-14 02:03:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp2013-03-13 18:57:34 . 2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET2013-03-13 00:56:12 . 2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions2013-03-13 00:30:17 . 2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS2013-03-12 03:33:58 . 2013-03-12 03:33:58 -------- d-----w- C:\FRST2013-03-11 14:58:30 . 2013-03-11 14:58:30 -------- d-----w- C:\Program Files (x86)\Common Files\Java2013-03-11 14:58:15 . 2013-03-11 14:57:25 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-11 14:57:54 . 2013-03-11 14:57:28 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-11 11:22:47 . 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific2013-03-11 11:15:51 . 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec2013-03-11 03:25:22 . 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes2013-03-11 03:25:05 . 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-11 03:25:04 . 2013-03-11 03:25:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-03-11 03:25:04 . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys2013-03-11 03:24:51 . 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs2013-02-13 09:04:07 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 09:04:07 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:07:51 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe2013-02-13 02:07:50 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-02-13 02:07:49 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-02-13 02:07:38 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys2013-02-13 02:07:35 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll2013-02-13 02:07:35 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-02-13 02:07:35 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-02-13 02:07:35 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-02-13 02:07:34 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-02-13 02:07:34 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-02-13 02:07:32 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys2013-02-13 02:07:32 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2013-03-13 02:39:52 . 2009-12-12 14:06:41 72013344 ----a-w- C:\Windows\system32\MRT.exe2013-03-13 01:39:44 . 2013-03-13 02:00:21 512 ----a-w- C:\mbr.zip2013-03-13 01:39:44 . 2013-03-13 01:44:57 512 ----a-w- C:\Users\mbr.zip2013-03-13 01:04:25 . 2011-05-08 20:05:22 2480064 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll2013-03-13 00:43:10 . 2013-01-24 16:25:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-03-13 00:43:10 . 2011-06-29 12:59:44 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 20:09:54 . 2013-03-13 01:44:48 512 ----a-w- C:\Users\MBRbackup.zip2013-03-11 14:57:25 . 2011-03-27 15:22:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-02-12 05:45:24 . 2013-03-13 00:31:10 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 . 2013-03-13 00:31:10 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 . 2013-03-13 00:31:10 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 . 2013-03-13 00:31:10 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 . 2013-03-13 00:31:10 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 . 2013-03-13 00:31:11 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-01-21 00:11:59 . 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp2013-01-04 04:43:21 . 2013-02-13 02:07:35 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-12-16 17:11:22 . 2012-12-21 09:00:55 46080 ----a-w- C:\Windows\system32\atmlib.dll2012-12-16 14:45:03 . 2012-12-21 09:00:55 367616 ----a-w- C:\Windows\system32\atmfd.dll2012-12-16 14:13:28 . 2012-12-21 09:00:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 . 2012-12-21 09:00:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-08 14:07:23 160328]"WLSync"="C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 23:21:54 1449824]"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18:59:26 18705664][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 15:52:02 98304]"ATICustomerCare"="C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 00:24:46 307200]"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 01:06:18 59280]"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 16:18:54 1185112]"IJNetworkScanUtility"="C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 01:52:00 140640]"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888]"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 00:33:22 421776]"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-9-23 1295656][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 21:49:28 682344]R2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe [2006-09-13 15:32:12 128536]R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 18:55:20 161536]R3 27303051;27303051;C:\Windows\system32\drivers\33678759.sys [x]R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x]R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 07:01:44 54824]R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\system32\DRIVERS\libusb0.sys [2011-03-31 02:00:21 43456]R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys [x]R3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]R3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\system32\Drivers\psdrv3.sys [2011-05-08 17:07:54 23816]R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys [x]R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys [2011-04-29 03:18:02 419160]R3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys [2011-04-29 03:18:04 31576]R3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\system32\drivers\tscusb2a.sys [2011-04-29 03:18:04 53080]R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 16:01:50 52736]R3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 23:49:06 68440]R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-04 08:00:33 1255736]R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976]R4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 02:01:54 311144]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 02:06:04 431464]R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184]S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 03:50:05 433200]S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 02:53:35 