Smitfraud-c.generic

[ken545]

Looks like the file is gone but its still running as a process.

Drag your copy of Combofix to the trash and lets download an updated copy and run it

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[ken545]

After you run Combofix and post the report, run this program, dont fix anything , let me see the report first

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

[Bastet0330]

I ran ComboFix. It bluescreened my computer twice and then disabled most of the stuff on my computer. Anything in Program Files x86 won't open and gets an error, including my browsers. The error is "C:/Program Files (x86)/Program name/program name Illegal operation attempted on a registry key that has been marked for deletion."

Any ideas?

[ken545]

Have you rebooted your system ? If it wont shut down hold the power button in for 5 seconds or more until it shuts off, then wait about a minute and restart it and see how things are.

If your still having problems then lets try doing a system restore, maybe look for a date prior to all this happening. I am posting a link as it would be easier for you to follow in lew of me typing it all

http://windows.microsoft.com/en-us/w...system-restore

Let me know how it went

[ken545]

If you can lets forgo Rogue Killer for the time being and lets run this program as what you have may be related

Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

[Bastet0330]

Thank you! The reboot worked perfectly. (I'm sorry to be so clueless and high maintenance. I don't want to screw anything up by clicking the wrong thing/rebooting at the wrong time! Thank you so much for being so patient.)

Here's the Combo Fix log, and the TDSS is below. TDSS didn't find any malicious stuff, but it did find a malware and a suspicious file. (I wasn't sure if the malware tag should count as malicious, or if there was a separate "malicious" tag.) TDSS left a log from before and a log from after reboot, so I've included both.
-------------------------------
ComboFix 13-03-21.01 - Mairead 03/22/2013 0:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10173 [GMT -5:00]
Running from: c:\users\Mairead\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mairead\g2mdlhlpx.exe
c:\windows\svchost.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))
.
.
2013-03-22 05:51 . 2013-03-22 05:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-22 05:51 . 2013-03-22 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 07:31 . 2013-03-20 07:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-20 07:30 . 2013-03-20 07:30 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-20 07:30 . 2013-03-20 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-12 08:57 . 2013-03-12 08:57 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-12 08:57 . 2013-03-12 08:57 -------- d-----w- c:\program files\Symantec
2013-03-12 08:57 . 2013-03-12 08:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-12 08:56 . 2013-03-12 08:56 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-03-12 08:56 . 2013-03-12 08:56 -------- d-----w- c:\program files (x86)\Norton 360
2013-03-12 05:00 . 2013-03-12 05:00 -------- d-----w- c:\program files (x86)\ESET
2013-03-12 05:00 . 2013-03-12 05:00 -------- d--h--w- c:\windows\AxInstSV
2013-03-11 19:15 . 2013-03-11 19:15 -------- d-----w- C:\_OTL
2013-03-10 23:38 . 2013-03-10 23:38 -------- d-----w- c:\users\Mairead\AppData\Roaming\Malwarebytes
2013-03-10 23:38 . 2013-03-10 23:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-10 23:38 . 2013-03-10 23:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-10 23:38 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 14:56 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEFE0ACD-F4CA-48AD-9E70-C3757CDF9DEF}\mpengine.dll
2013-03-05 21:28 . 2013-03-06 23:07 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2013-03-05 21:02 . 2013-03-05 21:02 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-03-05 21:02 . 2013-03-05 21:19 -------- d-----w- c:\users\Mairead\AppData\Local\NPE
2013-03-05 20:43 . 2013-03-05 20:43 388096 ----a-r- c:\users\Mairead\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-05 20:43 . 2013-03-05 20:43 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-05 16:47 . 2013-03-11 19:15 -------- d-----w- c:\program files (x86)\ERUNT
2013-02-26 17:11 . 2013-02-26 17:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 07:35 . 2010-09-09 16:16 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-20 05:53 . 2012-04-07 17:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-20 05:53 . 2011-05-19 14:40 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-20 04:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-20 04:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-20 04:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-20 04:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-20 04:51 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-20 04:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 07:28 . 2010-08-07 01:50 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-12 21:48 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-12 21:48 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-12 21:48 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-12 21:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-12 21:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-12 21:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-12 21:48 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-12 21:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-12 21:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-12 21:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-12 21:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-12 21:48 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-12 21:48 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
"Akamai NetSession Interface"="c:\users\Mairead\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"R577SO"="c:\program files (x86)\GIGABYTE\R577SO\R577SO.exe" [2010-04-08 192512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
.
c:\users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-3-4 3280896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 GPU-Z;GPU-Z;c:\users\Mairead\AppData\Local\Temp\GPU-Z.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-07 52856]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-03-05 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130321.001\IDSvia64.sys [2013-03-19 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-09 31968]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-11 138912]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 05:53]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 04:54]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 04:54]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
- c:\users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 01:59]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
- c:\users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 01:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: pandora.com\www
Trusted Zone: webex.com
Trusted Zone: webex.com\gse
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{74F475FA-6C75-43BD-AAB9-ECDA6184F600}"=hex:51,66,7a,6c,4c,1d,38,12,94,76,e7,
70,47,22,d3,06,d5,af,af,9a,64,da,b2,14
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:85,f7,af,bf,8c,1e,ce,01
.
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-03-22 01:05:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-22 06:05
ComboFix2.txt 2013-03-10 15:50
.
Pre-Run: 135,056,224,256 bytes free
Post-Run: 134,888,747,008 bytes free
.
- - End Of File - - 09BC889DDC6FFD6E1C9AB3F99BAD9E6C

