Jenga12

Hi. Sorry for the slow response...busy day... I ran the tool and the results log follows: ListParts by Farbar Version: 16-10-2012 Ran by Steffy (administrator) on 18-10-2012 at 23:10:26 Windows 7 (X64) Running From: C:\Users\Steffy\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 49% Total physical RAM: 2942.49 MB Available physical RAM: 1499.39 MB Total Pagefile: 5883.18 MB Available Pagefile: 4288.04 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:217.42 GB) NTFS 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)] 8 Drive k: (UDISK 28X) (Removable) (Total:0.96 GB) (Free:0.2 GB) FAT Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 980 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 286 GB 101 MB Partition 3 Primary 11 GB 286 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C HP NTFS Partition 286 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 979 MB 16 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0E Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 K UDISK 28X FAT Removable 979 MB Healthy ====================================================================================================== ****** End Of Log ****** Please advise next steps Thank you.

Hello again. Here is the fixlog.txt log and the attached MBRDUMP file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012 Ran by SYSTEM at 2012-10-17 22:51:44 Run:2 Running from G:\ ============================================== MBRDUMP.txt is made successfully. ==== End of Fixlog ==== Please advise next steps. Thank you MBRDUMP.txt

Ok so ran ComboFix and here is the log: ComboFix 12-10-17.03 - Steffy 10/17/2012 11:45:34.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1664 [GMT -4:00] Running from: c:\users\Steffy\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe c:\windows\SysWow64\msstdfmt.dll . . ((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))))) . . 2012-10-17 16:00 . 2012-10-17 16:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-10-17 16:00 . 2012-10-17 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-17 04:35 . 2012-10-17 04:35 -------- d-----w- C:\FRST 2012-10-16 03:21 . 2012-10-17 04:13 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-16 01:10 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 14:38 . 2012-10-15 14:38 -------- d-----w- c:\users\Steffy\AppData\Roaming\Malwarebytes 2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\programdata\Malwarebytes 2012-10-15 14:37 . 2012-10-16 01:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-15 05:06 . 2012-10-15 05:06 -------- d-----w- c:\users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-10-15 00:32 . 2012-10-16 00:50 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002 2012-10-14 23:21 . 2012-10-15 13:54 -------- d-----w- c:\users\Steffy\AppData\Local\NPE 2012-10-14 03:02 . 2012-10-14 03:03 -------- d-----w- c:\program files\NVIDIA Corporation 2012-10-14 03:00 . 2009-07-31 03:48 704000 ----a-w- c:\windows\system32\cohelper.dll 2012-10-14 03:00 . 2009-07-31 03:39 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin 2012-10-14 02:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-10-14 02:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-10-10 17:52 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 17:52 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 17:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 17:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 17:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 17:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 17:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 17:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 17:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 17:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-10 17:38 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 17:38 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-10 17:34 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 17:34 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-04 23:34 . 2012-10-06 04:47 -------- d-----w- c:\program files (x86)\Pyware iPAS 2012-10-04 23:34 . 2012-10-04 23:34 -------- d--h--w- c:\program files (x86)\Zero G Registry 2012-10-04 23:33 . 2012-10-04 23:33 -------- d--h--w- c:\users\Steffy\InstallAnywhere 2012-09-26 23:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 04:17 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-22 04:15 . 2012-09-22 04:15 -------- d-----w- c:\program files\iPod 2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files\iTunes 2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files (x86)\iTunes 2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-15 00:35 . 2010-01-19 14:06 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-10-11 07:09 . 2010-01-10 18:12 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 16:24 . 2012-04-21 01:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 16:24 . 2011-05-15 17:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-22 20:34 . 2011-03-31 03:21 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-08-22 18:12 . 2012-09-12 19:53 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 19:53 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 19:53 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 19:53 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 17:01 . 2010-01-19 14:06 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-21 17:01 . 2010-01-19 14:06 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-20 17:38 . 2012-10-10 17:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-12 19:53 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-12 19:53 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALconnect"="c:\users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2012-07-04 716416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2008-12-2 1728512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 14681688;14681688; [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-08-23 40320] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS [2012-07-28 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS [2012-08-08 1132192] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-14 1385120] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-08-07 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvia64.sys [2012-10-12 513184] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-10 397720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [2012-07-28 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS [2012-07-23 432800] S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [2012-08-29 143928] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2008-09-29 553472] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 16:24] . 2012-10-02 c:\windows\Tasks\HPCeeScheduleForSteffy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2012-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] . ------- Supplementary Scan ------- . uStart Page = hxxp://m.www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Steffy\AppData\Roaming\Mozilla\Firefox\Profiles\jn5yn95j.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - ExtSQL: !HIDDEN! 2010-01-11 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . SafeBoot-31664407.sys AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:48,2d,dc,c9,22,a7,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-17 12:05:22 ComboFix-quarantined-files.txt 2012-10-17 16:05 ComboFix2.txt 2012-10-16 04:06 . Pre-Run: 233,946,218,496 bytes free Post-Run: 233,911,283,712 bytes free . - - End Of File - - 321F895CD0D41949D4272D20E04BA651 Let me know what to do next. Thank you

Okay. I ran both and here are the results. There were 3 TDSSKiller logs produced so I've posted all 3 for you. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012 Ran by SYSTEM at 2012-10-16 23:45:09 Run:1 Running from J:\ ============================================== HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully. C:\Windows\svchost.exe moved successfully. ==== End of Fixlog ==== TDSSKiller.2.8.13.0_17.10.2012_00.16.08_log 00:16:08.0557 3424 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 00:16:11.0068 3424 ============================================================ 00:16:11.0068 3424 Current date / time: 2012/10/17 00:16:11.0068 00:16:11.0068 3424 SystemInfo: 00:16:11.0068 3424 00:16:11.0068 3424 OS Version: 6.1.7601 ServicePack: 1.0 00:16:11.0068 3424 Product type: Workstation 00:16:11.0068 3424 ComputerName: STEFFY-PC 00:16:11.0068 3424 UserName: Steffy 00:16:11.0068 3424 Windows directory: C:\Windows 00:16:11.0068 3424 System windows directory: C:\Windows 00:16:11.0068 3424 Running under WOW64 00:16:11.0068 3424 Processor architecture: Intel x64 00:16:11.0068 3424 Number of processors: 1 00:16:11.0068 3424 Page size: 0x1000 00:16:11.0068 3424 Boot type: Normal boot 00:16:11.0068 3424 ============================================================ 00:16:20.0794 3424 BG loaded 00:16:21.0758 3424 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 00:16:21.0991 3424 ============================================================ 00:16:21.0991 3424 \Device\Harddisk0\DR0: 00:16:21.0991 3424 MBR partitions: 00:16:21.0991 3424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:16:21.0992 3424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800 00:16:21.0992 3424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000 00:16:21.0992 3424 ============================================================ 00:16:22.0078 3424 C: <-> \Device\Harddisk0\DR0\Partition2 00:16:22.0282 3424 D: <-> \Device\Harddisk0\DR0\Partition3 00:16:22.0283 3424 ============================================================ 00:16:22.0283 3424 Initialize success 00:16:22.0283 3424 ============================================================ 00:16:51.0795 3392 Deinitialize success TDSSKiller.2.8.13.0_17.10.2012_00.12.46_log 00:12:46.0112 4588 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 00:12:46.0144 4588 ============================================================ 00:12:46.0144 4588 Current date / time: 2012/10/17 00:12:46.0144 00:12:46.0144 4588 SystemInfo: 00:12:46.0144 4588 00:12:46.0144 4588 OS Version: 6.1.7601 ServicePack: 1.0 00:12:46.0144 4588 Product type: Workstation 00:12:46.0144 4588 ComputerName: STEFFY-PC 00:12:46.0144 4588 UserName: Steffy 00:12:46.0144 4588 Windows directory: C:\Windows 00:12:46.0144 4588 System windows directory: C:\Windows 00:12:46.0144 4588 Running under WOW64 00:12:46.0144 4588 Processor architecture: Intel x64 00:12:46.0144 4588 Number of processors: 1 00:12:46.0144 4588 Page size: 0x1000 00:12:46.0144 4588 Boot type: Normal boot 00:12:46.0144 4588 ============================================================ 00:12:47.0953 4588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 00:12:47.0984 4588 ============================================================ 00:12:47.0984 4588 \Device\Harddisk0\DR0: 00:12:48.0000 4588 MBR partitions: 00:12:48.0000 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:12:48.0000 4588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800 00:12:48.0000 4588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000 00:12:48.0000 4588 ============================================================ 00:12:48.0094 4588 C: <-> \Device\Harddisk0\DR0\Partition2 00:12:48.0140 4588 D: <-> \Device\Harddisk0\DR0\Partition3 00:12:48.0140 4588 ============================================================ 00:12:48.0140 4588 Initialize success 00:12:48.0140 4588 ============================================================ 00:13:04.0505 3340 ============================================================ 00:13:04.0505 3340 Scan started 00:13:04.0505 3340 Mode: Manual; TDLFS; 00:13:04.0505 3340 ============================================================ 00:13:05.0550 3340 ================ Scan system memory ======================== 00:13:05.0550 3340 System memory - ok 00:13:05.0566 3340 ================ Scan services ============================= 00:13:05.0878 3340 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:13:05.0893 3340 1394ohci - ok 00:13:05.0940 3340 14681688 - ok 00:13:06.0002 3340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:13:06.0002 3340 ACPI - ok 00:13:06.0065 3340 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:13:06.0065 3340 AcpiPmi - ok 00:13:06.0190 3340 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:13:06.0190 3340 AdobeFlashPlayerUpdateSvc - ok 00:13:06.0252 3340 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:13:06.0268 3340 adp94xx - ok 00:13:06.0314 3340 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:13:06.0330 3340 adpahci - ok 00:13:06.0346 3340 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:13:06.0346 3340 adpu320 - ok 00:13:06.0392 3340 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:13:06.0392 3340 AeLookupSvc - ok 00:13:06.0439 3340 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 00:13:06.0455 3340 AFD - ok 00:13:06.0533 3340 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 00:13:06.0533 3340 AgereModemAudio - ok 00:13:06.0611 3340 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 00:13:06.0626 3340 AgereSoftModem - ok 00:13:06.0689 3340 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:13:06.0689 3340 agp440 - ok 00:13:06.0736 3340 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 00:13:06.0736 3340 ALG - ok 00:13:06.0782 3340 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 00:13:06.0782 3340 aliide - ok 00:13:06.0845 3340 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 00:13:06.0845 3340 amdide - ok 00:13:06.0907 3340 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:13:06.0907 3340 AmdK8 - ok 00:13:06.0923 3340 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:13:06.0923 3340 AmdPPM - ok 00:13:07.0001 3340 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:13:07.0001 3340 amdsata - ok 00:13:07.0032 3340 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:13:07.0048 3340 amdsbs - ok 00:13:07.0063 3340 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:13:07.0063 3340 amdxata - ok 00:13:07.0126 3340 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 00:13:07.0126 3340 AppID - ok 00:13:07.0157 3340 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:13:07.0157 3340 AppIDSvc - ok 00:13:07.0219 3340 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 00:13:07.0219 3340 Appinfo - ok 00:13:07.0360 3340 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:13:07.0360 3340 Apple Mobile Device - ok 00:13:07.0422 3340 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 00:13:07.0422 3340 arc - ok 00:13:07.0453 3340 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:13:07.0453 3340 arcsas - ok 00:13:07.0516 3340 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:13:07.0516 3340 AsyncMac - ok 00:13:07.0578 3340 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 00:13:07.0578 3340 atapi - ok 00:13:07.0640 3340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:13:07.0656 3340 AudioEndpointBuilder - ok 00:13:07.0672 3340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:13:07.0687 3340 AudioSrv - ok 00:13:07.0750 3340 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:13:07.0750 3340 AxInstSV - ok 00:13:07.0812 3340 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:13:07.0828 3340 b06bdrv - ok 00:13:07.0890 3340 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:13:07.0906 3340 b57nd60a - ok 00:13:07.0952 3340 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 00:13:07.0968 3340 BDESVC - ok 00:13:08.0015 3340 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 00:13:08.0015 3340 Beep - ok 00:13:08.0124 3340 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 00:13:08.0140 3340 BFE - ok 00:13:08.0389 3340 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys 00:13:08.0405 3340 BHDrvx64 - ok 00:13:08.0467 3340 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 00:13:08.0483 3340 BITS - ok 00:13:08.0545 3340 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:13:08.0545 3340 blbdrive - ok 00:13:08.0623 3340 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 00:13:08.0639 3340 Bonjour Service - ok 00:13:08.0686 3340 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:13:08.0686 3340 bowser - ok 00:13:08.0701 3340 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:13:08.0717 3340 BrFiltLo - ok 00:13:08.0732 3340 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:13:08.0748 3340 BrFiltUp - ok 00:13:08.0810 3340 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 00:13:08.0810 3340 BridgeMP - ok 00:13:08.0857 3340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 00:13:08.0857 3340 Browser - ok 00:13:08.0888 3340 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:13:08.0888 3340 Brserid - ok 00:13:08.0935 3340 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:13:08.0935 3340 BrSerWdm - ok 00:13:08.0966 3340 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 00:13:08.0966 3340 BrUsbMdm - ok 00:13:08.0982 3340 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:13:08.0982 3340 BrUsbSer - ok 00:13:08.0998 3340 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:13:08.0998 3340 BTHMODEM - ok 00:13:09.0060 3340 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 00:13:09.0076 3340 bthserv - ok 00:13:09.0107 3340 catchme - ok 00:13:09.0232 3340 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys 00:13:09.0247 3340 ccSet_N360 - ok 00:13:09.0294 3340 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:13:09.0310 3340 cdfs - ok 00:13:09.0372 3340 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 00:13:09.0388 3340 cdrom - ok 00:13:09.0434 3340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 00:13:09.0434 3340 CertPropSvc - ok 00:13:09.0497 3340 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:13:09.0497 3340 circlass - ok 00:13:09.0528 3340 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 00:13:09.0544 3340 CLFS - ok 00:13:09.0590 3340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:13:09.0590 3340 clr_optimization_v2.0.50727_32 - ok 00:13:09.0653 3340 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:13:09.0653 3340 clr_optimization_v2.0.50727_64 - ok 00:13:09.0762 3340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:13:09.0762 3340 clr_optimization_v4.0.30319_32 - ok 00:13:09.0793 3340 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:13:09.0793 3340 clr_optimization_v4.0.30319_64 - ok 00:13:09.0856 3340 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:13:09.0856 3340 CmBatt - ok 00:13:09.0887 3340 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:13:09.0902 3340 cmdide - ok 00:13:09.0949 3340 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 00:13:09.0949 3340 CNG - ok 00:13:09.0980 3340 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:13:09.0980 3340 Compbatt - ok 00:13:10.0043 3340 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:13:10.0043 3340 CompositeBus - ok 00:13:10.0074 3340 COMSysApp - ok 00:13:10.0121 3340 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:13:10.0121 3340 crcdisk - ok 00:13:10.0183 3340 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:13:10.0183 3340 CryptSvc - ok 00:13:10.0246 3340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:13:10.0261 3340 DcomLaunch - ok 00:13:10.0308 3340 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 00:13:10.0324 3340 defragsvc - ok 00:13:10.0370 3340 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:13:10.0370 3340 DfsC - ok 00:13:10.0464 3340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 00:13:10.0480 3340 Dhcp - ok 00:13:10.0511 3340 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 00:13:10.0511 3340 discache - ok 00:13:10.0573 3340 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:13:10.0573 3340 Disk - ok 00:13:10.0604 3340 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:13:10.0620 3340 Dnscache - ok 00:13:10.0682 3340 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:13:10.0682 3340 dot3svc - ok 00:13:10.0745 3340 