221304]S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 02:51:11 1388120]S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 04:19:26 593544]S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSvia64.sys [2012-09-06 09:54:30 513184]S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 05:03:51 150064]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 02:53:36 451704]S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-04-20 07:04:20 203776]S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-03-16 15:19:38 222720]S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 05:52:36 191896]S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-24 03:09:52 155648]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 21:49:28 398184]S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 04:18:43 126400]S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-11-25 11:05:00 150928]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 04:48:51 138912]S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-12-14 21:49:28 24176]--- Other Services/Drivers In Memory ---*Deregistered* - mozyFilter*Deregistered* - MPFP[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-03-06 03:14:04 1630672 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exeContents of the 'Scheduled Tasks' folder2013-03-14 C:\Windows\Tasks\Adobe Flash Player Updater.job- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 16:25:24 . 2013-03-13 00:43:16]2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51]2013-03-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 20:56:59 . 2011-03-03 20:56:51]--------- X64 Entries -----------[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 23:50:18 56320]"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 22:54:40 178712]"SysTrayApp"="C:\Program Files (x86)\IDT\WDM\sttray64.exe" [bU]"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 01:50:00 2726728]------- Supplementary Scan -------uLocal Page = C:\Windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://news.yahoo.com/?umLocal Page = C:\Windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: intuit.com\ttlcTrusted Zone: paycycle.com\wwwTrusted Zone: turbotax.comTCP: DhcpNameServer = 192.168.2.1- - - - ORPHANS REMOVED - - - -AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exeDDS.txt:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2Run by Pam at 21:17:44 on 2013-03-13Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.4181 [GMT -5:00].AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CrashPlan\CrashPlanService.exeC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\Windows Live\Mesh\WLSync.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files\CrashPlan\CrashPlanTray.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Windows Live\Mesh\MOE.exeC:\Windows\splwow64.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\prevhost.exeC:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://news.yahoo.com/?uuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uProxyServer = :0uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dllBHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dllBHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dllEB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /backgrounduRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logonmRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: turbotax.comDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://xtier.d211.org/InternalSite/WhlCompMgr.cabDPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabDPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.2.1TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59}\2656C6B696E6E253637333 : DHCPNameServer = 192.168.2.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = hxxp://www.dell4me.com/mywayx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIModex64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exex64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - LocalServer32 - <no file>x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130312.001\IDSviA64.sys [2013-3-12 513184]R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-1-4 308296]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203776]R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2009-1-4 191896]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-10 398184]R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-21 150928]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-10 24176]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-10 682344]S2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]S3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2010-11-12 43456]S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-1-4 102472]S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-1-4 40904]S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-1-4 49480]S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-4-15 23816]S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\System32\drivers\tascusb2.sys [2012-2-19 419160]S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2012-2-19 31576]S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\System32\drivers\tscusb2a.sys [2012-2-19 53080]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2071-07-25 15:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2013-03-14 02:06:41 -------- d-sh--w- C:\$RECYCLE.BIN2013-03-14 01:51:10 -------- d-----w- C:\ComboFix2013-03-13 18:57:34 -------- d-----w- C:\Program Files (x86)\ESET2013-03-13 12:17:16 -------- d-----w- C:\Users\Pam\AppData\Local\{A0034E39-0497-4A2E-A7EB-2A2917995EBE}2013-03-13 02:54:06 98816 ----a-w- C:\Windows\sed.exe2013-03-13 02:54:06 256000 ----a-w- C:\Windows\PEV.exe2013-03-13 02:54:06 208896 ----a-w- C:\Windows\MBR.exe2013-03-13 00:56:12 -------- d-----w- C:\ProgramData\PreEmptive Solutions2013-03-13 00:30:17 -------- d-----w- C:\ProgramData\VS2013-03-13 00:16:18 -------- d-----w- C:\Users\Pam\AppData\Local\{A37B3826-F482-4C62-A44C-9E0B306654DD}2013-03-12 16:39:51 -------- d-----w- C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE}2013-03-12 15:00:52 -------- d-----w- C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65}2013-03-12 03:33:58 -------- d-----w- C:\FRST2013-03-11 