[Bastet0330]

I had to split the TDSS stuff. Here's 1/2 of the pre reboot.
__________
10:20:53.0509 2516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:20:54.0592 2516 ============================================================
10:20:54.0592 2516 Current date / time: 2013/03/22 10:20:54.0592
10:20:54.0592 2516 SystemInfo:
10:20:54.0592 2516
10:20:54.0592 2516 OS Version: 6.1.7601 ServicePack: 1.0
10:20:54.0593 2516 Product type: Workstation
10:20:54.0593 2516 ComputerName: COMPY
10:20:54.0593 2516 UserName: Mairead
10:20:54.0593 2516 Windows directory: C:\Windows
10:20:54.0593 2516 System windows directory: C:\Windows
10:20:54.0593 2516 Running under WOW64
10:20:54.0593 2516 Processor architecture: Intel x64
10:20:54.0593 2516 Number of processors: 4
10:20:54.0593 2516 Page size: 0x1000
10:20:54.0593 2516 Boot type: Normal boot
10:20:54.0593 2516 ============================================================
10:20:55.0805 2516 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:20:55.0812 2516 ============================================================
10:20:55.0812 2516 \Device\Harddisk0\DR0:
10:20:55.0813 2516 MBR partitions:
10:20:55.0813 2516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:20:55.0813 2516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
10:20:55.0813 2516 ============================================================
10:20:55.0842 2516 C: <-> \Device\Harddisk0\DR0\Partition2
10:20:55.0842 2516 ============================================================
10:20:55.0842 2516 Initialize success
10:20:55.0842 2516 ============================================================
10:20:58.0172 0892 ============================================================
10:20:58.0172 0892 Scan started
10:20:58.0172 0892 Mode: Manual;
10:20:58.0172 0892 ============================================================
10:20:59.0520 0892 ================ Scan system memory ========================
10:20:59.0520 0892 System memory - ok
10:20:59.0521 0892 ================ Scan services =============================
10:20:59.0662 0892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:20:59.0665 0892 1394ohci - ok
10:20:59.0820 0892 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:20:59.0822 0892 ACDaemon - ok
10:20:59.0871 0892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:20:59.0876 0892 ACPI - ok
10:20:59.0922 0892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:20:59.0923 0892 AcpiPmi - ok
10:21:00.0009 0892 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:21:00.0012 0892 AdobeActiveFileMonitor6.0 - ok
10:21:00.0129 0892 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:21:00.0131 0892 AdobeARMservice - ok
10:21:00.0262 0892 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:00.0265 0892 AdobeFlashPlayerUpdateSvc - ok
10:21:00.0367 0892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:00.0395 0892 adp94xx - ok
10:21:00.0449 0892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:21:00.0455 0892 adpahci - ok
10:21:00.0472 0892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:21:00.0475 0892 adpu320 - ok
10:21:00.0502 0892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:21:00.0503 0892 AeLookupSvc - ok
10:21:00.0565 0892 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
10:21:00.0566 0892 Afc - ok
10:21:00.0618 0892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:21:00.0623 0892 AFD - ok
10:21:00.0660 0892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:21:00.0662 0892 agp440 - ok
10:21:00.0845 0892 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
10:21:00.0845 0892 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
10:21:00.0851 0892 Akamai ( HiddenFile.Multi.Generic ) - warning
10:21:00.0851 0892 Akamai - detected HiddenFile.Multi.Generic (1)
10:21:00.0897 0892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:21:00.0900 0892 ALG - ok
10:21:00.0947 0892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:21:00.0949 0892 aliide - ok
10:21:00.0965 0892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:21:00.0967 0892 amdide - ok
10:21:01.0012 0892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:21:01.0014 0892 AmdK8 - ok
10:21:01.0195 0892 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:01.0329 0892 amdkmdag - ok
10:21:01.0372 0892 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:21:01.0377 0892 amdkmdap - ok
10:21:01.0419 0892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:21:01.0420 0892 AmdPPM - ok
10:21:01.0451 0892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:21:01.0453 0892 amdsata - ok
10:21:01.0464 0892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:01.0467 0892 amdsbs - ok
10:21:01.0496 0892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:21:01.0496 0892 amdxata - ok
10:21:01.0554 0892 [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
10:21:01.0555 0892 Apowersoft_AudioDevice - ok
10:21:01.0597 0892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:21:01.0598 0892 AppID - ok