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 00:13:10.0760 3340 Dot4 - ok 00:13:10.0807 3340 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 00:13:10.0823 3340 Dot4Print - ok 00:13:10.0901 3340 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 00:13:10.0901 3340 dot4usb - ok 00:13:10.0963 3340 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 00:13:10.0963 3340 DPS - ok 00:13:11.0010 3340 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:13:11.0010 3340 drmkaud - ok 00:13:11.0088 3340 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:13:11.0104 3340 DXGKrnl - ok 00:13:11.0150 3340 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 00:13:11.0150 3340 EapHost - ok 00:13:11.0260 3340 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:13:11.0291 3340 ebdrv - ok 00:13:11.0400 3340 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 00:13:11.0400 3340 eeCtrl - ok 00:13:11.0447 3340 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 00:13:11.0447 3340 EFS - ok 00:13:11.0556 3340 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:13:11.0572 3340 ehRecvr - ok 00:13:11.0618 3340 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 00:13:11.0634 3340 ehSched - ok 00:13:11.0712 3340 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:13:11.0728 3340 elxstor - ok 00:13:11.0821 3340 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 00:13:11.0821 3340 EraserUtilRebootDrv - ok 00:13:11.0868 3340 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:13:11.0868 3340 ErrDev - ok 00:13:11.0946 3340 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 00:13:11.0946 3340 EventSystem - ok 00:13:11.0993 3340 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 00:13:11.0993 3340 exfat - ok 00:13:12.0008 3340 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:13:12.0024 3340 fastfat - ok 00:13:12.0102 3340 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 00:13:12.0118 3340 Fax - ok 00:13:12.0149 3340 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:13:12.0149 3340 fdc - ok 00:13:12.0164 3340 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 00:13:12.0180 3340 fdPHost - ok 00:13:12.0196 3340 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 00:13:12.0196 3340 FDResPub - ok 00:13:12.0227 3340 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:13:12.0227 3340 FileInfo - ok 00:13:12.0258 3340 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:13:12.0258 3340 Filetrace - ok 00:13:12.0289 3340 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:13:12.0289 3340 flpydisk - ok 00:13:12.0352 3340 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:13:12.0352 3340 FltMgr - ok 00:13:12.0430 3340 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 00:13:12.0445 3340 FontCache - ok 00:13:12.0523 3340 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:13:12.0523 3340 FontCache3.0.0.0 - ok 00:13:12.0648 3340 [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe 00:13:12.0648 3340 FreeAgentGoNext Service - ok 00:13:12.0695 3340 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:13:12.0695 3340 FsDepends - ok 00:13:12.0757 3340 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 00:13:12.0757 3340 fssfltr - ok 00:13:12.0851 3340 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 00:13:12.0866 3340 fsssvc - ok 00:13:12.0913 3340 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:13:12.0913 3340 Fs_Rec - ok 00:13:12.0976 3340 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:13:12.0976 3340 fvevol - ok 00:13:13.0038 3340 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:13:13.0038 3340 gagp30kx - ok 00:13:13.0116 3340 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 00:13:13.0116 3340 GameConsoleService - ok 00:13:13.0163 3340 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 00:13:13.0163 3340 GEARAspiWDM - ok 00:13:13.0225 3340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 00:13:13.0241 3340 gpsvc - ok 00:13:13.0288 3340 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:13:13.0288 3340 hcw85cir - ok 00:13:13.0350 3340 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:13:13.0366 3340 HDAudBus - ok 00:13:13.0381 3340 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:13:13.0381 3340 HidBatt - ok 00:13:13.0412 3340 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:13:13.0412 3340 HidBth - ok 00:13:13.0459 3340 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:13:13.0459 3340 HidIr - ok 00:13:13.0475 3340 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 00:13:13.0490 3340 hidserv - ok 00:13:13.0537 3340 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 00:13:13.0537 3340 HidUsb - ok 00:13:13.0584 3340 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:13:13.0584 3340 hkmsvc - ok 00:13:13.0631 3340 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:13:13.0631 3340 HomeGroupListener - ok 00:13:13.0678 3340 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:13:13.0678 3340 HomeGroupProvider - ok 00:13:13.0802 3340 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 00:13:13.0818 3340 HP Support Assistant Service - ok 00:13:13.0943 3340 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 00:13:13.0958 3340 HPDrvMntSvc.exe - ok 00:13:14.0068 3340 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 00:13:14.0068 3340 hpqcxs08 - ok 00:13:14.0114 3340 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 00:13:14.0114 3340 hpqddsvc - ok 00:13:14.0208 3340 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 00:13:14.0224 3340 hpqwmiex - ok 00:13:14.0270 3340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:13:14.0286 3340 HpSAMD - ok 00:13:14.0348 3340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:13:14.0348 3340 HTTP - ok 00:13:14.0380 3340 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:13:14.0395 3340 hwpolicy - ok 00:13:14.0442 3340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:13:14.0442 3340 i8042prt - ok 00:13:14.0520 3340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:13:14.0536 3340 iaStorV - ok 00:13:14.0614 3340 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:13:14.0614 3340 idsvc - ok 00:13:14.0754 3340 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvia64.sys 00:13:14.0754 3340 IDSVia64 - ok 00:13:14.0816 3340 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:13:14.0816 3340 iirsp - ok 00:13:14.0879 3340 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 00:13:14.0894 3340 IKEEXT - ok 00:13:15.0050 3340 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 00:13:15.0066 3340 IntcAzAudAddService - ok 00:13:15.0097 3340 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 00:13:15.0097 3340 intelide - ok 00:13:15.0160 3340 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:13:15.0160 3340 intelppm - ok 00:13:15.0253 3340 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 00:13:15.0253 3340 IntuitUpdateService - ok 00:13:15.0378 3340 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 00:13:15.0378 3340 IntuitUpdateServiceV4 - ok 00:13:15.0425 3340 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:13:15.0425 3340 IPBusEnum - ok 00:13:15.0472 3340 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:13:15.0472 3340 IpFilterDriver - ok 00:13:15.0534 3340 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:13:15.0534 3340 iphlpsvc - ok 00:13:15.0581 3340 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:13:15.0581 3340 IPMIDRV - ok 00:13:15.0612 3340 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:13:15.0612 3340 IPNAT - ok 00:13:15.0706 3340 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 00:13:15.0706 3340 iPod Service - ok 00:13:15.0784 3340 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:13:15.0784 3340 IRENUM - ok 00:13:15.0846 3340 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:13:15.0862 3340 isapnp - ok 00:13:15.0971 3340 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 00:13:16.0033 3340 iScsiPrt - ok 00:13:16.0267 3340 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe 00:13:16.0283 3340 jswpsapi - ok 00:13:16.0345 3340 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 00:13:16.0345 3340 kbdclass - ok 00:13:16.0392 3340 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 00:13:16.0392 3340 kbdhid - ok 00:13:16.0408 3340 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 00:13:16.0408 3340 KeyIso - ok 00:13:16.0439 3340 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:13:16.0439 3340 KSecDD - ok 00:13:16.0470 3340 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:13:16.0470 3340 KSecPkg - ok 00:13:16.0532 3340 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:13:16.0532 3340 ksthunk - ok 00:13:16.0564 3340 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 00:13:16.0564 3340 KtmRm - ok 00:13:16.0642 3340 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 00:13:16.0642 3340 LanmanServer - ok 00:13:16.0688 3340 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:13:16.0704 3340 LanmanWorkstation - ok 00:13:16.0922 3340 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe 00:13:17.0016 3340 LeapFrog Connect Device Service - ok 00:13:17.0156 3340 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys 00:13:17.0156 3340 Leapfrog-USBLAN - ok 00:13:17.0234 3340 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 00:13:17.0234 3340 LightScribeService - ok 00:13:17.0297 3340 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:13:17.0297 3340 lltdio - ok 00:13:17.0359 3340 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:13:17.0375 3340 lltdsvc - ok 00:13:17.0406 3340 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:13:17.0406 3340 lmhosts - ok 00:13:17.0468 3340 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:13:17.0468 3340 LSI_FC - ok 00:13:17.0500 3340 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:13:17.0500 3340 LSI_SAS - ok 00:13:17.0515 3340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:13:17.0531 3340 LSI_SAS2 - ok 00:13:17.0546 3340 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:13:17.0546 3340 LSI_SCSI - ok 00:13:17.0593 3340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 00:13:17.0593 3340 luafv - ok 00:13:17.0624 3340 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:13:17.0640 3340 Mcx2Svc - ok 00:13:17.0656 3340 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:13:17.0671 3340 megasas - ok 00:13:17.0702 3340 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:13:17.0702 3340 MegaSR - ok 00:13:17.0796 3340 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 00:13:17.0812 3340 Microsoft Office Groove Audit Service - ok 00:13:17.0874 3340 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 00:13:17.0890 3340 MMCSS - ok 00:13:17.0936 3340 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 00:13:17.0936 3340 Modem - ok 00:13:17.0999 3340 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:13:17.0999 3340 monitor - ok 00:13:18.0061 3340 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 00:13:18.0061 3340 mouclass - ok 00:13:18.0124 3340 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:13:18.0124 3340 mouhid - ok 00:13:18.0170 3340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:13:18.0170 3340 mountmgr - ok 00:13:18.0217 3340 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 00:13:18.0217 3340 mpio - ok 00:13:18.0264 3340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:13:18.0264 3340 mpsdrv - ok 00:13:18.0326 3340 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:13:18.0342 3340 MpsSvc - ok 00:13:18.0420 3340 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:13:18.0420 3340 MRxDAV - ok 00:13:18.0482 3340 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:13:18.0482 3340 mrxsmb - ok 00:13:18.0529 3340 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:13:18.0529 3340 mrxsmb10 - ok 00:13:18.0560 3340 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:13:18.0560 3340 mrxsmb20 - ok 00:13:18.0607 3340 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 00:13:18.0607 3340 msahci - ok 00:13:18.0685 3340 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe 00:13:18.0685 3340 MSCamSvc - ok 00:13:18.0716 3340 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:13:18.0732 3340 msdsm - ok 00:13:18.0748 3340 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 00:13:18.0748 3340 MSDTC - ok 00:13:18.0826 3340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:13:18.0826 3340 Msfs - ok 00:13:18.0888 3340 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:13:18.0888 3340 mshidkmdf - ok 00:13:18.0935 3340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:13:18.0935 3340 msisadrv - ok 00:13:18.0997 3340 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:13:18.0997 3340 MSiSCSI - ok 00:13:19.0013 3340 msiserver - ok 00:13:19.0060 3340 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:13:19.0075 3340 MSKSSRV - ok 00:13:19.0091 3340 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:13:19.0091 3340 MSPCLOCK - ok 00:13:19.0106 3340 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:13:19.0106 3340 MSPQM - ok 00:13:19.0169 3340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:13:19.0169 3340 MsRPC - ok 00:13:19.0231 3340 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:13:19.0231 3340 mssmbios - ok 00:13:19.0278 3340 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:13:19.0278 3340 MSTEE - ok 00:13:19.0309 3340 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:13:19.0309 3340 MTConfig - ok 00:13:19.0340 3340 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 00:13:19.0340 3340 Mup - ok 00:13:19.0512 3340 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe 00:13:19.0528 3340 N360 - ok 00:13:19.0590 3340 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 00:13:19.0590 3340 napagent - ok 00:13:19.0652 3340 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:13:19.0668 3340 NativeWifiP - ok 00:13:19.0762 3340 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.009\ENG64.SYS 00:13:19.0762 3340 NAVENG - ok 00:13:19.0855 3340 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.009\EX64.SYS 00:13:19.0871 3340 NAVEX15 - ok 00:13:19.0949 3340 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:13:19.0964 3340 NDIS - ok 00:13:20.0042 3340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:13:20.0042 3340 NdisCap - ok 00:13:20.0105 3340 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:13:20.0105 3340 NdisTapi - ok 00:13:20.0183 3340 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:13:20.0183 3340 Ndisuio - ok 00:13:20.0230 3340 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:13:20.0230 3340 NdisWan - ok 00:13:20.0292 3340 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:13:20.0292 3340 NDProxy - ok 00:13:20.0354 3340 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 00:13:20.0354 3340 Net Driver HPZ12 - ok 00:13:20.0401 3340 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:13:20.0401 3340 NetBIOS - ok 00:13:20.0464 3340 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:13:20.0464 3340 NetBT - ok 00:13:20.0495 3340 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 00:13:20.0495 3340 Netlogon - ok 00:13:20.0557 3340 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 00:13:20.0557 3340 Netman - ok 00:13:20.0588 3340 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 00:13:20.0604 3340 netprofm - ok 00:13:20.0635 3340 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:13:20.0635 3340 NetTcpPortSharing - ok 00:13:20.0682 3340 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:13:20.0682 3340 nfrd960 - ok 00:13:20.0744 3340 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:13:20.0744 3340 NlaSvc - ok 00:13:20.0791 3340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:13:20.0791 3340 Npfs - ok 00:13:20.0822 3340 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 00:13:20.0822 3340 nsi - ok 00:13:20.0838 3340 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:13:20.0838 3340 nsiproxy - ok 00:13:20.0932 3340 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:13:20.0963 3340 Ntfs - ok 00:13:21.0025 3340 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 00:13:21.0025 3340 Null - ok 00:13:21.0431 3340 [ C967514483FA30A0A352E70BB6414D1D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 00:13:21.0540 3340 nvlddmkm - ok 00:13:21.0587 3340 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 00:13:21.0602 3340 NVNET - ok 00:13:21.0618 3340 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:13:21.0634 3340 nvraid - ok 00:13:21.0680 3340 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:13:21.0680 3340 nvstor - ok 00:13:21.0743 3340 [ 6BA747B1A9297A6C0271700D12FDD495 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 00:13:21.0743 3340 nvstor64 - ok 00:13:21.0805 3340 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:13:21.0805 3340 nv_agp - ok 00:13:21.0899 3340 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:13:21.0899 3340 odserv - ok 00:13:21.0946 3340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:13:21.0946 3340 ohci1394 - ok 00:13:22.0008 3340 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:13:22.0008 3340 ose - ok 00:13:22.0086 3340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:13:22.0086 3340 p2pimsvc - ok 00:13:22.0117 3340 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 00:13:22.0117 3340 p2psvc - ok 00:13:22.0148 3340 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:13:22.0164 3340 Parport - ok 00:13:22.0195 3340 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:13:22.0211 3340 partmgr - ok 00:13:22.0242 3340 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 00:13:22.0242 3340 PcaSvc - ok 00:13:22.0258 3340 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 00:13:22.0273 3340 pci - ok 00:13:22.0320 3340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 00:13:22.0320 3340 pciide - ok 00:13:22.0382 3340 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:13:22.0382 3340 pcmcia - ok 00:13:22.0429 3340 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 00:13:22.0429 3340 pcw - ok 00:13:22.0460 3340 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:13:22.0460 3340 PEAUTH - ok 00:13:22.0538 3340 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:13:22.0554 3340 PerfHost - ok 00:13:22.0632 3340 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 00:13:22.0648 3340 pla - ok 00:13:22.0710 3340 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:13:22.0726 3340 PlugPlay - ok 00:13:22.0788 3340 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 00:13:22.0804 3340 Pml Driver HPZ12 - ok 00:13:22.0835 3340 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:13:22.0850 3340 PNRPAutoReg - ok 00:13:22.0866 3340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:13:22.0882 3340 PNRPsvc - ok 00:13:22.0928 3340 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:13:22.0944 3340 PolicyAgent - ok 00:13:22.0975 3340 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 00:13:22.0991 3340 Power - ok 00:13:23.0069 3340 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:13:23.0084 3340 PptpMiniport - ok 00:13:23.0116 3340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:13:23.0116 3340 Processor - ok 00:13:23.0272 3340 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 00:13:23.0287 3340 ProfSvc - ok 00:13:23.0334 3340 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 00:13:23.0350 3340 ProtectedStorage - ok 00:13:23.0428 3340 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:13:23.0428 3340 Psched - ok 00:13:23.0490 3340 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:13:23.0506 3340 ql2300 - ok 00:13:23.0521 3340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:13:23.0521 3340 ql40xx - ok 00:13:23.0552 3340 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 00:13:23.0568 3340 QWAVE - ok 00:13:23.0599 3340 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:13:23.0599 3340 QWAVEdrv - ok 00:13:23.0740 3340 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys 00:13:23.0740 3340 RapportCerberus_42020 - ok 00:13:23.0833 3340 