14:58:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-11 14:57:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-11 14:50:33 -------- d-----w- C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific2013-03-11 11:16:21 -------- d-----w- C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec2013-03-11 03:44:07 -------- d-----w- C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-11 03:25:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-11 03:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs2013-03-11 02:45:09 -------- d-----w- C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}2013-02-13 17:04:43 -------- d-----w- C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}2013-02-13 09:04:07 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 09:04:07 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:07:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-02-13 02:07:50 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-02-13 02:07:49 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-02-13 02:07:38 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-02-13 02:07:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-02-13 02:07:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-02-13 02:07:35 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-02-13 02:07:35 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-02-13 02:07:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-02-13 02:07:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-02-13 02:07:32 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-02-13 02:07:32 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2013-03-13 00:43:10 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-13 00:43:10 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-03-11 14:57:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll.============= FINISH: 21:28:01.60 ===============Attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 12/05/09 5:47:15 PMSystem Uptime: 03/13/13 9:13:42 PM (0 hours ago).Motherboard: Dell Inc. | | 0G254HProcessor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU | 2327/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 684 GiB total, 531.733 GiB free.D: is FIXED (NTFS) - 15 GiB total, 7.299 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableL: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP311: 03/13/13 1:53:52 AM - Scheduled CheckpointRP312: 03/13/13 3:00:36 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Acrobat.comActiveState ActivePython 2.6.6.15 (64-bit)Adobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.5)Adobe Shockwave Player 11.5Age of Empires IIIAI RoboForm (All Users)Amazon MP3 Downloader 1.0.15Apple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerATI Catalyst RegistrationBanctec Service AgreementBlueJBonjourBrowser Address Error RedirectorCanon CanoScan Toolbox 5.0Canon IJ Network Scan UtilityCanon IJ Network ToolCanon Inkjet Printer Driver Add-On ModuleCanon MG5200 series MP DriversCanon MG5200 series User RegistrationCanon MP Navigator EX 4.0Canon My PrinterCanon Solution Menu EXCanon Utilities Easy-PhotoPrint EXCanoScan LiDE 70Catalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help EnglishCCC Help JapaneseCCC Help KoreanComcast High-Speed Internet Install WizardCompatibility Pack for the 2007 Office systemCrashPlanCrystal Reports for Visual StudioCutePDF Writer 2.7D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell DockDell Driver Download ManagerDell Getting Started GuideDell Printer SoftwareDotfuscator Software Services - Community EditionEDocsESET Online Scanner v3Finale 2011Google ChromeGoogle Update HelperGPL Ghostscript 8.64Greenfoot 2.0.1GSview 4.9IDT AudioInfraRecorderIntel® Matrix Storage ManageriTunesJava 7 Update 17Java Auto UpdaterJava 6 Update 24Java 6 Update 25 (64-bit)Java SE Development Kit 6 Update 25 (64-bit)libQGLViewerMalwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Application Error ReportingMicrosoft ASP.NET MVC 2Microsoft ASP.NET MVC 2 - Visual Studio 2010 ToolsMicrosoft Forefront UAG endpoint components v4.0.0Microsoft Help Viewer 1.1Microsoft Money PlusMicrosoft Money Shared LibrariesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Office 64-bit Components 2007Microsoft Office Office 64-bit Components 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher 2010Microsoft Office Publisher MUI (English) 2007Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2007Microsoft Publisher 2010Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programsMicrosoft SilverlightMicrosoft Silverlight 3 SDKMicrosoft Silverlight 4 SDKMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 BrowserMicrosoft SQL Server 2008 Common FilesMicrosoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 Database Engine SharedMicrosoft SQL Server 2008 Native ClientMicrosoft SQL Server 2008 R2 Data-Tier Application FrameworkMicrosoft SQL Server 2008 R2 Data-Tier Application ProjectMicrosoft SQL Server 2008 R2 Management ObjectsMicrosoft SQL Server 2008 R2 Management Objects (x64)Microsoft SQL Server 2008 R2 Transact-SQL Language ServiceMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft SQL Server Database Publishing Wizard 1.4Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft SQL Server VSS WriterMicrosoft Sync Framework Runtime v1.0 SP1 (x64)Microsoft Sync Framework SDK v1.0 SP1Microsoft Sync Framework Services v1.0 SP1 (x64)Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)Microsoft Team Foundation Server 2010 Object Model - ENUMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319Microsoft Visual F# 2.0 RuntimeMicrosoft Visual Studio 2010 ADO.NET Entity Framework ToolsMicrosoft Visual Studio 2010 IntelliTrace Collection (x64)Microsoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENUMicrosoft Visual Studio 2010 Service Pack 1Microsoft Visual Studio 2010 SharePoint Developer ToolsMicrosoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio 2010 Ultimate - ENUMicrosoft Visual Studio Macro ToolsMicrosoft WorksMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)Norton Security SuiteOpenNI 1.0.0 for Windows (remove only)Payroll Mate (2010) 6.0.15Payroll Mate (2011) 7.0.9Picasa 3Prime Sense - NITE 1.3.0 for Windows (remove only)PrimeSensor 5.0.0 for Windows (Kinect