10:21:01.0621 0892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:21:01.0623 0892 AppIDSvc - ok
10:21:01.0653 0892 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:21:01.0654 0892 Appinfo - ok
10:21:01.0749 0892 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:01.0750 0892 Apple Mobile Device - ok
10:21:01.0823 0892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:21:01.0825 0892 arc - ok
10:21:01.0838 0892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:21:01.0841 0892 arcsas - ok
10:21:01.0878 0892 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:21:01.0879 0892 AsIO - ok
10:21:01.0924 0892 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
10:21:01.0925 0892 AsSysCtrlService - ok
10:21:01.0974 0892 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
10:21:01.0974 0892 AsUpIO - ok
10:21:02.0007 0892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:02.0008 0892 AsyncMac - ok
10:21:02.0037 0892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:21:02.0038 0892 atapi - ok
10:21:02.0090 0892 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:21:02.0092 0892 AtiHDAudioService - ok
10:21:02.0128 0892 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:21:02.0137 0892 AtiHdmiService - ok
10:21:02.0203 0892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:21:02.0209 0892 AudioEndpointBuilder - ok
10:21:02.0228 0892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:21:02.0234 0892 AudioSrv - ok
10:21:02.0288 0892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:21:02.0291 0892 AxInstSV - ok
10:21:02.0340 0892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:21:02.0347 0892 b06bdrv - ok
10:21:02.0409 0892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:02.0414 0892 b57nd60a - ok
10:21:02.0488 0892 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
10:21:02.0506 0892 BCMH43XX - ok
10:21:02.0567 0892 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
10:21:02.0569 0892 BCUService - ok
10:21:02.0627 0892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:21:02.0630 0892 BDESVC - ok
10:21:02.0674 0892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:21:02.0674 0892 Beep - ok
10:21:02.0738 0892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:21:02.0744 0892 BFE - ok
10:21:02.0965 0892 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
10:21:02.0978 0892 BHDrvx64 - ok
10:21:03.0043 0892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:21:03.0052 0892 BITS - ok
10:21:03.0090 0892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:03.0092 0892 blbdrive - ok
10:21:03.0212 0892 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:21:03.0216 0892 Bonjour Service - ok
10:21:03.0263 0892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:21:03.0265 0892 bowser - ok
10:21:03.0318 0892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:03.0320 0892 BrFiltLo - ok
10:21:03.0331 0892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:03.0333 0892 BrFiltUp - ok
10:21:03.0379 0892 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:21:03.0382 0892 BridgeMP - ok
10:21:03.0434 0892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:21:03.0436 0892 Browser - ok
10:21:03.0459 0892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:21:03.0464 0892 Brserid - ok
10:21:03.0492 0892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:03.0494 0892 BrSerWdm - ok
10:21:03.0503 0892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:03.0505 0892 BrUsbMdm - ok
10:21:03.0519 0892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:03.0521 0892 BrUsbSer - ok
10:21:03.0535 0892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:03.0538 0892 BTHMODEM - ok
10:21:03.0569 0892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:21:03.0572 0892 bthserv - ok
10:21:03.0612 0892 catchme - ok
10:21:03.0688 0892 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
10:21:03.0691 0892 ccSet_N360 - ok
10:21:03.0727 0892 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:21:03.0730 0892 cdfs - ok
10:21:03.0775 0892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:21:03.0778 0892 cdrom - ok
10:21:03.0816 0892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:21:03.0818 0892 CertPropSvc - ok
10:21:03.0878 0892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:21:03.0880 0892 circlass - ok
10:21:03.0924 0892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:21:03.0929 0892 CLFS - ok
10:21:03.0990 0892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:03.0992 0892 clr_optimization_v2.0.50727_32 - ok
10:21:04.0034 0892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:21:04.0037 0892 clr_optimization_v2.0.50727_64 - ok
10:21:04.0122 0892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:04.0124 0892 clr_optimization_v4.0.30319_32 - ok
10:21:04.0173 0892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:21:04.0175 0892 clr_optimization_v4.0.30319_64 - ok
10:21:04.0214 0892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:04.0216 0892 CmBatt - ok