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 00:13:23.0833 3340 RapportEI64 - ok 00:13:23.0880 3340 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys 00:13:23.0880 3340 RapportKE64 - ok 00:13:23.0942 3340 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe 00:13:23.0958 3340 RapportMgmtService - ok 00:13:24.0052 3340 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 00:13:24.0052 3340 RapportPG64 - ok 00:13:24.0067 3340 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:13:24.0067 3340 RasAcd - ok 00:13:24.0114 3340 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:13:24.0114 3340 RasAgileVpn - ok 00:13:24.0161 3340 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 00:13:24.0161 3340 RasAuto - ok 00:13:24.0223 3340 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:13:24.0223 3340 Rasl2tp - ok 00:13:24.0270 3340 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 00:13:24.0270 3340 RasMan - ok 00:13:24.0348 3340 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:13:24.0348 3340 RasPppoe - ok 00:13:24.0395 3340 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:13:24.0395 3340 RasSstp - ok 00:13:24.0457 3340 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:13:24.0457 3340 rdbss - ok 00:13:24.0488 3340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:13:24.0488 3340 rdpbus - ok 00:13:24.0520 3340 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:13:24.0520 3340 RDPCDD - ok 00:13:24.0566 3340 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:13:24.0582 3340 RDPENCDD - ok 00:13:24.0598 3340 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:13:24.0598 3340 RDPREFMP - ok 00:13:24.0660 3340 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:13:24.0660 3340 RDPWD - ok 00:13:24.0722 3340 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:13:24.0738 3340 rdyboost - ok 00:13:24.0785 3340 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:13:24.0800 3340 RemoteAccess - ok 00:13:24.0847 3340 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:13:24.0847 3340 RemoteRegistry - ok 00:13:24.0894 3340 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:13:24.0910 3340 RpcEptMapper - ok 00:13:24.0925 3340 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 00:13:24.0925 3340 RpcLocator - ok 00:13:24.0988 3340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 00:13:25.0003 3340 RpcSs - ok 00:13:25.0050 3340 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:13:25.0066 3340 rspndr - ok 00:13:25.0081 3340 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 00:13:25.0081 3340 SamSs - ok 00:13:25.0128 3340 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:13:25.0128 3340 sbp2port - ok 00:13:25.0175 3340 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:13:25.0175 3340 SCardSvr - ok 00:13:25.0222 3340 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:13:25.0222 3340 scfilter - ok 00:13:25.0284 3340 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 00:13:25.0315 3340 Schedule - ok 00:13:25.0378 3340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 00:13:25.0378 3340 SCPolicySvc - ok 00:13:25.0440 3340 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:13:25.0456 3340 SDRSVC - ok 00:13:25.0549 3340 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 00:13:25.0565 3340 SeaPort - ok 00:13:25.0627 3340 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:13:25.0627 3340 secdrv - ok 00:13:25.0658 3340 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 00:13:25.0658 3340 seclogon - ok 00:13:25.0705 3340 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 00:13:25.0705 3340 SENS - ok 00:13:25.0752 3340 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:13:25.0752 3340 SensrSvc - ok 00:13:25.0783 3340 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:13:25.0783 3340 Serenum - ok 00:13:25.0814 3340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:13:25.0814 3340 Serial - ok 00:13:25.0877 3340 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:13:25.0877 3340 sermouse - ok 00:13:25.0986 3340 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 00:13:25.0986 3340 SessionEnv - ok 00:13:26.0017 3340 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:13:26.0017 3340 sffdisk - ok 00:13:26.0033 3340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:13:26.0048 3340 sffp_mmc - ok 00:13:26.0080 3340 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:13:26.0095 3340 sffp_sd - ok 00:13:26.0111 3340 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:13:26.0111 3340 sfloppy - ok 00:13:26.0173 3340 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:13:26.0173 3340 SharedAccess - ok 00:13:26.0236 3340 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:13:26.0282 3340 ShellHWDetection - ok 00:13:26.0470 3340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:13:26.0516 3340 SiSRaid2 - ok 00:13:26.0563 3340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:13:26.0563 3340 SiSRaid4 - ok 00:13:26.0641 3340 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:13:26.0641 3340 SkypeUpdate - ok 00:13:26.0704 3340 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:13:26.0704 3340 Smb - ok 00:13:26.0766 3340 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:13:26.0782 3340 SNMPTRAP - ok 00:13:26.0797 3340 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 00:13:26.0797 3340 spldr - ok 00:13:26.0860 3340 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 00:13:26.0875 3340 Spooler - ok 00:13:27.0000 3340 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 00:13:27.0047 3340 sppsvc - ok 00:13:27.0094 3340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:13:27.0094 3340 sppuinotify - ok 00:13:27.0218 3340 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS 00:13:27.0234 3340 SRTSP - ok 00:13:27.0312 3340 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS 00:13:27.0312 3340 SRTSPX - ok 00:13:27.0374 3340 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 00:13:27.0374 3340 srv - ok 00:13:27.0437 3340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:13:27.0452 3340 srv2 - ok 00:13:27.0484 3340 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:13:27.0499 3340 srvnet - ok 00:13:27.0562 3340 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:13:27.0562 3340 SSDPSRV - ok 00:13:27.0593 3340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:13:27.0593 3340 SstpSvc - ok 00:13:27.0624 3340 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:13:27.0624 3340 stexstor - ok 00:13:27.0686 3340 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 00:13:27.0686 3340 stisvc - ok 00:13:27.0733 3340 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 00:13:27.0733 3340 swenum - ok 00:13:27.0796 3340 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 00:13:27.0796 3340 swprv - ok 00:13:27.0889 3340 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe 00:13:27.0905 3340 Symantec RemoteAssist - ok 00:13:27.0967 3340 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS 00:13:27.0983 3340 SymDS - ok 00:13:28.0045 3340 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS 00:13:28.0061 3340 SymEFA - ok 00:13:28.0108 3340 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 00:13:28.0108 3340 SymEvent - ok 00:13:28.0139 3340 SYMFW - ok 00:13:28.0201 3340 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS 00:13:28.0201 3340 SymIRON - ok 00:13:28.0217 3340 SYMNDISV - ok 00:13:28.0264 3340 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS 00:13:28.0279 3340 SymNetS - ok 00:13:28.0373 3340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 00:13:28.0388 3340 SysMain - ok 00:13:28.0435 3340 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:13:28.0435 3340 TabletInputService - ok 00:13:28.0466 3340 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:13:28.0466 3340 TapiSrv - ok 00:13:28.0498 3340 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 00:13:28.0513 3340 TBS - ok 00:13:28.0591 3340 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:13:28.0622 3340 Tcpip - ok 00:13:28.0685 3340 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:13:28.0700 3340 TCPIP6 - ok 00:13:28.0747 3340 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:13:28.0763 3340 tcpipreg - ok 00:13:28.0794 3340 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:13:28.0794 3340 TDPIPE - ok 00:13:28.0825 3340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:13:28.0825 3340 TDTCP - ok 00:13:28.0888 3340 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:13:28.0888 3340 tdx - ok 00:13:28.0934 3340 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 00:13:28.0934 3340 TermDD - ok 00:13:28.0997 3340 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 00:13:28.0997 3340 TermService - ok 00:13:29.0044 3340 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 00:13:29.0044 3340 Themes - ok 00:13:29.0075 3340 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 00:13:29.0075 3340 THREADORDER - ok 00:13:29.0122 3340 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 00:13:29.0122 3340 TrkWks - ok 00:13:29.0200 3340 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:13:29.0215 3340 TrustedInstaller - ok 00:13:29.0293 3340 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:13:29.0293 3340 tssecsrv - ok 00:13:29.0340 3340 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:13:29.0340 3340 TsUsbFlt - ok 00:13:29.0465 3340 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:13:29.0480 3340 tunnel - ok 00:13:29.0512 3340 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:13:29.0512 3340 uagp35 - ok 00:13:29.0574 3340 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:13:29.0574 3340 udfs - ok 00:13:29.0621 3340 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:13:29.0621 3340 UI0Detect - ok 00:13:29.0668 3340 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:13:29.0668 3340 uliagpkx - ok 00:13:29.0714 3340 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 00:13:29.0714 3340 umbus - ok 00:13:29.0746 3340 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:13:29.0746 3340 UmPass - ok 00:13:29.0792 3340 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 00:13:29.0792 3340 upnphost - ok 00:13:29.0855 3340 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 00:13:29.0870 3340 USBAAPL64 - ok 00:13:29.0948 3340 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 00:13:29.0948 3340 usbaudio - ok 00:13:30.0026 3340 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:13:30.0026 3340 usbccgp - ok 00:13:30.0073 3340 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:13:30.0073 3340 usbcir - ok 00:13:30.0120 3340 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 00:13:30.0120 3340 usbehci - ok 00:13:30.0182 3340 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:13:30.0182 3340 usbhub - ok 00:13:30.0229 3340 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 00:13:30.0229 3340 usbohci - ok 00:13:30.0276 3340 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:13:30.0292 3340 usbprint - ok 00:13:30.0307 3340 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 00:13:30.0323 3340 usbscan - ok 00:13:30.0338 3340 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:13:30.0338 3340 USBSTOR - ok 00:13:30.0385 3340 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 00:13:30.0385 3340 usbuhci - ok 00:13:30.0416 3340 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 00:13:30.0416 3340 UxSms - ok 00:13:30.0432 3340 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 00:13:30.0448 3340 VaultSvc - ok 00:13:30.0510 3340 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:13:30.0526 3340 vdrvroot - ok 00:13:30.0604 3340 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 00:13:30.0619 3340 vds - ok 00:13:30.0666 3340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:13:30.0666 3340 vga - ok 00:13:30.0697 3340 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 00:13:30.0697 3340 VgaSave - ok 00:13:30.0728 3340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:13:30.0744 3340 vhdmp - ok 00:13:30.0775 3340 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 00:13:30.0775 3340 viaide - ok 00:13:30.0806 3340 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:13:30.0806 3340 volmgr - ok 00:13:30.0853 3340 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:13:30.0853 3340 volmgrx - ok 00:13:30.0884 3340 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:13:30.0884 3340 volsnap - ok 00:13:30.0947 3340 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:13:30.0947 3340 vsmraid - ok 00:13:31.0025 3340 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 00:13:31.0056 3340 VSS - ok 00:13:31.0087 3340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 00:13:31.0087 3340 vwifibus - ok 00:13:31.0212 3340 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys 00:13:31.0243 3340 VX3000 - ok 00:13:31.0306 3340 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 00:13:31.0306 3340 W32Time - ok 00:13:31.0352 3340 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:13:31.0352 3340 WacomPen - ok 00:13:31.0415 3340 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:13:31.0415 3340 WANARP - ok 00:13:31.0430 3340 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:13:31.0430 3340 Wanarpv6 - ok 00:13:31.0555 3340 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 00:13:31.0571 3340 WatAdminSvc - ok 00:13:31.0649 3340 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 00:13:31.0664 3340 wbengine - ok 00:13:31.0696 3340 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:13:31.0711 3340 WbioSrvc - ok 00:13:31.0758 3340 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:13:31.0774 3340 wcncsvc - ok 00:13:31.0820 3340 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:13:31.0836 3340 WcsPlugInService - ok 00:13:31.0867 3340 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:13:31.0867 3340 Wd - ok 00:13:31.0930 3340 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:13:31.0930 3340 Wdf01000 - ok 00:13:31.0961 3340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:13:31.0961 3340 WdiServiceHost - ok 00:13:31.0976 3340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:13:31.0976 3340 WdiSystemHost - ok 00:13:32.0023 3340 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 00:13:32.0039 3340 WebClient - ok 00:13:32.0070 3340 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:13:32.0070 3340 Wecsvc - ok 00:13:32.0086 3340 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:13:32.0101 3340 wercplsupport - ok 00:13:32.0148 3340 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 00:13:32.0148 3340 WerSvc - ok 00:13:32.0210 3340 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:13:32.0210 3340 WfpLwf - ok 00:13:32.0226 3340 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:13:32.0226 3340 WIMMount - ok 00:13:32.0257 3340 WinDefend - ok 00:13:32.0273 3340 WinHttpAutoProxySvc - ok 00:13:32.0320 3340 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:13:32.0335 3340 Winmgmt - ok 00:13:32.0444 3340 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 00:13:32.0476 3340 WinRM - ok 00:13:32.0585 3340 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 00:13:32.0585 3340 WinUsb - ok 00:13:32.0632 3340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 00:13:32.0647 3340 Wlansvc - ok 00:13:32.0725 3340 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 00:13:32.0725 3340 wlcrasvc - ok 00:13:32.0866 3340 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:13:32.0897 3340 wlidsvc - ok 00:13:32.0944 3340 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:13:32.0944 3340 WmiAcpi - ok 00:13:32.0975 3340 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:13:32.0975 3340 wmiApSrv - ok 00:13:33.0037 3340 WMPNetworkSvc - ok 00:13:33.0115 3340 [ AE06D75F402DE21C922BCECB30F8FB50 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2x.sys 00:13:33.0115 3340 WN111v2 - ok 00:13:33.0146 3340 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:13:33.0162 3340 WPCSvc - ok 00:13:33.0209 3340 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:13:33.0209 3340 WPDBusEnum - ok 00:13:33.0240 3340 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:13:33.0240 3340 ws2ifsl - ok 00:13:33.0302 3340 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 00:13:33.0318 3340 wscsvc - ok 00:13:33.0349 3340 WSearch - ok 00:13:33.0677 3340 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 00:13:33.0708 3340 wuauserv - ok 00:13:33.0724 3340 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:13:33.0739 3340 WudfPf - ok 00:13:33.0802 3340 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:13:33.0802 3340 WUDFRd - ok 00:13:33.0848 3340 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:13:33.0864 3340 wudfsvc - ok 00:13:33.0895 3340 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 00:13:33.0895 3340 WwanSvc - ok 00:13:33.0958 3340 ================ Scan global =============================== 00:13:33.0989 3340 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 00:13:34.0036 3340 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 00:13:34.0051 3340 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 00:13:34.0082 3340 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 00:13:34.0098 3340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 00:13:34.0114 3340 [Global] - ok 00:13:34.0114 3340 ================ Scan MBR ================================== 00:13:34.0129 3340 [ 7776D739BFD97B30B095C7D4B834C04C ] \Device\Harddisk0\DR0 00:13:34.0129 3340 Suspicious mbr (Forged): \Device\Harddisk0\DR0 00:13:34.0192 3340 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 00:13:34.0192 3340 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 00:13:34.0238 3340 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 00:13:34.0238 3340 \Device\Harddisk0\DR0 - detected TDSS File System (1) 00:13:34.0254 3340 ================ Scan VBR ================================== 00:13:34.0254 3340 [ 20D218B71287C01B0817F27ABF3AC4BC ] \Device\Harddisk0\DR0\Partition1 00:13:34.0254 3340 \Device\Harddisk0\DR0\Partition1 - ok 00:13:34.0301 3340 [ 7A6424EA9E4D5582E37F247F5E00541D ] \Device\Harddisk0\DR0\Partition2 00:13:34.0301 3340 \Device\Harddisk0\DR0\Partition2 - ok 00:13:34.0348 3340 [ E5F490D53C7C27E497FECD887F8BAD12 ] \Device\Harddisk0\DR0\Partition3 00:13:34.0348 3340 \Device\Harddisk0\DR0\Partition3 - ok 00:13:34.0348 3340 ============================================================ 00:13:34.0348 3340 Scan finished 00:13:34.0348 3340 ============================================================ 00:13:34.0363 5012 Detected object count: 2 00:13:34.0363 5012 Actual detected object count: 2 00:13:48.0773 5012 \Device\Harddisk0\DR0\# - copied to quarantine 00:13:48.0789 5012 \Device\Harddisk0\DR0 - copied to quarantine 00:13:48.0820 5012 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 00:13:48.0835 5012 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 00:13:48.0882 5012 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 00:13:48.0929 5012 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 00:13:48.0945 5012 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 00:13:48.0960 5012 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 00:13:48.0976 5012 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 00:13:48.0991 5012 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 00:13:49.0007 5012 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 00:13:49.0069 5012 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 00:13:49.0085 5012 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 00:13:49.0116 5012 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 00:13:49.0147 5012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 00:13:49.0147 5012 \Device\Harddisk0\DR0 - ok 00:13:49.0740 5012 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 00:13:49.0756 5012 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 00:13:49.0756 5012 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 00:13:57.0384 5080 Deinitialize success TDSSKiller.2.8.13.0_17.10.2012_00.10.04_log 00:10:04.0650 5072 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 00:10:06.0655 5072 ============================================================ 00:10:06.0655 5072 Current date / time: 2012/10/17 00:10:06.0655 00:10:06.0655 5072 SystemInfo: 00:10:06.0655 5072 00:10:06.0655 5072 OS Version: 6.1.7601 ServicePack: 1.0 00:10:06.0655 5072 Product type: Workstation 00:10:06.0656 5072 ComputerName: STEFFY-PC 00:10:06.0677 5072 UserName: Steffy 00:10:06.0677 5072 Windows directory: C:\Windows 00:10:06.0677 5072 System windows directory: C:\Windows 00:10:06.0677 5072 Running under WOW64 00:10:06.0677 5072 Processor architecture: Intel x64 00:10:06.0677 5072 Number of processors: 1 00:10:06.0677 5072 Page size: 0x1000 00:10:06.0677 5072 Boot type: Normal boot 00:10:06.0677 5072 ============================================================ 00:10:08.0839 5072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 00:10:08.0873 5072 ============================================================ 00:10:08.0873 5072 \Device\Harddisk0\DR0: 00:10:08.0874 5072 MBR partitions: 00:10:08.0874 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:10:08.0874 5072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800 00:10:08.0874 5072 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000 00:10:08.0874 5072 ============================================================ 00:10:08.0905 5072 C: <-> \Device\Harddisk0\DR0\Partition2 00:10:08.0962 5072 D: <-> \Device\Harddisk0\DR0\Partition3 00:10:08.0962 5072 ============================================================ 00:10:08.0963 5072 Initialize success 00:10:08.0963 5072 ============================================================ 00:10:22.0100 5216 Deinitialize success Please advise what to do next. thank you so much for your continued attention to this