Mod) (remove only)QB Connection Diagnostic ToolQuickBooks Company File Diagnostic ToolQuickBooks Pro 2008QuickTimeRing Factory 2009 (3.0.2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)Security Update for Microsoft Visual Studio Macro Tools (KB2669970)Security Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionService Pack 3 for SQL Server 2008 (KB2546951) (64-bit)Skype ToolbarsSkype™ 6.1Spelling Dictionaries Support For Adobe Reader 9Sql Server Customer Experience Improvement ProgramSupportSoft Assisted ServiceTax Forms Helper 2008 8.5Tax Forms Helper 2010 9.5The Battle for Middle-earth The Battle for Middle-earth IITurboTax 2009TurboTax 2009 wiliperTurboTax 2009 WinPerFedFormsetTurboTax 2009 WinPerReleaseEngineTurboTax 2009 WinPerTaxSupportTurboTax 2009 wrapperTurboTax 2009 wwiiperTurboTax 2010TurboTax 2010 wiliperTurboTax 2010 WinPerFedFormsetTurboTax 2010 WinPerReleaseEngineTurboTax 2010 WinPerTaxSupportTurboTax 2010 wrapperTurboTax 2010 wwiiperUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUS-122 MKII / US-144 MKIIVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01Visual Studio 2010 Prerequisites - EnglishVisual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENUVoiceOver KitVuzeWCF RIA Services V1.0 SP1Web Deployment ToolWIDCOMM Bluetooth Software 6.0.1.4300Windows Driver Package - PrimeSense (psdrv3) PrimeSense (02/16/2011 3.1.2.0)Windows Driver Package - PrimeSense (psdrv3) PrimeSensor (07/13/2010 3.1.0.4)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live Movie MakerWindows Live OneCare safety scannerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.03/13/13 9:20:37 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.03/13/13 9:14:17 PM, Error: Service Control Manager [7038] - The QuickBooksDB18 service was unable to log on as .\QBDataServiceUser18 with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).03/13/13 9:14:17 PM, Error: Service Control Manager [7000] - The QuickBooksDB18 service failed to start due to the following error: The service did not start due to a logon failure.03/13/13 9:03:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.03/13/13 9:02:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.03/13/13 12:39:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.03/13/13 1:07:40 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.03/12/13 8:59:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}03/12/13 8:59:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}03/12/13 8:59:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}03/12/13 8:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}03/12/13 8:59:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}03/12/13 8:59:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}03/12/13 8:58:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIM SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.03/12/13 8:58:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.03/12/13 7:18:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.03/12/13 11:42:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000048, 0x0000000000000002, 0x0000000000000001, 0xfffff80003171e7f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-24507-01.03/12/13 11:36:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8007606bb0, 0x0000000000000000, 0x00000000fffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031213-102445-01.03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2791765).03/12/13 10:37:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289).03/11/13 7:29:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030af26b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-24382-01.03/11/13 6:21:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP03/11/13 6:20:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000338ecda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-73538-01.03/11/13 6:19:03 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.03/11/13 6:19:03 AM, Error: SRTSP [4] - Error loading virus definitions.03/11/13 2:39:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.03/11/13 2:37:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a726b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-99559-01.03/11/13 2:29:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030efe45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-101307-01.03/11/13 2:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.03/11/13 2:25:41 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.03/11/13 2:19:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.03/11/13 2:18:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 mfehidk spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv603/11/13 2:14:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880048b45c8, 0xfffff880048b3e20, 0xfffff800030b677a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-27331-01.03/11/13 2:07:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030aaeea, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-96985-01.03/11/13 10:56:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:55:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.03/11/13 10:55:59 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:54:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:53:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.03/11/13 10:52:22 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:52:22 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:43 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:51:02 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.03/11/13 10:46:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003081fe0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-110776-01.03/11/13 10:42:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.03/11/13 10:42:11 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.03/11/13 10:42:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}03/11/13 10:23:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033d8cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-32807-01.03/11/13 10:18:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003376cda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031113-127078-01.03/11/13 1:44:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.03/11/13 