10:21:04.0248 0892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:21:04.0250 0892 cmdide - ok
10:21:04.0301 0892 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:21:04.0307 0892 CNG - ok
10:21:04.0322 0892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:21:04.0323 0892 Compbatt - ok
10:21:04.0355 0892 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
10:21:04.0355 0892 CompFilter64 - ok
10:21:04.0418 0892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:21:04.0420 0892 CompositeBus - ok
10:21:04.0436 0892 COMSysApp - ok
10:21:04.0471 0892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:04.0473 0892 crcdisk - ok
10:21:04.0527 0892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:21:04.0529 0892 CryptSvc - ok
10:21:04.0582 0892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:21:04.0588 0892 DcomLaunch - ok
10:21:04.0613 0892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:21:04.0618 0892 defragsvc - ok
10:21:04.0666 0892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:21:04.0669 0892 DfsC - ok
10:21:04.0722 0892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:21:04.0726 0892 Dhcp - ok
10:21:04.0748 0892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:21:04.0749 0892 discache - ok
10:21:04.0786 0892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:21:04.0788 0892 Disk - ok
10:21:04.0825 0892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:21:04.0827 0892 Dnscache - ok
10:21:04.0861 0892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:21:04.0866 0892 dot3svc - ok
10:21:04.0905 0892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:21:04.0907 0892 DPS - ok
10:21:04.0974 0892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:21:04.0976 0892 drmkaud - ok
10:21:05.0165 0892 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
10:21:05.0168 0892 DvmMDES - ok
10:21:05.0214 0892 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:21:05.0223 0892 DXGKrnl - ok
10:21:05.0251 0892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:21:05.0252 0892 EapHost - ok
10:21:05.0322 0892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:21:05.0383 0892 ebdrv - ok
10:21:05.0557 0892 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:21:05.0561 0892 eeCtrl - ok
10:21:05.0660 0892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:21:05.0662 0892 EFS - ok
10:21:05.0942 0892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:21:05.0961 0892 ehRecvr - ok
10:21:05.0992 0892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:21:06.0021 0892 ehSched - ok
10:21:06.0055 0892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:21:06.0072 0892 elxstor - ok
10:21:06.0160 0892 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:21:06.0161 0892 EraserUtilRebootDrv - ok
10:21:06.0200 0892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:21:06.0203 0892 ErrDev - ok
10:21:06.0235 0892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:21:06.0241 0892 EventSystem - ok
10:21:06.0316 0892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:21:06.0328 0892 exfat - ok
10:21:06.0346 0892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:21:06.0359 0892 fastfat - ok
10:21:06.0416 0892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:21:06.0433 0892 Fax - ok
10:21:06.0454 0892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:21:06.0457 0892 fdc - ok
10:21:06.0476 0892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:21:06.0477 0892 fdPHost - ok
10:21:06.0484 0892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:21:06.0485 0892 FDResPub - ok
10:21:06.0521 0892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:21:06.0523 0892 FileInfo - ok
10:21:06.0539 0892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:21:06.0542 0892 Filetrace - ok
10:21:06.0586 0892 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:21:06.0603 0892 FLEXnet Licensing Service - ok
10:21:06.0629 0892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:06.0632 0892 flpydisk - ok
10:21:06.0675 0892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:21:06.0679 0892 FltMgr - ok
10:21:06.0734 0892 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:21:06.0745 0892 FontCache - ok
10:21:06.0796 0892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:06.0848 0892 FontCache3.0.0.0 - ok
10:21:06.0877 0892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:21:06.0893 0892 FsDepends - ok
10:21:06.0963 0892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:21:06.0964 0892 Fs_Rec - ok
10:21:07.0046 0892 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:21:07.0051 0892 fvevol - ok
10:21:07.0071 0892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:07.0074 0892 gagp30kx - ok
10:21:07.0103 0892 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:07.0104 0892 GEARAspiWDM - ok
10:21:07.0151 0892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:21:07.0160 0892 gpsvc - ok
10:21:07.0242 0892 GPU-Z - ok