Well that proved challenging. Had a hard time getting to System Recovery Options - kept getting blue screen. But finally got it and ran the scan - see log below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012 Ran by SYSTEM at 16-10-2012 20:35:38 Running from J:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-05-01] (Seagate LLC) HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Steffy\...\Run: [ALconnect] C:\Users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [716416 2012-07-04] (Koninklijke Philips Electronics N.V.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR) ==================== Services (Whitelisted) =================== 3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-28] (Atheros Communications, Inc.) 2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll" /prefetch:1 [531864 2012-08-21] (Symantec Corporation) 2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-22] (Trusteer Ltd.) 3 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.) ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-09-13] (Symantec Corporation) 1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSvia64.sys [513184 2012-10-12] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.002\ENG64.SYS [126112 2012-10-15] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121016.002\EX64.SYS [2084000 2012-10-15] (Symantec Corporation) 1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-10] () 1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-22] (Trusteer Ltd.) 0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-22] (Trusteer Ltd.) 1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-22] (Trusteer Ltd.) 3 SRTSP; C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS [776352 2012-08-10] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\N360x64\1401010.002\SYMDS64.SYS [493216 2012-07-27] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\N360x64\1401010.002\SYMEFA64.SYS [1132192 2012-08-07] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-10-14] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation) 3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation) 3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.) 3 14681688; [x] 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [x] 3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-10-16 20:35 - 2012-10-16 20:35 - 00000000 ____D C:\FRST 2012-10-16 15:41 - 2012-10-16 15:41 - 00282080 ____A C:\Windows\Minidump\101612-34164-01.dmp 2012-10-16 15:32 - 2012-10-16 15:32 - 00282240 ____A C:\Windows\Minidump\101612-21949-01.dmp 2012-10-16 15:08 - 2012-10-16 15:08 - 01458573 ____A (Farbar) C:\Users\Steffy\Desktop\FRST64.exe 2012-10-16 10:25 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-10-16 10:24 - 2012-10-16 10:25 - 00288600 ____A C:\Windows\Minidump\101612-44257-01.dmp 2012-10-15 21:45 - 2012-10-15 21:46 - 00286416 ____A C:\Windows\Minidump\101612-46862-01.dmp 2012-10-15 20:11 - 2012-10-15 20:11 - 00022045 ____A C:\Users\Steffy\Desktop\combofix.txt 2012-10-15 20:06 - 2012-10-15 20:06 - 00022045 ____A C:\ComboFix.txt 2012-10-15 19:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-10-15 19:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-10-15 19:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-10-15 19:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-10-15 19:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-10-15 19:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-10-15 19:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-10-15 19:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-10-15 19:29 - 2012-10-15 20:07 - 00000000 ____D C:\Qoobox 2012-10-15 19:27 - 2012-10-15 20:02 - 00000000 ____D C:\Windows\erdnt 2012-10-15 19:23 - 2012-10-15 19:24 - 00296480 ____A C:\Windows\Minidump\101512-47361-01.dmp 2012-10-15 19:21 - 2012-10-15 19:21 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-10-15 19:17 - 2012-10-15 19:18 - 00000000 ____D C:\Users\Steffy\Desktop\tdsskiller 2012-10-15 19:15 - 2012-10-15 19:15 - 04980596 ____R (Swearware) C:\Users\Steffy\Desktop\ComboFix.exe 2012-10-15 19:15 - 2012-10-15 19:15 - 02194704 ____A C:\Users\Steffy\Desktop\tdsskiller.zip 2012-10-15 18:36 - 2012-10-15 18:36 - 00001840 ____A C:\Users\Steffy\Desktop\aswMBR.txt 2012-10-15 18:36 - 2012-10-15 18:36 - 00000512 ____A C:\Users\Steffy\Desktop\MBR.dat 2012-10-15 18:32 - 2012-10-15 18:33 - 04731392 ____A (AVAST Software) C:\Users\Steffy\Desktop\aswMBR.exe 2012-10-15 17:41 - 2012-10-15 17:41 - 00022751 ____A C:\Users\Steffy\Desktop\attach.txt 2012-10-15 17:41 - 2012-10-15 17:41 - 00020616 ____A C:\Users\Steffy\Desktop\dds.txt 2012-10-15 17:34 - 2012-10-15 17:34 - 00706431 ____R (Swearware) C:\Users\Steffy\Desktop\dds.scr 2012-10-15 17:10 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-10-15 17:09 - 2012-10-15 17:09 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Steffy\Desktop\mbam-setup-1.65.0.1400.exe 2012-10-15 17:04 - 2012-10-15 17:04 - 00288120 ____A C:\Windows\Minidump\101512-33087-01.dmp 2012-10-15 16:37 - 2012-10-15 16:37 - 00287384 ____A C:\Windows\Minidump\101512-90028-01.dmp 2012-10-15 12:55 - 2012-10-15 17:10 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-10-15 12:13 - 2012-10-15 12:13 - 00283144 ____A C:\Windows\Minidump\101512-87329-01.dmp 2012-10-15 06:38 - 2012-10-15 06:38 - 00000000 ____D C:\Users\Steffy\AppData\Roaming\Malwarebytes 2012-10-15 06:37 - 2012-10-15 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-15 06:37 - 2012-10-15 06:37 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-10-14 22:17 - 2012-10-14 22:18 - 00282240 ____A C:\Windows\Minidump\101512-103319-01.dmp 2012-10-14 22:10 - 2012-10-14 22:10 - 00282240 ____A C:\Windows\Minidump\101512-95753-01.dmp 2012-10-14 21:58 - 2012-10-14 21:59 - 00290712 ____A C:\Windows\Minidump\101512-98374-01.dmp 2012-10-14 21:06 - 2012-10-14 21:06 - 00000000 ____D C:\Users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-10-14 17:12 - 2012-10-14 17:12 - 00286864 ____A C:\Windows\Minidump\101412-35303-01.dmp 2012-10-14 16:18 - 2012-10-14 16:18 - 00002052 ____A C:\Windows\epplauncher.mif 2012-10-14 15:47 - 2012-10-14 15:47 - 13529576 ____A (Microsoft Corporation) C:\Users\Steffy\Desktop\mseinstall.exe 2012-10-14 15:21 - 2012-10-15 05:54 - 00000000 ____D C:\Users\Steffy\AppData\Local\NPE 2012-10-14 10:27 - 2012-10-14 15:20 - 02957840 ____A (Symantec Corporation) C:\Users\Steffy\Desktop\NPE.exe 2012-10-13 19:02 - 2012-10-13 19:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2012-10-13 19:00 - 2009-07-30 19:48 - 00704000 ____A (NVIDIA Corporation) C:\Windows\System32\cohelper.dll 2012-10-13 19:00 - 2009-07-30 19:39 - 00006136 ____A C:\Windows\System32\Drivers\nvphy.bin 2012-10-13 18:59 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-10-13 18:59 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2012-10-13 07:05 - 2012-10-13 07:05 - 01108944 ____A C:\Windows\Minidump\101312-48485-01.dmp 2012-10-10 09:52 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-10-10 09:52 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-10-10 09:39 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-10-10 09:39 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-10-10 09:39 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-10-10 09:39 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-10-10 09:39 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-10-10 09:39 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-10-10 09:39 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-10-10 09:39 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-10-10 09:38 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-10-10 09:37 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-10-10 09:37 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-10-10 09:37 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-10-10 09:37 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-10-10 09:37 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-10-10 09:37 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-10-10 09:37 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-10-10 09:37 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-10-10 09:37 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-10-10 09:37 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-10-10 09:37 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-10-10 09:37 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-10-10 09:37 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-10-10 09:37 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-10-10 09:37 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-10 09:37 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-10-10 09:34 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-10-10 09:34 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-10-06 07:36 - 2012-10-06 07:37 - 01175400 ____A C:\Windows\Minidump\100612-57923-01.dmp 2012-10-05 17:29 - 2012-10-05 17:29 - 00292416 ____A C:\Windows\Minidump\100512-56706-01.dmp 2012-10-04 15:34 - 2012-10-05 20:47 - 00000000 ____D C:\Program Files (x86)\Pyware iPAS 2012-10-04 15:34 - 2012-10-04 15:34 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry 2012-10-04 15:33 - 2012-10-04 15:33 - 00000000 ___HD C:\Users\Steffy\InstallAnywhere 2012-09-26 15:19 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-09-24 05:17 - 2012-09-24 05:17 - 01218760 ____A C:\Windows\Minidump\092412-23727-01.dmp 2012-09-21 21:28 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-21 21:28 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-21 21:28 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-21 21:28 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-21 21:28 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-21 21:28 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-21 21:28 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-21 21:28 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-21 21:28 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-21 21:28 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-21 21:28 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-21 21:28 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-21 21:28 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-21 21:28 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-21 21:28 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-21 21:28 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-21 21:28 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-21 21:28 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-21 21:28 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-21 21:28 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-21 21:28 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-21 21:28 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-21 21:28 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-21 21:28 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-21 21:28 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-21 21:28 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-21 21:28 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-21 21:28 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-21 21:28 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-21 21:28 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-21 21:28 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-21 21:28 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-21 20:17 - 2012-09-21 20:17 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-09-21 20:17 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2012-09-21 20:15 - 2012-09-21 20:17 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-21 20:15 - 2012-09-21 20:17 - 00000000 ____D C:\Program Files\iTunes 2012-09-21 20:15 - 2012-09-21 20:17 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-09-21 20:15 - 2012-09-21 20:15 - 00000000 ____D C:\Program Files\iPod 2012-09-18 17:55 - 2012-09-18 17:55 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== 3 Months Modified Files ================== 2012-10-16 16:25 - 2012-06-29 06:06 - 00008187 ____A C:\Windows\setupact.log 2012-10-16 16:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-16 15:45 - 2009-07-13 21:13 - 00732638 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-16 15:41 - 2012-10-16 15:41 - 00282080 ____A C:\Windows\Minidump\101612-34164-01.dmp 2012-10-16 15:41 - 2012-07-19 20:28 - 387813058 ____A C:\Windows\MEMORY.DMP 2012-10-16 15:39 - 2009-08-21 11:37 - 01933386 ____A C:\Windows\WindowsUpdate.log 2012-10-16 15:32 - 2012-10-16 15:32 - 00282240 ____A C:\Windows\Minidump\101612-21949-01.dmp 2012-10-16 15:24 - 2012-07-29 04:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-10-16 15:08 - 2012-10-16 15:08 - 01458573 ____A (Farbar) C:\Users\Steffy\Desktop\FRST64.exe 2012-10-16 10:38 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-16 10:38 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-16 10:25 - 2012-10-16 10:24 - 00288600 ____A C:\Windows\Minidump\101612-44257-01.dmp 2012-10-16 10:24 - 2009-08-15 10:22 - 02288380 ____A C:\Windows\PFRO.log 2012-10-15 21:46 - 2012-10-15 21:45 - 00286416 ____A C:\Windows\Minidump\101612-46862-01.dmp 2012-10-15 20:11 - 2012-10-15 20:11 - 00022045 ____A C:\Users\Steffy\Desktop\combofix.txt 2012-10-15 20:06 - 2012-10-15 20:06 - 00022045 ____A C:\ComboFix.txt 2012-10-15 19:56 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-10-15 19:54 - 2009-07-13 18:34 - 79953920 ____A C:\Windows\System32\config\software.bak 2012-10-15 19:54 - 2009-07-13 18:34 - 15728640 ____A C:\Windows\System32\config\system.bak 2012-10-15 19:54 - 2009-07-13 18:34 - 00786432 ____A C:\Windows\System32\config\default.bak 2012-10-15 19:54 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak 2012-10-15 19:54 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak 2012-10-15 19:24 - 2012-10-15 19:23 - 00296480 ____A C:\Windows\Minidump\101512-47361-01.dmp 2012-10-15 19:15 - 2012-10-15 19:15 - 04980596 ____R (Swearware) C:\Users\Steffy\Desktop\ComboFix.exe 2012-10-15 19:15 - 2012-10-15 19:15 - 02194704 ____A C:\Users\Steffy\Desktop\tdsskiller.zip 2012-10-15 18:36 - 2012-10-15 18:36 - 00001840 ____A C:\Users\Steffy\Desktop\aswMBR.txt 2012-10-15 18:36 - 2012-10-15 18:36 - 00000512 ____A C:\Users\Steffy\Desktop\MBR.dat 2012-10-15 18:33 - 2012-10-15 18:32 - 04731392 ____A (AVAST Software) C:\Users\Steffy\Desktop\aswMBR.exe 2012-10-15 17:41 - 2012-10-15 17:41 - 00022751 ____A C:\Users\Steffy\Desktop\attach.txt 2012-10-15 17:41 - 2012-10-15 17:41 - 00020616 ____A C:\Users\Steffy\Desktop\dds.txt 2012-10-15 17:34 - 2012-10-15 17:34 - 00706431 ____R (Swearware) C:\Users\Steffy\Desktop\dds.scr 2012-10-15 17:10 - 2012-10-15 12:55 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-10-15 17:09 - 2012-10-15 17:09 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Steffy\Desktop\mbam-setup-1.65.0.1400.exe 2012-10-15 17:04 - 2012-10-15 17:04 - 00288120 ____A C:\Windows\Minidump\101512-33087-01.dmp 2012-10-15 16:37 - 2012-10-15 16:37 - 00287384 ____A C:\Windows\Minidump\101512-90028-01.dmp 2012-10-15 12:13 - 2012-10-15 12:13 - 00283144 ____A C:\Windows\Minidump\101512-87329-01.dmp 2012-10-14 22:18 - 2012-10-14 22:17 - 00282240 ____A C:\Windows\Minidump\101512-103319-01.dmp 2012-10-14 22:10 - 2012-10-14 22:10 - 00282240 ____A C:\Windows\Minidump\101512-95753-01.dmp 2012-10-14 21:59 - 2012-10-14 21:58 - 00290712 ____A C:\Windows\Minidump\101512-98374-01.dmp 2012-10-14 17:12 - 2012-10-14 17:12 - 00286864 ____A C:\Windows\Minidump\101412-35303-01.dmp 2012-10-14 16:41 - 2011-01-11 13:22 - 00001262 ____A C:\Users\Steffy\Desktop\Norton Installation Files.lnk 2012-10-14 16:35 - 2010-01-19 06:06 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2012-10-14 16:35 - 2010-01-19 06:06 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2012-10-14 16:18 - 2012-10-14 16:18 - 00002052 ____A C:\Windows\epplauncher.mif 2012-10-14 15:47 - 2012-10-14 15:47 - 13529576 ____A (Microsoft Corporation) C:\Users\Steffy\Desktop\mseinstall.exe 2012-10-14 15:20 - 2012-10-14 10:27 - 02957840 ____A (Symantec Corporation) C:\Users\Steffy\Desktop\NPE.exe 2012-10-13 07:05 - 2012-10-13 07:05 - 01108944 ____A C:\Windows\Minidump\101312-48485-01.dmp 2012-10-10 23:09 - 2010-01-10 10:12 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-10-10 13:58 - 2010-01-11 16:32 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-10-09 08:24 - 2012-04-20 17:33 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-10-09 08:24 - 2011-05-15 09:22 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-10-06 07:37 - 2012-10-06 07:36 - 01175400 ____A C:\Windows\Minidump\100612-57923-01.dmp 2012-10-05 17:29 - 2012-10-05 17:29 - 00292416 ____A C:\Windows\Minidump\100512-56706-01.dmp 2012-10-02 06:19 - 2012-05-09 14:52 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForSteffy.job 2012-09-25 08:32 - 2009-07-13 21:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-24 05:17 - 2012-09-24 05:17 - 01218760 ____A C:\Windows\Minidump\092412-23727-01.dmp 2012-09-22 12:34 - 2011-03-30 19:21 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys 2012-09-21 20:17 - 2012-09-21 20:17 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-09-18 17:55 - 2011-12-19 11:52 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-09-14 11:19 - 2012-10-10 09:52 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-09-14 10:28 - 2012-10-10 09:52 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-09-07 13:04 - 2012-10-15 17:10 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-01 19:11 - 2012-01-19 17:27 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-08-31 10:19 - 2012-10-10 09:38 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-08-31 10:00 - 2010-01-09 12:33 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2012-08-29 06:00 - 2012-01-16 21:12 - 00010191 ____A C:\Users\Steffy\Documents\Budget2012.xlsx 2012-08-24 10:05 - 2012-10-10 09:34 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-08-24 08:57 - 2012-10-10 09:34 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-08-24 03:15 - 2012-09-21 21:28 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-21 21:28 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-21 21:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-21 21:28 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-21 