1:44:16 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.03/10/13 9:48:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000ec, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b6e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-25006-01.03/10/13 8:57:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.03/10/13 8:54:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80076f2bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-100823-01.03/10/13 8:32:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6800089e198, 0x0000000000000000, 0xfffff800030ed501, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-101509-01.03/10/13 8:26:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.03/10/13 8:26:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}03/10/13 8:22:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030f4e45, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-104255-01.03/10/13 8:16:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.03/10/13 8:16:25 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.03/10/13 7:12:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.03/10/13 10:47:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80003100e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-23540-01.03/10/13 10:42:47 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).03/10/13 10:40:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800030a8e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031013-63866-01.03/08/13 8:02:34 PM, Error: Service Control Manager [7034] - The CrashPlan Backup Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Larusso Posted March 14, 2013 ID:656875 Share Posted March 14, 2013 Hy there.Sorry, currently working on my homestudy and it wont work as it should.Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.There is a newer version of Adobe Acrobat Reader available.Please go to this link Adobe Acrobat Reader Download LinkUntick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.Click DownloadOn the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.Click the Continue buttonClick Run, and click Run againNext click the Install Now button and follow the on screen promptsWhen the installation is complete go to Add/Remove Programs and uninstall all previous versions.Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):Java™ 6 Update 24Java™ 6 Update 25 (64-bit)Unless you have any open issues, you are good to go. Please follow these last few steps.Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OKcombofix /uninstallThis will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.Empty your Recycle Bin if it does not do so automatically.Please download delfix to your Desktop.Close all running programms.Doubleclick on the delfix.exe Make sure that all options are checked.Click Start.This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.Now that you appear to be free from malware lets help you stay that way!It is vital that you keep your system up to datePlease enable Automatic Updates to keep your system up to date. Windows UpdatesWin XP: Start --> Control Panel and double- click on Automatic Updates.Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates[*] Software UpdatesYour installed Software also can have vulnerabilities that malware can use to infect your system.To keep your installed Software up to date I recommend File Hippo.Anti Virus Software Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.Additional Protection Malwarebytes Anti MalwareThe freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features. WinPatrolWinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. Safer Browsing Web of Trust ( WOT )This software helps you to stay away from sites that have malicious purposes. SpywareBlasterThis software helps prevent the installation of ActiveX-based spyware MVPS Hosts fileThis Hosts File will restrict known ad sites from serving you unsolicited advertisements.Use an alternate browserOther browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer. Opera FirefoxNote: If you use Firefox you may want to have a look on this Add Ons. AdblockPlus ( Blocks advertisments ) NoScript ( Blocks Java, Flash and JavaScript )Computer MaintenanceClean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).Thinking while surfingThere is no software which will protect your system from yourself.I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet. Staying Safe on the Internet ( by Glaswegian ) Making Internet Explorer Safer. Think Prevention!If you have any questions kindly ask.Please respond to this thread one more time so we can mark this thread as resolved. Link to post Share on other sites More sharing options...
pjgibbons Posted March 14, 2013 Author ID:656881 Share Posted March 14, 2013 Should I also delete Java SE Development Kit 6 Update 25 (64 bit)? Also, do you recommend any particular antivirus? I've got the Norton security suite installed on the machine (with automatic updates), but it never signaled that there was a problem throughout this disaster:( Link to post Share on other sites More sharing options...
Larusso Posted March 14, 2013 ID:657016 Share Posted March 14, 2013 Hy there.If you dont develop Java Applications, feel free to uninstall the development kit.You paid for the Norton Suite so I would recommend to ask for advise directly from Norton. If you are not happy with it, I recommend Microsoft Security Essentials or Avast. Both are for free. Link to post Share on other sites More sharing options...
pjgibbons Posted March 14, 2013 Author ID:657029 Share Posted March 14, 2013 K sounds good. My son is using Java for a programming class, so I'll leave that one alone. Thanks again for all of your help Link to post Share on other sites More sharing options...
pjgibbons Posted March 14, 2013 Author ID:657032 Share Posted March 14, 2013 Your paypal page is in German, any idea how I get to an English version? Link to post Share on other sites More sharing options...
Larusso Posted March 14, 2013 ID:657033 Share Posted March 14, 2013 than he might ask his teachers if he should use this one http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.htmlGlad we could help. Link to post Share on other sites More sharing options...
Recommended Posts