10:21:07.0378 0892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:07.0379 0892 gupdate - ok
10:21:07.0435 0892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:07.0436 0892 gupdatem - ok
10:21:07.0510 0892 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:21:07.0512 0892 gusvc - ok
10:21:07.0532 0892 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:21:07.0553 0892 hcw85cir - ok
10:21:07.0664 0892 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:21:07.0681 0892 HdAudAddService - ok
10:21:07.0738 0892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:07.0756 0892 HDAudBus - ok
10:21:07.0794 0892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:07.0796 0892 HidBatt - ok
10:21:07.0816 0892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:21:07.0818 0892 HidBth - ok
10:21:07.0856 0892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:21:07.0864 0892 HidIr - ok
10:21:07.0882 0892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:21:07.0883 0892 hidserv - ok
10:21:07.0932 0892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:21:07.0934 0892 HidUsb - ok
10:21:07.0969 0892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:21:07.0971 0892 hkmsvc - ok
10:21:08.0009 0892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:21:08.0012 0892 HomeGroupListener - ok
10:21:08.0049 0892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:21:08.0052 0892 HomeGroupProvider - ok
10:21:08.0088 0892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:21:08.0090 0892 HpSAMD - ok
10:21:08.0149 0892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:21:08.0167 0892 HTTP - ok
10:21:08.0196 0892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:21:08.0197 0892 hwpolicy - ok
10:21:08.0251 0892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:21:08.0253 0892 i8042prt - ok
10:21:08.0290 0892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:21:08.0297 0892 iaStorV - ok
10:21:08.0385 0892 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:21:08.0388 0892 IDriverT - ok
10:21:08.0436 0892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:21:08.0454 0892 idsvc - ok
10:21:08.0556 0892 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130321.001\IDSvia64.sys
10:21:08.0561 0892 IDSVia64 - ok
10:21:08.0596 0892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:21:08.0599 0892 iirsp - ok
10:21:08.0650 0892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:21:08.0658 0892 IKEEXT - ok
10:21:08.0737 0892 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:21:08.0753 0892 IntcAzAudAddService - ok
10:21:08.0792 0892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:21:08.0794 0892 intelide - ok
10:21:08.0847 0892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:21:08.0849 0892 intelppm - ok
10:21:08.0882 0892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:21:08.0886 0892 IPBusEnum - ok
10:21:08.0912 0892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:08.0915 0892 IpFilterDriver - ok
10:21:08.0975 0892 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:21:08.0981 0892 iphlpsvc - ok
10:21:09.0012 0892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:21:09.0014 0892 IPMIDRV - ok
10:21:09.0039 0892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:21:09.0042 0892 IPNAT - ok
10:21:09.0107 0892 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:21:09.0124 0892 iPod Service - ok
10:21:09.0174 0892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:21:09.0175 0892 IRENUM - ok
10:21:09.0210 0892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:21:09.0212 0892 isapnp - ok
10:21:09.0231 0892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:21:09.0236 0892 iScsiPrt - ok
10:21:09.0268 0892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:09.0269 0892 kbdclass - ok
10:21:09.0279 0892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:09.0281 0892 kbdhid - ok
10:21:09.0315 0892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:21:09.0316 0892 KeyIso - ok
10:21:09.0353 0892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:21:09.0355 0892 KSecDD - ok
10:21:09.0394 0892 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:21:09.0396 0892 KSecPkg - ok
10:21:09.0424 0892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:21:09.0426 0892 ksthunk - ok
10:21:09.0451 0892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:21:09.0458 0892 KtmRm - ok
10:21:09.0505 0892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:21:09.0509 0892 LanmanServer - ok
10:21:09.0545 0892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:21:09.0548 0892 LanmanWorkstation - ok
10:21:09.0571 0892 Lbd - ok
10:21:09.0611 0892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:21:09.0613 0892 lltdio - ok
10:21:09.0640 0892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:21:09.0646 0892 lltdsvc - ok
10:21:09.0689 0892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:21:09.0691 0892 lmhosts - ok
10:21:09.0730 0892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:09.0733 0892 LSI_FC - ok