21:28 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-21 21:28 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-21 21:28 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-21 21:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-21 21:28 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-21 21:28 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-21 21:28 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-21 21:28 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-21 21:28 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-21 21:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-21 21:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-21 21:28 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-21 21:28 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-21 21:28 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-21 21:28 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-21 21:28 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-21 21:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-21 21:28 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-21 21:28 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-21 21:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-21 21:28 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-21 21:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-21 21:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-21 21:28 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-21 21:28 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:44 - 2012-09-21 21:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:43 - 2012-09-21 21:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-21 21:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-22 10:12 - 2012-09-12 11:53 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-12 11:53 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 10:12 - 2012-09-12 11:53 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-12 11:53 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-21 13:01 - 2012-09-26 15:19 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-08-21 09:01 - 2012-09-21 20:17 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2012-08-21 09:01 - 2010-01-19 06:06 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll 2012-08-21 09:01 - 2010-01-19 06:06 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-08-20 10:48 - 2012-10-10 09:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-08-20 10:46 - 2012-10-10 09:37 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-08-20 10:38 - 2012-10-10 09:37 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 10:38 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 09:40 - 2012-10-10 09:37 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-08-20 09:38 - 2012-10-10 09:37 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-08-20 09:37 - 2012-10-10 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-08-20 09:37 - 2012-10-10 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-08-20 09:37 - 2012-10-10 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 09:32 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 07:38 - 2012-10-10 09:37 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-08-20 07:38 - 2012-10-10 09:37 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-08-20 07:33 - 2012-10-10 09:37 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 07:33 - 2012-10-10 09:37 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 07:33 - 2012-10-10 09:37 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 07:33 - 2012-10-10 09:37 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-08-16 05:18 - 2009-07-13 20:45 - 00440552 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-13 10:55 - 2012-08-13 10:53 - 01325320 ____A C:\Windows\Minidump\081312-26832-01.dmp 2012-08-11 08:41 - 2012-08-11 08:40 - 01236704 ____A C:\Windows\Minidump\081112-51995-01.dmp 2012-08-10 16:56 - 2012-10-10 09:39 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-08-10 15:56 - 2012-10-10 09:39 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-08-02 09:58 - 2012-09-12 11:53 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 08:57 - 2012-09-12 11:53 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-29 04:14 - 2012-07-29 04:13 - 01234616 ____A C:\Windows\Minidump\072912-26348-01.dmp 2012-07-25 13:31 - 2011-11-02 07:48 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-07-19 20:29 - 2012-07-19 20:28 - 01342960 ____A C:\Windows\Minidump\072012-23478-01.dmp ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-11 19:21:23 Restore point made on: 2012-10-11 23:01:02 Restore point made on: 2012-10-13 07:11:27 Restore point made on: 2012-10-13 18:45:35 Restore point made on: 2012-10-13 18:59:41 Restore point made on: 2012-10-13 23:01:04 Restore point made on: 2012-10-14 11:24:23 Restore point made on: 2012-10-14 15:40:41 Restore point made on: 2012-10-15 05:18:22 Restore point made on: 2012-10-15 12:21:45 Restore point made on: 2012-10-15 16:46:07 Restore point made on: 2012-10-15 23:00:49 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 2942.49 MB Available physical RAM: 2248.02 MB Total Pagefile: 2940.64 MB Available Pagefile: 2238.07 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:217.79 GB) NTFS 2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF 7 Drive j: (UDISK 28X) (Removable) (Total:0.96 GB) (Free:0.2 GB) FAT 9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS 10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 Online 980 MB 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 286 GB 101 MB Partition 3 Primary 11 GB 286 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C HP NTFS Partition 286 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy ========================================================= Partitions of Disk 4: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 979 MB 16 KB ================================================================================== Disk: 4 Partition 1 Type : 0E Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 7 J UDISK 28X FAT Removable 979 MB Healthy ========================================================= Last Boot: 2012-10-06 14:40 ==================== End Of Log ============================= Please advise next steps. Thank you!

I ran the MBAM and it found the same infected files. On the reboot I got the blue screen. Here is the MBAM log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steffy :: STEFFY-PC [administrator] 10/16/2012 10:31:28 AM mbam-log-2012-10-16 (10-31-28).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 414914 Time elapsed: 2 hour(s), 7 minute(s), Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 4396 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\TDSSKiller_Quarantine\15.10.2012_23.18.59\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) Please advise next steps... Thank you!

Ok so I ran everything and did all the reboots. There were 2 TDSSKiller logsm so I am including both here. Here are all the logs including combo fix: 23:18:59.0232 4624 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 23:18:59.0282 4624 ============================================================ 23:18:59.0282 4624 Current date / time: 2012/10/15 23:18:59.0282 23:18:59.0282 4624 SystemInfo: 23:18:59.0282 4624 23:18:59.0282 4624 OS Version: 6.1.7601 ServicePack: 1.0 23:18:59.0282 4624 Product type: Workstation 23:18:59.0282 4624 ComputerName: STEFFY-PC 23:18:59.0282 4624 UserName: Steffy 23:18:59.0282 4624 Windows directory: C:\Windows 23:18:59.0282 4624 System windows directory: C:\Windows 23:18:59.0282 4624 Running under WOW64 23:18:59.0282 4624 Processor architecture: Intel x64 23:18:59.0282 4624 Number of processors: 1 23:18:59.0282 4624 Page size: 0x1000 23:18:59.0282 4624 Boot type: Normal boot 23:18:59.0282 4624 ============================================================ 23:19:02.0733 4624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 23:19:02.0793 4624 ============================================================ 23:19:02.0793 4624 \Device\Harddisk0\DR0: 23:19:02.0793 4624 MBR partitions: 23:19:02.0793 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:19:02.0793 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800 23:19:02.0793 4624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000 23:19:02.0793 4624 ============================================================ 23:19:02.0833 4624 C: <-> \Device\Harddisk0\DR0\Partition2 23:19:02.0873 4624 D: <-> \Device\Harddisk0\DR0\Partition3 23:19:03.0003 4624 ============================================================ 23:19:03.0003 4624 Initialize success 23:19:03.0003 4624 ============================================================ 23:20:02.0862 0368 ============================================================ 23:20:02.0862 0368 Scan started 23:20:02.0862 0368 Mode: Manual; TDLFS; 23:20:02.0862 0368 ============================================================ 23:20:04.0222 0368 ================ Scan system memory ======================== 23:20:04.0222 0368 System memory - ok 23:20:04.0222 0368 ================ Scan services ============================= 23:20:04.0442 0368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:20:04.0442 0368 1394ohci - ok 23:20:04.0522 0368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:20:04.0522 0368 ACPI - ok 23:20:04.0572 0368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:20:04.0572 0368 AcpiPmi - ok 23:20:04.0722 0368 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:20:04.0722 0368 AdobeFlashPlayerUpdateSvc - ok 23:20:04.0792 0368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:20:04.0802 0368 adp94xx - ok 23:20:04.0862 0368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:20:04.0872 0368 adpahci - ok 23:20:04.0902 0368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:20:04.0902 0368 adpu320 - ok 23:20:04.0942 0368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:20:04.0942 0368 AeLookupSvc - ok 23:20:05.0012 0368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 23:20:05.0022 0368 AFD - ok 23:20:05.0142 0368 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 23:20:05.0142 0368 AgereModemAudio - ok 23:20:05.0212 0368 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 23:20:05.0232 0368 AgereSoftModem - ok 23:20:05.0302 0368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:20:05.0302 0368 agp440 - ok 23:20:05.0372 0368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 23:20:05.0372 0368 ALG - ok 23:20:05.0452 0368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 23:20:05.0457 0368 aliide - ok 23:20:05.0477 0368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 23:20:05.0477 0368 amdide - ok 23:20:05.0567 0368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:20:05.0572 0368 AmdK8 - ok 23:20:05.0602 0368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:20:05.0607 0368 AmdPPM - ok 23:20:05.0677 0368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:20:05.0682 0368 amdsata - ok 23:20:05.0722 0368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:20:05.0727 0368 amdsbs - ok 23:20:05.0782 0368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:20:05.0792 0368 amdxata - ok 23:20:05.0877 0368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 23:20:05.0897 0368 AppID - ok 23:20:05.0937 0368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:20:05.0937 0368 AppIDSvc - ok 23:20:05.0987 0368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 23:20:05.0987 0368 Appinfo - ok 23:20:06.0127 0368 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:20:06.0137 0368 Apple Mobile Device - ok 23:20:06.0217 0368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 23:20:06.0217 0368 arc - ok 23:20:06.0247 0368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:20:06.0247 0368 arcsas - ok 23:20:06.0307 0368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:20:06.0307 0368 AsyncMac - ok 23:20:06.0367 0368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 23:20:06.0367 0368 atapi - ok 23:20:06.0447 0368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:20:06.0447 0368 AudioEndpointBuilder - ok 23:20:06.0477 0368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:20:06.0477 0368 AudioSrv - ok 23:20:06.0537 0368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:20:06.0547 0368 AxInstSV - ok 23:20:06.0667 0368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 23:20:06.0667 0368 b06bdrv - ok 23:20:06.0747 0368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:20:06.0747 0368 b57nd60a - ok 23:20:06.0827 0368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 23:20:06.0827 0368 BDESVC - ok 23:20:06.0847 0368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 23:20:06.0847 0368 Beep - ok 23:20:06.0957 0368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 23:20:06.0967 0368 BFE - ok 23:20:07.0226 0368 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys 23:20:07.0257 0368 BHDrvx64 - ok 23:20:07.0304 0368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 23:20:07.0319 0368 BITS - ok 23:20:07.0366 0368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:20:07.0366 0368 blbdrive - ok 23:20:07.0460 0368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:20:07.0475 0368 Bonjour Service - ok 23:20:07.0569 0368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:20:07.0569 0368 bowser - ok 23:20:07.0616 0368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:20:07.0616 0368 BrFiltLo - ok 23:20:07.0631 0368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:20:07.0631 0368 BrFiltUp - ok 23:20:07.0678 0368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 23:20:07.0678 0368 Browser - ok 23:20:07.0725 0368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:20:07.0725 0368 Brserid - ok 23:20:07.0740 0368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:20:07.0756 0368 BrSerWdm - ok 23:20:07.0787 0368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:20:07.0787 0368 BrUsbMdm - ok 23:20:07.0803 0368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:20:07.0803 0368 BrUsbSer - ok 23:20:07.0818 0368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:20:07.0818 0368 BTHMODEM - ok 23:20:07.0896 0368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 23:20:07.0896 0368 bthserv - ok 23:20:08.0037 0368 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys 23:20:08.0037 0368 ccSet_N360 - ok 23:20:08.0084 0368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:20:08.0084 0368 cdfs - ok 23:20:08.0162 0368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 23:20:08.0162 0368 cdrom - ok 23:20:08.0240 0368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 23:20:08.0240 0368 CertPropSvc - ok 23:20:08.0302 0368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:20:08.0302 0368 circlass - ok 23:20:08.0333 0368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 23:20:08.0333 0368 CLFS - ok 23:20:08.0411 0368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:20:08.0411 0368 clr_optimization_v2.0.50727_32 - ok 23:20:08.0458 0368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:20:08.0474 0368 clr_optimization_v2.0.50727_64 - ok 23:20:08.0583 0368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:20:08.0583 0368 clr_optimization_v4.0.30319_32 - ok 23:20:08.0645 0368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:20:08.0661 0368 clr_optimization_v4.0.30319_64 - ok 23:20:08.0739 0368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:20:08.0739 0368 CmBatt - ok 23:20:08.0786 0368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:20:08.0786 0368 cmdide - ok 23:20:08.0817 0368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 23:20:08.0832 0368 CNG - ok 23:20:08.0848 0368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:20:08.0864 0368 Compbatt - ok 23:20:08.0910 0368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:20:08.0910 0368 CompositeBus - ok 23:20:08.0942 0368 COMSysApp - ok 23:20:08.0988 0368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:20:08.0988 0368 crcdisk - ok 23:20:09.0066 0368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:20:09.0066 0368 CryptSvc - ok 23:20:09.0144 0368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:20:09.0160 0368 DcomLaunch - ok 23:20:09.0191 0368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 23:20:09.0191 0368 defragsvc - ok 23:20:09.0254 0368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:20:09.0254 0368 DfsC - ok 23:20:09.0332 0368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 23:20:09.0332 0368 Dhcp - ok 23:20:09.0363 0368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 23:20:09.0363 0368 discache - ok 23:20:09.0441 0368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:20:09.0441 0368 Disk - ok 23:20:09.0488 0368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:20:09.0488 0368 Dnscache - ok 23:20:09.0534 0368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:20:09.0534 0368 dot3svc - ok 23:20:09.0612 0368 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 23:20:09.0612 0368 Dot4 - ok 23:20:09.0675 0368 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 23:20:09.0675 0368 Dot4Print - ok 23:20:09.0706 0368 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 23:20:09.0706 0368 dot4usb - ok 23:20:09.0753 0368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 23:20:09.0753 0368 DPS - ok 23:20:09.0815 0368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:20:09.0815 0368 drmkaud - ok 23:20:09.0878 0368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:20:09.0878 0368 DXGKrnl - ok 23:20:09.0909 0368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 23:20:09.0924 0368 EapHost - ok 23:20:10.0002 0368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 23:20:10.0049 0368 ebdrv - ok 23:20:10.0158 0368 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 23:20:10.0158 0368 eeCtrl - ok 23:20:10.0205 0368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 23:20:10.0205 0368 EFS - ok 23:20:10.0314 0368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:20:10.0314 0368 ehRecvr - ok 23:20:10.0361 0368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 23:20:10.0361 0368 ehSched - ok 23:20:10.0439 0368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:20:10.0455 0368 elxstor - ok 23:20:10.0533 0368 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys 23:20:10.0533 0368 EraserUtilDrv11220 - ok 23:20:10.0626 0368 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 23:20:10.0626 0368 EraserUtilRebootDrv - ok 23:20:10.0658 0368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:20:10.0673 0368 ErrDev - ok 23:20:10.0736 0368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 23:20:10.0751 0368 EventSystem - ok 23:20:10.0782 0368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 23:20:10.0782 0368 exfat - ok 23:20:10.0814 0368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:20:10.0814 0368 fastfat - ok 23:20:10.0892 0368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 23:20:10.0892 0368 Fax - ok 23:20:10.0923 0368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:20:10.0923 0368 fdc - ok 23:20:11.0001 0368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 23:20:11.0001 0368 fdPHost - ok 23:20:11.0016 0368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 23:20:11.0032 0368 FDResPub - ok 23:20:11.0063 0368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:20:11.0063 0368 FileInfo - ok 23:20:11.0079 0368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:20:11.0079 0368 Filetrace - ok 23:20:11.0119 0368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:20:11.0119 0368 flpydisk - ok 23:20:11.0189 0368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:20:11.0189 0368 FltMgr - ok 23:20:11.0259 0368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 23:20:11.0279 0368 FontCache - ok 23:20:11.0339 0368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:20:11.0339 0368 FontCache3.0.0.0 - ok 23:20:11.0489 0368 [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe 23:20:11.0489 0368 FreeAgentGoNext Service - ok 23:20:11.0529 0368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:20:11.0529 0368 FsDepends - ok 23:20:11.0609 0368 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 23:20:11.0609 0368 fssfltr - ok 23:20:11.0679 0368 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 23:20:11.0699 0368 fsssvc - ok 23:20:11.0749 0368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:20:11.0759 0368 Fs_Rec - ok 23:20:11.0829 0368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:20:11.0829 0368 fvevol - ok 23:20:11.0899 0368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:20:11.0899 0368 gagp30kx - ok 23:20:11.0989 0368 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 23:20:11.0999 0368 GameConsoleService - ok 23:20:12.0039 0368 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:20:12.0039 0368 GEARAspiWDM - ok 23:20:12.0089 0368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 23:20:12.0099 0368 gpsvc - ok 23:20:12.0119 0368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:20:12.0129 0368 hcw85cir - ok 23:20:12.0199 0368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:20:12.0199 0368 HDAudBus - ok 23:20:12.0219 0368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:20:12.0229 0368 HidBatt - ok 23:20:12.0259 0368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:20:12.0259 0368 HidBth - ok 23:20:12.0289 0368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:20:12.0289 0368 HidIr - ok 23:20:12.0329 0368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 23:20:12.0329 0368 hidserv - ok 23:20:12.0409 0368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:20:12.0409 0368 HidUsb - ok 23:20:12.0459 0368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:20:12.0459 0368 hkmsvc - ok 23:20:12.0519 0368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:20:12.0519 0368 HomeGroupListener - ok 23:20:12.0559 0368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:20:12.0569 0368 HomeGroupProvider - ok 23:20:12.0719 0368 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 23:20:12.0719 0368 HP Support Assistant Service - ok 23:20:12.0879 0368 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 23:20:12.0879 0368 HPDrvMntSvc.exe - ok 23:20:12.0949 0368 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 23:20:12.0959 0368 hpqcxs08 - ok 23:20:12.0989 0368 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 23:20:12.0989 0368 hpqddsvc - ok 23:20:13.0089 0368 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 23:20:13.0099 0368 hpqwmiex - ok 23:20:13.0170 0368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:20:13.0180 0368 HpSAMD - ok 23:20:13.0260 0368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:20:13.0270 0368 HTTP - ok 23:20:13.0310 0368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:20:13.0310 0368 hwpolicy - ok 23:20:13.0380 0368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 23:20:13.0380 0368 i8042prt - ok 23:20:13.0460 0368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:20:13.0470 0368 iaStorV - ok 23:20:13.0770 0368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:20:13.0810 0368 idsvc - ok 23:20:13.0970 0368 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSvia64.sys 23:20:13.0980 0368 IDSVia64 - ok 23:20:14.0040 0368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:20:14.0040 0368 iirsp - ok 23:20:14.0110 0368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 23:20:14.0120 0368 IKEEXT - ok 23:20:14.0240 0368 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 23:20:14.0270 0368 IntcAzAudAddService - ok 23:20:14.0290 0368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 23:20:14.0300 0368 intelide - ok 23:20:14.0360 0368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:20:14.0370 0368 intelppm - ok 23:20:14.0470 0368 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 23:20:14.0480 0368 IntuitUpdateService - ok 23:20:14.0590 0368 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 23:20:14.0600 0368 IntuitUpdateServiceV4 - ok 23:20:14.0640 0368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:20:14.0640 0368 IPBusEnum - ok 23:20:14.0690 0368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:20:14.0690 0368 IpFilterDriver - ok 23:20:14.0740 0368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:20:14.0750 0368 iphlpsvc - ok 23:20:14.0790 0368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:20:14.0800 0368 IPMIDRV - ok 23:20:14.0880 0368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:20:14.0880 0368 IPNAT - ok 23:20:14.0980 0368 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:20:14.0990 0368 iPod Service - ok 23:20:15.0050 0368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:20:15.0060 0368 IRENUM - ok 23:20:15.0100 0368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:20:15.0100 0368 isapnp - ok 23:20:15.0130 0368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:20:15.0140 0368 iScsiPrt - ok 23:20:15.0261 0368 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe 23:20:15.0271 0368 jswpsapi - ok 23:20:15.0331 0368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 23:20:15.0341 0368 kbdclass - ok 23:20:15.0391 0368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 23:20:15.0391 0368 kbdhid - ok 23:20:15.0411 0368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 23:20:15.0411 0368 KeyIso - ok 23:20:15.0451 0368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:20:15.0461 0368 KSecDD - ok 23:20:15.0481 0368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:20:15.0491 0368 KSecPkg - ok 23:20:15.0551 0368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:20:15.0561 0368 ksthunk - ok 23:20:15.0591 0368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 23:20:15.0601 0368 KtmRm - ok 23:20:15.0671 0368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 23:20:15.0671 0368 LanmanServer - ok 23:20:15.0721 0368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:20:15.0731 0368 LanmanWorkstation - ok 23:20:16.0001 0368 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe 23:20:16.0113 0368 LeapFrog Connect Device Service - ok 23:20:16.0176 0368 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys 23:20:16.0176 0368 Leapfrog-USBLAN - ok 23:20:16.0269 0368 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 23:20:16.0269 0368 LightScribeService - ok 23:20:16.0363 0368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:20:16.0378 0368 lltdio - ok 23:20:16.0441 0368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:20:16.0456 0368 lltdsvc - ok 23:20:16.0503 0368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:20:16.0503 0368 lmhosts - ok 23:20:16.0566 0368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:20:16.0566 0368 LSI_FC - ok 23:20:16.0597 0368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:20:16.0597 0368 LSI_SAS - ok 23:20:16.0628 0368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:20:16.0628 0368 LSI_SAS2 - ok 23:20:16.0644 0368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:20:16.0659 0368 LSI_SCSI - ok 23:20:16.0706 0368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 23:20:16.0722 0368 luafv - ok 23:20:16.0753 0368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:20:16.0753 0368 Mcx2Svc - ok 23:20:16.0800 0368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:20:16.0800 0368 megasas - ok 23:20:16.0846 0368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:20:16.0846 0368 MegaSR - ok 23:20:16.0956 0368 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 23:20:16.0956 0368 Microsoft Office Groove Audit Service - ok 23:20:17.0018 0368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 23:20:17.0018 0368 MMCSS - ok 23:20:17.0049 0368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 23:20:17.0049 0368 Modem - ok 23:20:17.0127 0368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:20:17.0127 0368 monitor - ok 23:20:17.0190 0368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 23:20:17.0190 0368 mouclass - ok 23:20:17.0283 0368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:20:17.0299 0368 mouhid - ok 23:20:17.0361 0368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:20:17.0361 0368 mountmgr - ok 23:20:17.0392 0368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 23:20:17.0392 0368 mpio - ok 23:20:17.0424 0368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:20:17.0424 0368 mpsdrv - ok 23:20:17.0486 0368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:20:17.0486 0368 MpsSvc - ok 23:20:17.0548 0368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:20:17.0548 0368 MRxDAV - ok 23:20:17.0595 0368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:20:17.0595 0368 mrxsmb - ok 23:20:17.0658 0368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:20:17.0658 0368 mrxsmb10 - ok 23:20:17.0673 0368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:20:17.0689 0368 mrxsmb20 - ok 23:20:17.0720 0368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 23:20:17.0720 0368 msahci - ok 23:20:17.0798 0368 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe 23:20:17.0798 0368 MSCamSvc - ok 23:20:17.0829 0368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:20:17.0829 0368 msdsm - ok 23:20:17.0845 0368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 23:20:17.0860 0368 MSDTC - ok 23:20:17.0938 0368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:20:17.0938 0368 Msfs - ok 23:20:17.0970 0368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:20:17.0970 0368 mshidkmdf - ok 23:20:18.0016 0368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:20:18.0016 0368 msisadrv - ok 23:20:18.0063 0368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:20:18.0063 0368 MSiSCSI - ok 23:20:18.0079 0368 msiserver - ok 23:20:18.0157 0368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:20:18.0157 0368 MSKSSRV - ok 23:20:18.0172 0368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:20:18.0172 0368 MSPCLOCK - ok 23:20:18.0188 0368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:20:18.0188 0368 MSPQM - ok 23:20:18.0250 0368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:20:18.0250 0368 MsRPC - ok 23:20:18.0297 0368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:20:18.0297 0368 mssmbios - ok 23:20:18.0375 0368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:20:18.0375 0368 MSTEE - ok 23:20:18.0406 0368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:20:18.0406 0368 MTConfig - ok 23:20:18.0453 0368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 23:20:18.0453 0368 Mup - ok 23:20:18.0625 0368 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe 23:20:18.0625 0368 N360 - ok 23:20:18.0703 0368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 23:20:18.0713 0368 napagent - ok 23:20:18.0773 0368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:20:18.0773 0368 NativeWifiP - ok 23:20:18.0963 0368 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121015.017\ENG64.SYS 23:20:18.0963 0368 NAVENG - ok 23:20:19.0073 0368 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121015.017\EX64.SYS 23:20:19.0103 0368 NAVEX15 - ok 23:20:19.0183 0368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:20:19.0193 0368 NDIS - ok 23:20:19.0265 0368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:20:19.0265 0368 NdisCap - ok 23:20:19.0315 0368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:20:19.0315 0368 NdisTapi - ok 23:20:19.0375 0368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:20:19.0385 0368 Ndisuio - ok 23:20:19.0435 0368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:20:19.0435 0368 NdisWan - ok 23:20:19.0485 0368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:20:19.0485 0368 NDProxy - ok 23:20:19.0565 0368 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 23:20:19.0575 0368 Net Driver HPZ12 - ok 23:20:19.0645 0368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:20:19.0645 0368 NetBIOS - ok 23:20:19.0705 0368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:20:19.0705 0368 NetBT - ok 23:20:19.0725 0368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 23:20:19.0735 0368 Netlogon - ok 23:20:19.0795 0368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 23:20:19.0805 0368 Netman - ok 23:20:19.0835 0368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 23:20:19.0845 0368 netprofm - ok 23:20:19.0875 0368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:20:19.0875 0368 NetTcpPortSharing - ok 23:20:19.0945 0368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:20:19.0945 0368 nfrd960 - ok 23:20:20.0015 0368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:20:20.0025 0368 NlaSvc - ok 23:20:20.0075 0368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:20:20.0075 0368 Npfs - ok 23:20:20.0105 0368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 23:20:20.0105 0368 nsi - ok 23:20:20.0125 0368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:20:20.0125 0368 nsiproxy - ok 23:20:20.0205 0368 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:20:20.0225 0368 Ntfs - ok 23:20:20.0275 0368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 23:20:20.0275 0368 Null - ok 23:20:20.0575 0368 [ C967514483FA30A0A352E70BB6414D1D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:20:20.0823 0368 nvlddmkm - ok 23:20:20.0930 0368 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 23:20:20.0940 0368 NVNET - ok 23:20:20.0965 0368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:20:20.0965 0368 nvraid - ok 23:20:21.0074 0368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:20:21.0106 0368 nvstor - ok 23:20:21.0168 0368 [ 6BA747B1A9297A6C0271700D12FDD495 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 23:20:21.0184 0368 nvstor64 - ok 23:20:21.0262 0368 [ E26706A65D97EF9188B1D7BFA23C96C2 ] nvsvc C:\Windows\system32\nvvsvc.exe 23:20:21.0262 0368 nvsvc - ok 23:20:21.0308 0368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:20:21.0308 0368 nv_agp - ok 23:20:21.0402 0368 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:20:21.0418 0368 odserv - ok 23:20:21.0464 0368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:20:21.0464 0368 ohci1394 - ok 23:20:21.0527 0368 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:20:21.0527 0368 ose - ok 23:20:21.0620 0368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:20:21.0620 0368 p2pimsvc - ok 23:20:21.0683 0368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 23:20:21.0698 0368 p2psvc - ok 23:20:21.0730 0368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:20:21.0730 0368 Parport - ok 23:20:21.0776 0368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:20:21.0776 0368 partmgr - ok 23:20:21.0808 0368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:20:21.0823 0368 PcaSvc - ok 23:20:21.0839 0368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 23:20:21.0839 0368 pci - ok 23:20:21.0901 0368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 23:20:21.0901 0368 pciide - ok 23:20:21.0948 0368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:20:21.0948 0368 pcmcia - ok 23:20:21.0979 0368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 23:20:21.0979 0368 pcw - ok 23:20:22.0026 0368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:20:22.0026 0368 PEAUTH - ok 23:20:22.0120 0368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:20:22.0120 0368 PerfHost - ok 23:20:22.0198 0368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 23:20:22.0213 0368 pla - ok 23:20:22.0276 0368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:20:22.0276 0368 PlugPlay - ok 23:20:22.0322 0368 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 23:20:22.0322 0368 Pml Driver HPZ12 - ok 23:20:22.0354 0368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:20:22.0369 0368 PNRPAutoReg - ok 23:20:22.0385 0368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:20:22.0400 0368 PNRPsvc - ok 23:20:22.0447 0368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:20:22.0463 0368 PolicyAgent - ok 23:20:22.0541 0368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 23:20:22.0541 0368 Power - ok 23:20:22.0603 0368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:20:22.0619 0368 PptpMiniport - ok 23:20:22.0650 0368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:20:22.0650 0368 Processor - ok 23:20:22.0712 0368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 23:20:22.0728 0368 ProfSvc - ok 23:20:22.0744 0368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:20:22.0744 0368 ProtectedStorage - ok 23:20:22.0822 0368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:20:22.0822 0368 Psched - ok 23:20:22.0868 0368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:20:22.0884 0368 ql2300 - ok 23:20:22.0915 0368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:20:22.0915 0368 ql40xx - ok 23:20:22.0946 0368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 23:20:22.0962 0368 QWAVE - ok 23:20:22.0993 0368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:20:22.0993 0368 QWAVEdrv - ok 23:20:23.0134 0368 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys 23:20:23.0134 0368 RapportCerberus_42020 - ok 23:20:23.0227 0368 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 23:20:23.0227 0368 RapportEI64 - ok 23:20:23.0290 0368 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys 23:20:23.0290 0368 RapportKE64 - ok 23:20:23.0368 0368 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe 23:20:23.0383 0368 RapportMgmtService - ok 23:20:23.0492 0368 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 23:20:23.0492 0368 RapportPG64 - ok 23:20:23.0524 0368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:20:23.0524 0368 RasAcd - ok 23:20:23.0586 0368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:20:23.0586 0368 RasAgileVpn - ok 23:20:23.0617 0368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 23:20:23.0633 0368 RasAuto - ok 23:20:23.0680 0368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:20:23.0680 0368 Rasl2tp - ok 23:20:23.0742 0368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 23:20:23.0742 0368 RasMan - ok 23:20:23.0804 0368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:20:23.0820 0368 RasPppoe - ok 23:20:23.0867 0368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:20:23.0914 0368 RasSstp - ok 23:20:24.0163 0368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:20:24.0179 0368 rdbss - ok 23:20:24.0194 0368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:20:24.0194 0368 rdpbus - ok 23:20:24.0241 0368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:20:24.0241 0368 RDPCDD - ok 23:20:24.0272 0368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:20:24.0272 0368 RDPENCDD - ok 23:20:24.0288 0368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:20:24.0304 0368 RDPREFMP - ok 23:20:24.0350 0368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:20:24.0350 0368 RDPWD - ok 23:20:24.0428 0368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:20:24.0428 0368 rdyboost - ok 23:20:24.0460 0368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:20:24.0460 0368 RemoteAccess - ok 23:20:24.0506 0368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:20:24.0506 0368 RemoteRegistry - ok 23:20:24.0553 0368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:20:24.0569 0368 RpcEptMapper - ok 23:20:24.0600 0368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 23:20:24.0600 0368 RpcLocator - ok 23:20:24.0647 0368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 23:20:24.0662 0368 RpcSs - ok 23:20:24.0725 0368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:20:24.0725 0368 rspndr - ok 23:20:24.0756 0368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 23:20:24.0756 0368 SamSs - ok 23:20:24.0803 0368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:20:24.0803 0368 sbp2port - ok 23:20:24.0850 0368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:20:24.0850 0368 SCardSvr - ok 23:20:24.0896 0368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:20:24.0896 0368 scfilter - ok 23:20:24.0959 0368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 23:20:24.0974 0368 Schedule - ok 23:20:25.0021 0368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:20:25.0021 0368 SCPolicySvc - ok 23:20:25.0068 0368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:20:25.0084 0368 SDRSVC - ok 23:20:25.0193 0368 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 23:20:25.0193 0368 SeaPort - ok 23:20:25.0224 0368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:20:25.0224 0368 secdrv - ok 23:20:25.0271 0368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 23:20:25.0271 0368 seclogon - ok 23:20:25.0302 0368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 23:20:25.0302 0368 SENS - ok 23:20:25.0364 0368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:20:25.0364 0368 SensrSvc - ok 23:20:25.0396 0368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:20:25.0396 0368 Serenum - ok 23:20:25.0427 0368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:20:25.0427 0368 Serial - ok 23:20:25.0474 0368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:20:25.0474 0368 sermouse - ok 23:20:25.0536 0368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 23:20:25.0552 0368 SessionEnv - ok 23:20:25.0583 0368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:20:25.0583 0368 sffdisk - ok 23:20:25.0598 0368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:20:25.0598 0368 sffp_mmc - ok 23:20:25.0645 0368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:20:25.0645 0368 sffp_sd - ok 23:20:25.0676 0368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:20:25.0676 0368 sfloppy - ok 23:20:25.0708 0368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:20:25.0723 0368 SharedAccess - ok 23:20:25.0770 0368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:20:25.0770 0368 ShellHWDetection - ok 23:20:25.0832 0368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:20:25.0848 0368 SiSRaid2 - ok 23:20:25.0879 0368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:20:25.0879 0368 SiSRaid4 - ok 23:20:25.0973 0368 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 23:20:25.0988 0368 SkypeUpdate - ok 23:20:26.0051 0368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:20:26.0051 0368 Smb - ok 23:20:26.0098 0368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:20:26.0098 0368 SNMPTRAP - ok 23:20:26.0129 0368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 23:20:26.0129 0368 spldr - ok 23:20:26.0191 0368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 23:20:26.0191 0368 Spooler - ok 23:20:26.0300 0368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 23:20:26.0347 0368 sppsvc - ok 23:20:26.0378 0368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:20:26.0378 0368 sppuinotify - ok 23:20:26.0534 0368 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS 23:20:26.0550 0368 SRTSP - ok 23:20:26.0644 0368 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS 23:20:26.0644 0368 SRTSPX - ok 23:20:26.0706 0368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 23:20:26.0706 0368 srv - ok 23:20:26.0753 0368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:20:26.0768 0368 srv2 - ok 23:20:26.0784 0368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:20:26.0800 0368 srvnet - ok 23:20:26.0846 0368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:20:26.0862 0368 SSDPSRV - ok 23:20:26.0878 0368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:20:26.0893 0368 SstpSvc - ok 23:20:26.0924 0368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:20:26.0924 0368 stexstor - ok 23:20:26.0971 0368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 23:20:26.0987 0368 stisvc - ok 23:20:27.0034 0368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 23:20:27.0034 0368 swenum - ok 23:20:27.0080 0368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 23:20:27.0080 0368 swprv - ok 23:20:27.0252 0368 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe 23:20:27.0268 0368 Symantec RemoteAssist - ok 23:20:27.0361 0368 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS 23:20:27.0361 0368 SymDS - ok 23:20:27.0439 0368 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS 23:20:27.0455 0368 SymEFA - ok 23:20:27.0517 0368 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 23:20:27.0517 0368 SymEvent - ok 23:20:27.0548 0368 SYMFW - ok 23:20:27.0611 0368 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS 23:20:27.0626 0368 SymIRON - ok 23:20:27.0642 0368 SYMNDISV - ok 23:20:27.0673 0368 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS 23:20:27.0673 0368 SymNetS - ok 23:20:27.0782 0368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 23:20:27.0829 0368 SysMain - ok 23:20:27.0892 0368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:20:27.0892 0368 TabletInputService - ok 23:20:27.0923 0368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 23:20:27.0923 0368 TapiSrv - ok 23:20:27.0970 0368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 23:20:27.0970 0368 TBS - ok 23:20:28.0048 0368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:20:28.0063 0368 Tcpip - ok 23:20:28.0126 0368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:20:28.0141 0368 TCPIP6 - ok 23:20:28.0204 0368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:20:28.0204 0368 tcpipreg - ok 23:20:28.0235 0368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:20:28.0235 0368 TDPIPE - ok 23:20:28.0282 0368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:20:28.0282 0368 TDTCP - ok 23:20:28.0360 0368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:20:28.0360 0368 tdx - ok 23:20:28.0391 0368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:20:28.0406 0368 TermDD - ok 23:20:28.0453 0368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 23:20:28.0469 0368 TermService - ok 23:20:28.0500 0368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 23:20:28.0500 0368 Themes - ok 23:20:28.0531 0368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 23:20:28.0531 0368 THREADORDER - ok 23:20:28.0594 0368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 23:20:28.0609 0368 TrkWks - ok 23:20:28.0672 0368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:20:28.0672 0368 TrustedInstaller - ok 23:20:28.0750 0368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:20:28.0765 0368 tssecsrv - ok 23:20:28.0828 0368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:20:28.0828 0368 TsUsbFlt - ok 23:20:28.0906 0368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:20:28.0906 0368 tunnel - ok 23:20:28.0937 0368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:20:28.0937 0368 uagp35 - ok 23:20:28.0999 0368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:20:28.0999 0368 udfs - ok 23:20:29.0046 0368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:20:29.0062 0368 UI0Detect - ok 23:20:29.0077 0368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:20:29.0077 0368 uliagpkx - ok 23:20:29.0140 0368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 23:20:29.0140 0368 umbus - ok 23:20:29.0186 0368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:20:29.0202 0368 UmPass - ok 23:20:29.0218 0368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 23:20:29.0233 0368 upnphost - ok 23:20:29.0296 0368 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 23:20:29.0296 0368 USBAAPL64 - ok 23:20:29.0374 0368 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 23:20:29.0374 0368 usbaudio - ok 23:20:29.0436 0368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:20:29.0436 0368 usbccgp - ok 23:20:29.0514 0368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:20:29.0514 0368 usbcir - ok 23:20:29.0576 0368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:20:29.0576 0368 usbehci - ok 23:20:29.0654 0368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:20:29.0654 0368 usbhub - ok 23:20:29.0701 0368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 23:20:29.0701 0368 usbohci - ok 23:20:29.0764 0368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:20:29.0764 0368 usbprint - ok 23:20:29.0795 0368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:20:29.0795 0368 usbscan - ok 23:20:29.0826 0368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:20:29.0826 0368 USBSTOR - ok 23:20:29.0873 0368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 23:20:29.0888 0368 usbuhci - ok 23:20:29.0935 0368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 23:20:29.0935 0368 UxSms - ok 23:20:29.0981 0368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 23:20:29.0981 0368 VaultSvc - ok 23:20:30.0051 0368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:20:30.0051 0368 vdrvroot - ok 23:20:30.0111 0368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 23:20:30.0121 0368 vds - ok 23:20:30.0161 0368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:20:30.0161 0368 vga - ok 23:20:30.0181 0368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 23:20:30.0181 0368 VgaSave - ok 23:20:30.0231 0368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:20:30.0241 0368 vhdmp - ok 23:20:30.0261 0368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 23:20:30.0261 0368 viaide - ok 23:20:30.0291 0368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:20:30.0291 0368 volmgr - ok 23:20:30.0351 0368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:20:30.0351 0368 volmgrx - ok 23:20:30.0406 0368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:20:30.0406 0368 volsnap - ok 23:20:30.0484 0368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:20:30.0484 0368 vsmraid - ok 23:20:30.0562 0368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 23:20:30.0578 0368 VSS - ok 23:20:30.0609 0368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:20:30.0609 0368 vwifibus - ok 23:20:30.0718 0368 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys 23:20:30.0734 0368 VX3000 - ok 23:20:30.0781 0368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 23:20:30.0781 0368 W32Time - ok 23:20:30.0828 0368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:20:30.0828 0368 WacomPen - ok 23:20:30.0906 0368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:20:30.0906 0368 WANARP - ok 23:20:30.0921 0368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:20:30.0921 0368 Wanarpv6 - ok 23:20:31.0030 0368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 23:20:31.0046 0368 WatAdminSvc - ok 23:20:31.0155 0368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 23:20:31.0186 0368 wbengine - ok 23:20:31.0249 0368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:20:31.0249 0368 WbioSrvc - ok 23:20:31.0311 0368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:20:31.0311 0368 wcncsvc - ok 23:20:31.0342 0368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:20:31.0342 0368 WcsPlugInService - ok 23:20:31.0374 0368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:20:31.0389 0368 Wd - ok 23:20:31.0436 0368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:20:31.0436 0368 Wdf01000 - ok 23:20:31.0467 0368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:20:31.0467 0368 WdiServiceHost - ok 23:20:31.0483 0368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:20:31.0483 0368 WdiSystemHost - ok 23:20:31.0545 0368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 23:20:31.0561 0368 WebClient - ok 23:20:31.0623 0368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:20:31.0639 0368 Wecsvc - ok 23:20:31.0654 0368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:20:31.0670 0368 wercplsupport - ok 23:20:31.0686 0368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 23:20:31.0686 0368 WerSvc - ok 23:20:31.0748 0368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:20:31.0748 0368 WfpLwf - ok 23:20:31.0779 0368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:20:31.0779 0368 WIMMount - ok 23:20:31.0795 0368 WinDefend - ok 23:20:31.0826 0368 WinHttpAutoProxySvc - ok 23:20:31.0873 0368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:20:31.0873 0368 Winmgmt - ok 23:20:31.0951 0368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 23:20:31.0982 0368 WinRM - ok 23:20:32.0060 0368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:20:32.0060 0368 WinUsb - ok 23:20:32.0138 0368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 23:20:32.0154 0368 Wlansvc - ok 23:20:32.0232 0368 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 23:20:32.0232 0368 wlcrasvc - ok 23:20:32.0356 0368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:20:32.0388 0368 wlidsvc - ok 23:20:32.0434 0368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:20:32.0434 0368 WmiAcpi - ok 23:20:32.0466 0368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:20:32.0481 0368 wmiApSrv - ok 23:20:32.0528 0368 WMPNetworkSvc - ok 23:20:32.0622 0368 [ AE06D75F402DE21C922BCECB30F8FB50 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2x.sys 23:20:32.0622 0368 WN111v2 - ok 23:20:32.0653 0368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:20:32.0653 0368 WPCSvc - ok 23:20:32.0700 0368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:20:32.0700 0368 WPDBusEnum - ok 23:20:32.0731 0368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:20:32.0731 0368 ws2ifsl - ok 23:20:32.0762 0368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 23:20:32.0762 0368 wscsvc - ok 23:20:32.0778 0368 WSearch - ok 23:20:32.0902 0368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 23:20:32.0949 0368 wuauserv - ok 23:20:32.0980 0368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:20:32.0980 0368 WudfPf - ok 23:20:33.0058 0368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:20:33.0058 0368 WUDFRd - ok 23:20:33.0121 0368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:20:33.0121 0368 wudfsvc - ok 23:20:33.0152 0368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 23:20:33.0168 0368 WwanSvc - ok 23:20:33.0386 0368 ================ Scan global =============================== 23:20:33.0417 0368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 23:20:33.0511 0368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:20:33.0558 0368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:20:33.0620 0368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 23:20:33.0651 0368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 23:20:33.0651 0368 [Global] - ok 23:20:33.0667 0368 ================ Scan MBR ================================== 23:20:33.0667 0368 [ 7776D739BFD97B30B095C7D4B834C04C ] \Device\Harddisk0\DR0 23:20:33.0667 0368 Suspicious mbr (Forged): \Device\Harddisk0\DR0 23:20:33.0729 0368 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 23:20:33.0729 0368 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 23:20:33.0792 0368 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 23:20:33.0792 0368 \Device\Harddisk0\DR0 - detected TDSS File System (1) 23:20:33.0792 0368 ================ Scan VBR ================================== 23:20:33.0807 0368 [ 20D218B71287C01B0817F27ABF3AC4BC ] \Device\Harddisk0\DR0\Partition1 23:20:33.0807 0368 \Device\Harddisk0\DR0\Partition1 - ok 23:20:33.0838 0368 [ 7A6424EA9E4D5582E37F247F5E00541D ] \Device\Harddisk0\DR0\Partition2 23:20:33.0838 0368 \Device\Harddisk0\DR0\Partition2 - ok 23:20:33.0885 0368 [ E5F490D53C7C27E497FECD887F8BAD12 ] \Device\Harddisk0\DR0\Partition3 23:20:33.0885 0368 \Device\Harddisk0\DR0\Partition3 - ok 23:20:33.0885 0368 ============================================================ 23:20:33.0885 0368 Scan finished 23:20:33.0885 0368 ============================================================ 23:20:33.0916 3128 Detected object count: 2 23:20:33.0916 3128 Actual detected object count: 2 23:21:38.0424 3128 \Device\Harddisk0\DR0\# - copied to quarantine 23:21:38.0434 3128 \Device\Harddisk0\DR0 - copied to quarantine 23:21:38.0484 3128 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 23:21:38.0494 3128 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 23:21:38.0604 3128 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 23:21:38.0634 3128 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 23:21:38.0644 3128 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 23:21:38.0654 3128 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 23:21:38.0674 3128 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 23:21:38.0754 3128 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 23:21:38.0784 3128 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 23:21:38.0804 3128 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 23:21:38.0824 3128 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 23:21:38.0844 3128 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 23:21:38.0914 3128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 23:21:38.0954 3128 \Device\Harddisk0\DR0 - ok 23:21:40.0895 3128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 23:21:40.0895 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 23:21:40.0895 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 23:21:55.0529 5032 Deinitialize success 23:24:52.0007 3924 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 23:24:54.0846 3924 ============================================================ 23:24:54.0955 3924 Current date / time: 2012/10/15 23:24:54.0846 23:24:54.0955 3924 SystemInfo: 23:24:54.0955 3924 23:24:54.0955 3924 OS Version: 6.1.7601 ServicePack: 1.0 23:24:54.0955 3924 Product type: Workstation 23:24:54.0955 3924 ComputerName: STEFFY-PC 23:24:54.0955 3924 UserName: Steffy 23:24:54.0955 3924 Windows directory: C:\Windows 23:24:54.0955 3924 System windows directory: C:\Windows 23:24:54.0955 3924 Running under WOW64 23:24:54.0955 3924 Processor architecture: Intel x64 23:24:54.0955 3924 Number of processors: 1 23:24:54.0955 3924 Page size: 0x1000 23:24:54.0955 3924 Boot type: Normal boot 23:24:54.0955 3924 ============================================================ 23:25:27.0888 3924 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 23:25:28.0029 3924 ============================================================ 23:25:28.0029 3924 \Device\Harddisk0\DR0: 23:25:28.0107 3924 MBR partitions: 23:25:28.0107 3924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:25:28.0107 3924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800 23:25:28.0107 3924 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000 23:25:28.0107 3924 ============================================================ 23:25:28.0653 3924 C: <-> \Device\Harddisk0\DR0\Partition2 23:25:29.0167 3924 D: <-> \Device\Harddisk0\DR0\Partition3 23:25:29.0167 3924 ============================================================ 23:25:29.0167 3924 Initialize success 23:25:29.0167 3924 ============================================================ 23:25:45.0126 3764 Deinitialize success ComboFix 12-10-15.02 - Steffy 10/15/2012 23:36:20.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1719 [GMT -4:00] Running from: c:\users\Steffy\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\Microsoft\Windows\DRM\8109.tmp c:\programdata\Microsoft\Windows\DRM\8139.tmp c:\windows\jestertb.dll c:\windows\svchost.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc . . ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 ))))))))))))))))))))))))))))))) . . 2012-10-16 03:52 . 2012-10-16 03:52 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2012-10-16 03:52 . 2012-10-16 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-16 03:21 . 2012-10-16 03:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-16 01:10 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-15 14:38 . 2012-10-15 14:38 -------- d-----w- c:\users\Steffy\AppData\Roaming\Malwarebytes 2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\programdata\Malwarebytes 2012-10-15 14:37 . 2012-10-16 01:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-15 05:06 . 2012-10-15 05:06 -------- d-----w- c:\users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-10-15 00:32 . 2012-10-16 00:50 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002 2012-10-14 23:21 . 2012-10-15 13:54 -------- d-----w- c:\users\Steffy\AppData\Local\NPE 2012-10-14 03:02 . 2012-10-14 03:03 -------- d-----w- c:\program files\NVIDIA Corporation 2012-10-14 03:00 . 