10:21:09.0758 0892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:09.0761 0892 LSI_SAS - ok
10:21:09.0777 0892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:09.0779 0892 LSI_SAS2 - ok
10:21:09.0800 0892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:09.0803 0892 LSI_SCSI - ok
10:21:09.0835 0892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:21:09.0838 0892 luafv - ok
10:21:09.0881 0892 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:21:09.0896 0892 LVPr2M64 - ok
10:21:09.0916 0892 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:21:09.0917 0892 LVPr2Mon - ok
10:21:09.0947 0892 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:21:09.0951 0892 LVRS64 - ok
10:21:10.0063 0892 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
10:21:10.0080 0892 LVUVC64 - ok
10:21:10.0128 0892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:21:10.0132 0892 Mcx2Svc - ok
10:21:10.0155 0892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:21:10.0157 0892 megasas - ok
10:21:10.0173 0892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:10.0178 0892 MegaSR - ok
10:21:10.0203 0892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:21:10.0205 0892 MMCSS - ok
10:21:10.0222 0892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:21:10.0225 0892 Modem - ok
10:21:10.0238 0892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:21:10.0239 0892 monitor - ok
10:21:10.0269 0892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:21:10.0270 0892 mouclass - ok
10:21:10.0309 0892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:21:10.0310 0892 mouhid - ok
10:21:10.0356 0892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:21:10.0358 0892 mountmgr - ok
10:21:10.0446 0892 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:21:10.0447 0892 MozillaMaintenance - ok
10:21:10.0480 0892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:21:10.0484 0892 mpio - ok
10:21:10.0513 0892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:21:10.0516 0892 mpsdrv - ok
10:21:10.0563 0892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:21:10.0571 0892 MpsSvc - ok
10:21:10.0613 0892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:21:10.0616 0892 MRxDAV - ok
10:21:10.0651 0892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:10.0654 0892 mrxsmb - ok
10:21:10.0690 0892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:10.0695 0892 mrxsmb10 - ok
10:21:10.0707 0892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:10.0710 0892 mrxsmb20 - ok
10:21:10.0747 0892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:21:10.0749 0892 msahci - ok
10:21:10.0767 0892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:21:10.0769 0892 msdsm - ok
10:21:10.0785 0892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:21:10.0789 0892 MSDTC - ok
10:21:10.0845 0892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:21:10.0845 0892 Msfs - ok
10:21:10.0886 0892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:21:10.0888 0892 mshidkmdf - ok
10:21:10.0922 0892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:21:10.0922 0892 msisadrv - ok
10:21:11.0070 0892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:21:11.0084 0892 MSiSCSI - ok
10:21:11.0088 0892 msiserver - ok
10:21:11.0175 0892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:21:11.0177 0892 MSKSSRV - ok
10:21:11.0187 0892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:11.0188 0892 MSPCLOCK - ok
10:21:11.0199 0892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:21:11.0200 0892 MSPQM - ok
10:21:11.0238 0892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:21:11.0244 0892 MsRPC - ok
10:21:11.0281 0892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:21:11.0282 0892 mssmbios - ok
10:21:11.0298 0892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:21:11.0300 0892 MSTEE - ok
10:21:11.0312 0892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:11.0314 0892 MTConfig - ok
10:21:11.0372 0892 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:21:11.0372 0892 MTsensor - ok
10:21:11.0416 0892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:21:11.0417 0892 Mup - ok
10:21:11.0506 0892 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
10:21:11.0508 0892 N360 - ok
10:21:11.0543 0892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:21:11.0548 0892 napagent - ok
10:21:11.0604 0892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:21:11.0609 0892 NativeWifiP - ok
10:21:11.0717 0892 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130322.005\ENG64.SYS
10:21:11.0719 0892 NAVENG - ok
10:21:11.0776 0892 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130322.005\EX64.SYS
10:21:11.0795 0892 NAVEX15 - ok
10:21:11.0843 0892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:21:11.0868 0892 NDIS - ok
10:21:11.0906 0892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:11.0908 0892 NdisCap - ok
10:21:11.0917 0892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:11.0918 0892 NdisTapi - ok
10:21:11.0956 0892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:11.0958 0892 Ndisuio - ok
10:21:12.0000 0892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:12.0003 0892 NdisWan - ok
10:21:12.0038 0892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:21:12.0043 0892 NDProxy - ok
10:21:12.0088 0892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:21:12.0089 0892 NetBIOS - ok
10:21:12.0126 0892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:21:12.0129 0892 NetBT - ok
10:21:12.0162 0892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:21:12.0163 0892 Netlogon - ok
10:21:12.0218 0892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:21:12.0223 0892 Netman - ok
10:21:12.0239 0892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:21:12.0245 0892 netprofm - ok
10:21:12.0266 0892 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:12.0269 0892 NetTcpPortSharing - ok
10:21:12.0292 0892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:12.0294 0892 nfrd960 - ok
10:21:12.0347 0892 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:21:12.0351 0892 NlaSvc - ok
10:21:12.0362 0892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:21:12.0363 0892 Npfs - ok
10:21:12.0386 0892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:21:12.0388 0892 nsi - ok
10:21:12.0409 0892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:21:12.0410 0892 nsiproxy - ok
10:21:12.0472 0892 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:21:12.0497 0892 Ntfs - ok
10:21:12.0511 0892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:21:12.0511 0892 Null - ok
10:21:12.0572 0892 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:21:12.0574 0892 NVHDA - ok
10:21:12.0802 0892 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:21:12.0847 0892 nvlddmkm - ok
10:21:12.0895 0892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:21:12.0898 0892 nvraid - ok
10:21:12.0912 0892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:21:12.0916 0892 nvstor - ok
10:21:13.0013 0892 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
10:21:13.0039 0892 NVSvc - ok
10:21:13.0150 0892 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:21:13.0163 0892 nvUpdatusService - ok
10:21:13.0207 0892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:21:13.0210 0892 nv_agp - ok
10:21:13.0291 0892 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:21:13.0298 0892 odserv - ok
10:21:13.0312 0892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:21:13.0314 0892 ohci1394 - ok
10:21:13.0364 0892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:13.0368 0892 ose - ok
10:21:13.0400 0892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:21:13.0405 0892 p2pimsvc - ok
10:21:13.0422 0892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:21:13.0428 0892 p2psvc - ok
10:21:13.0457 0892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:21:13.0460 0892 Parport - ok
10:21:13.0492 0892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:21:13.0493 0892 partmgr - ok
10:21:13.0515 0892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:21:13.0518 0892 PcaSvc - ok
10:21:13.0533 0892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:21:13.0535 0892 pci - ok
10:21:13.0569 0892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:21:13.0570 0892 pciide - ok
10:21:13.0599 0892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:13.0603 0892 pcmcia - ok
10:21:13.0622 0892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:21:13.0623 0892 pcw - ok
10:21:13.0643 0892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:21:13.0661 0892 PEAUTH - ok
10:21:13.0737 0892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:21:13.0740 0892 PerfHost - ok
10:21:13.0801 0892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:21:13.0835 0892 pla - ok
10:21:13.0901 0892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:21:13.0906 0892 PlugPlay - ok
10:21:13.0928 0892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:21:13.0931 0892 PNRPAutoReg - ok
10:21:13.0950 0892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:21:13.0954 0892 PNRPsvc - ok
10:21:13.0994 0892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:21:13.0999 0892 PolicyAgent - ok
10:21:14.0026 0892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:21:14.0029 0892 Power - ok
10:21:14.0078 0892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:21:14.0081 0892 PptpMiniport - ok
10:21:14.0102 0892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:21:14.0104 0892 Processor - ok
10:21:14.0137 0892 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:21:14.0140 0892 ProfSvc - ok
10:21:14.0151 0892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:21:14.0153 0892 ProtectedStorage - ok
10:21:14.0201 0892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:21:14.0203 0892 Psched - ok
10:21:14.0233 0892 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:21:14.0234 0892 PxHlpa64 - ok
10:21:14.0292 0892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