2009-07-31 03:48 704000 ----a-w- c:\windows\system32\cohelper.dll 2012-10-14 03:00 . 2009-07-31 03:39 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin 2012-10-14 02:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-10-14 02:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-10-10 17:52 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 17:52 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 17:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 17:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 17:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 17:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 17:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 17:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 17:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 17:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-10 17:38 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 17:34 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 17:34 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-04 23:34 . 2012-10-06 04:47 -------- d-----w- c:\program files (x86)\Pyware iPAS 2012-10-04 23:34 . 2012-10-04 23:34 -------- d--h--w- c:\program files (x86)\Zero G Registry 2012-10-04 23:33 . 2012-10-04 23:33 -------- d--h--w- c:\users\Steffy\InstallAnywhere 2012-09-26 23:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 04:17 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-22 04:15 . 2012-09-22 04:15 -------- d-----w- c:\program files\iPod 2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files\iTunes 2012-09-22 04:15 . 2012-09-22 04:17 -------- d-----w- c:\program files (x86)\iTunes 2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-19 01:55 . 2012-09-19 01:55 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-15 00:35 . 2010-01-19 14:06 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-10-11 07:09 . 2010-01-10 18:12 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 16:24 . 2012-04-21 01:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 16:24 . 2011-05-15 17:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-22 20:34 . 2011-03-31 03:21 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-08-22 18:12 . 2012-09-12 19:53 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 19:53 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 19:53 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 19:53 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 17:01 . 2010-01-19 14:06 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-21 17:01 . 2010-01-19 14:06 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-20 17:38 . 2012-10-10 17:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-12 19:53 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-12 19:53 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-07-18 18:15 . 2012-08-16 00:11 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALconnect"="c:\users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2012-07-04 716416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2008-12-2 1728512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 14681688;14681688; [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-08-23 40320] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS [2012-07-28 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS [2012-08-08 1132192] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-14 1385120] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-08-07 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSvia64.sys [2012-10-12 513184] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-10 397720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS [2012-07-28 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS [2012-07-23 432800] S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [2012-08-29 143928] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2008-09-29 553472] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 60941100 *NewlyCreated* - WS2IFSL *Deregistered* - 60941100 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 16:24] . 2012-10-02 c:\windows\Tasks\HPCeeScheduleForSteffy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2012-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] . ------- Supplementary Scan ------- . uStart Page = hxxp://m.www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Steffy\AppData\Roaming\Mozilla\Firefox\Profiles\jn5yn95j.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - ExtSQL: !HIDDEN! 2010-01-11 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-60941100.sys AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:48,2d,dc,c9,22,a7,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2012-10-16 00:06:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-16 04:06 . Pre-Run: 234,104,893,440 bytes free Post-Run: 233,842,917,376 bytes free . - - End Of File - - 62A4E81FEC8BFA46E29F47AC1DA7780F Please let me know if there are any more steps needed. Thank you!

Hello! Below is the aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-15 22:34:56 ----------------------------- 22:34:56.900 OS Version: Windows x64 6.1.7601 Service Pack 1 22:34:56.900 Number of processors: 1 586 0x7F02 22:34:56.908 ComputerName: STEFFY-PC UserName: Steffy 22:35:02.963 Initialize success 22:35:16.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066 22:35:16.134 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3 22:35:16.137 Device \Driver\nvstor64 -> MajorFunction fffffa80038ce5e8 22:35:16.146 Disk 0 MBR read successfully 22:35:16.149 Disk 0 MBR scan 22:35:16.153 Disk 0 unknown MBR code 22:35:16.199 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:35:16.259 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292917 MB offset 206848 22:35:16.293 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12226 MB offset 600100864 22:35:16.428 Disk 0 scanning C:\Windows\system32\drivers 22:35:25.203 Service scanning 22:35:59.122 Modules scanning 22:35:59.135 Disk 0 trace - called modules: 22:35:59.145 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80038ce5e8]<< 22:35:59.540 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800304a730] 22:35:59.554 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8002cf2240] 22:35:59.566 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8002d039c0] 22:35:59.585 \Driver\nvstor64[0xfffffa80037cc2a0] -> IRP_MJ_CREATE -> 0xfffffa80038ce5e8 22:35:59.598 Scan finished successfully 22:36:15.903 Disk 0 MBR has been saved successfully to "C:\Users\Steffy\Desktop\MBR.dat" 22:36:15.918 The log file has been saved successfully to "C:\Users\Steffy\Desktop\aswMBR.txt" Thank you

It appears that my Windows 7 pc has become infected with winrscmde svchost.exe Trojan.Agent. I have run Malwarebytes and it finds two files for removal but upon reboot it actually removes Malwarebytes and I end up in a vicious cycle of downloading the Malwarebytes, running the scan, finding the files, rebooting - blue screen and all - and coming back to no Malwarebytes anymore. I have run the dds.scr as recommended in the I'm infected post and those logs are posted here: DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Steffy at 21:36:34 on 2012-10-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1029 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\vVX3000.exe C:\Users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://m.www.yahoo.com/ uSearch Bar = Preserve mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\CoIEPlg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\CoIEPlg.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe uRun: [ALconnect] C:\Users\Steffy\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.0.0.1 TCP: Interfaces\{3A11F24C-80B1-4BD0-87AD-DFB5DB40FAE5} : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{3A11F24C-80B1-4BD0-87AD-DFB5DB40FAE5}\D456C696373716F46666963656 : DHCPNameServer = 65.32.1.65 65.32.1.70 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt x64-Run: [VX3000] C:\Windows\vVX3000.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Steffy\AppData\Roaming\Mozilla\Firefox\Profiles\jn5yn95j.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - ExtSQL: !HIDDEN! 2010-01-11 22:35; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-30 101688] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1401010.002\SymDS64.sys [2012-10-14 493216] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1401010.002\SymEFA64.sys [2012-10-14 1132192] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-9-13 1385120] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1401010.002\ccSetx64.sys [2012-10-14 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121013.001\IDSviA64.sys [2012-10-15 513184] R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-10 397720] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1401010.002\Ironx64.sys [2012-10-14 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1401010.002\symnets.sys [2012-10-14 432800] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2x.sys [2008-9-29 553472] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-12-19 48488] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-8-23 40320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] . =============== Created Last 30 ================ . 2012-10-16 01:21:16 20480 ----a-w- C:\Windows\svchost.exe 2012-10-16 01:10:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-15 14:38:16 -------- d-----w- C:\Users\Steffy\AppData\Roaming\Malwarebytes 2012-10-15 14:37:55 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-15 14:37:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-15 05:06:05 -------- d-----w- C:\Users\Steffy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-10-15 00:33:27 493216 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymDS64.sys 2012-10-15 00:33:27 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\symnets.sys 2012-10-15 00:33:27 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymELAM.sys 2012-10-15 00:33:27 1132192 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymEFA64.sys 2012-10-15 00:33:26 776352 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\srtsp64.sys 2012-10-15 00:33:26 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\srtspx64.sys 2012-10-15 00:33:26 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\Ironx64.sys 2012-10-15 00:33:25 168096 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\ccSetx64.sys 2012-10-15 00:32:32 -------- d-----w- C:\Windows\System32\drivers\N360x64\1401010.002 2012-10-14 23:21:04 -------- d-----w- C:\Users\Steffy\AppData\Local\NPE 2012-10-14 03:02:50 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-10-14 03:00:07 704000 ----a-w- C:\Windows\System32\cohelper.dll 2012-10-14 03:00:07 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin 2012-10-14 02:59:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-10-14 02:59:04 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-10-10 17:52:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 17:52:00 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 17:39:48 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 17:39:48 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 17:39:08 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 17:39:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 17:39:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 17:39:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 17:39:07 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 17:39:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-10 17:38:09 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-10-10 17:34:28 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 17:34:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-04 23:34:04 -------- d--h--w- C:\Program Files (x86)\Zero G Registry 2012-10-04 23:34:04 -------- d-----w- C:\Program Files (x86)\Pyware iPAS 2012-10-04 23:33:00 -------- d--h--w- C:\Users\Steffy\InstallAnywhere 2012-09-26 23:19:15 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-22 04:17:10 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-22 04:15:52 -------- d-----w- C:\Program Files\iPod 2012-09-22 04:15:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-22 04:15:51 -------- d-----w- C:\Program Files\iTunes 2012-09-22 04:15:51 -------- d-----w- C:\Program Files (x86)\iTunes 2012-09-19 01:55:55 -------- d-----r- C:\Program Files (x86)\Skype . ==================== Find3M ==================== . 2012-10-15 00:35:53 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-10-09 16:24:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 16:24:25 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-22 20:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 21:41:23.25 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/9/2010 3:03:41 PM System Uptime: 10/15/2012 9:19:27 PM (0 hours ago) . Motherboard: PEGATRON CORPORATION | | NARRA5 Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 218.564 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.172 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP274: 10/10/2012 2:19:59 PM - HPSF Restore Point RP275: 10/11/2012 3:01:25 AM - Windows Update RP276: 10/11/2012 11:20:56 PM - HPSF Restore Point RP277: 10/12/2012 3:00:41 AM - Windows Update RP278: 10/13/2012 11:09:50 AM - Windows Update RP279: 10/13/2012 10:44:48 PM - Installed Rapport RP280: 10/13/2012 10:59:25 PM - Windows Update RP281: 10/14/2012 3:00:15 AM - Windows Update RP282: 10/14/2012 3:23:41 PM - Windows Backup RP283: 10/14/2012 7:39:54 PM - Windows Update RP284: 10/15/2012 9:16:37 AM - Windows Update RP285: 10/15/2012 4:18:22 PM - Windows Update RP286: 10/15/2012 8:42:19 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer Acrobat.com Activate Norton Online Backup ActiveLink Connect Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BufferChm CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC 8 Canon Utilities MyCamera Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows CyberLink DVD Suite Deluxe D3DX10 Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DJ_AIO_06_F2400_SW_Min F2400 ffdshow [rev 2527] [2008-12-19] FlightCrew Connector GPBaseService2 Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.1.2.0 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 HP Games HP Imaging Device Functions 13.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP Odometer HP Print Projects 1.0 HP Remote Solution HP Setup HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Support Assistant HP Support Information HP Update HPPhotoGadget hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller iCloud InterActual Player iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java 6 Update 26 Junk Mail filter update LabelPrint LeapFrog Connect LeapFrog Leapster Explorer Plugin LG Android Drivers LG USB Modem driver LightScribe System Software LSI PCI-SV92EX Soft Modem Malwarebytes Anti-Malware version 1.65.0.1400 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Corporation Microsoft LifeCam Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MobileMe Control Panel Mozilla Firefox 9.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 NVIDIA Display Control Panel NVIDIA Drivers Power2Go PowerDirector PowerRecover PVSonyDll QuickTime RangeMax Wireless-N USB Adapter WN111v2 Rapport Realtek High Definition Audio Driver Safari Scan Seagate Manager Installer Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Shop for HP Supplies Skype™ 5.10 SmartWebPrinting SolutionCenter Status Symantec Technical Support Web Controls Toolbox TrayApp TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) WebReg Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WN111v2 . ==== Event Viewer Messages From Past Week ======== . 10/15/2012 9:46:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80025e5060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-74630-01. 10/15/2012 9:37:41 AM, Error: volsnap [14] - The shadow copies of volume F: were aborted because of an IO failure on volume F:. 10/15/2012 9:21:01 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 10/15/2012 9:11:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. 10/15/2012 9:11:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80076da060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: . 10/15/2012 9:04:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 9:04:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/15/2012 9:04:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/15/2012 9:04:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/15/2012 9:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/15/2012 9:04:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80024d9b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-33087-01. 10/15/2012 9:04:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/15/2012 9:04:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 RapportKE64 spldr SRTSPX SymIRON SymNetS Wanarpv6 10/15/2012 8:48:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197). 10/15/2012 8:45:15 PM, Error: Service Control Manager [7022] - The Intuit Update Service service hung on starting. 10/15/2012 8:39:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP 10/15/2012 8:38:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80069f6060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-90028-01. 10/15/2012 8:36:33 PM, Error: SRTSP [4] - Error loading virus definitions. 10/15/2012 8:25:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 10/15/2012 4:32:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa80026bcb30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-40123-01. 10/15/2012 4:13:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800b628b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-87329-01. 10/15/2012 2:18:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800736eb30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-103319-01. 10/15/2012 2:10:53 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cc3405, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-95753-01. 10/15/2012 10:14:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa800343a060, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-47003-01. 10/15/2012 10:07:15 AM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/15/2012 1:59:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa8007a13b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101512-98374-01. 10/14/2012 9:13:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/14/2012 9:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/14/2012 9:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/14/2012 9:12:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x0000000000000000, 0xfffffa8003d13b30, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-35303-01. 10/14/2012 9:12:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched RapportKE64 rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf 10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/14/2012 9:12:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/14/2012 9:12:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/13/2012 7:39:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 10/13/2012 12:26:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 10/13/2012 12:25:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 10/13/2012 12:24:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 10/13/2012 12:24:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service. 10/13/2012 11:13:11 AM, Error: Service Control Manager [7022] - The Intuit Update Service v4 service hung on starting. 10/13/2012 11:05:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80051ac060, 0xfffff80000ba2748, 0xfffffa80036b6520). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101312-48485-01. 10/12/2012 9:50:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service. . ==== End Of File =========================== I saw some other similar postings, but it seemed that you are looking for specific files for the fixes so I am posting for help. Any guidance you can provide would be greatly appreciated. Thank you!