[Bastet0330]

Other half of pre-reboot and post reboot:
10:21:14.0326 0892 ql2300 - ok
10:21:14.0353 0892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:14.0356 0892 ql40xx - ok
10:21:14.0379 0892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:21:14.0384 0892 QWAVE - ok
10:21:14.0402 0892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:21:14.0404 0892 QWAVEdrv - ok
10:21:14.0416 0892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:21:14.0418 0892 RasAcd - ok
10:21:14.0436 0892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:14.0439 0892 RasAgileVpn - ok
10:21:14.0454 0892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:21:14.0458 0892 RasAuto - ok
10:21:14.0506 0892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:14.0509 0892 Rasl2tp - ok
10:21:14.0550 0892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:21:14.0553 0892 RasMan - ok
10:21:14.0575 0892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:14.0577 0892 RasPppoe - ok
10:21:14.0589 0892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:21:14.0591 0892 RasSstp - ok
10:21:14.0629 0892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:21:14.0634 0892 rdbss - ok
10:21:14.0649 0892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:14.0651 0892 rdpbus - ok
10:21:14.0689 0892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:14.0690 0892 RDPCDD - ok
10:21:14.0702 0892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:21:14.0702 0892 RDPENCDD - ok
10:21:14.0709 0892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:21:14.0710 0892 RDPREFMP - ok
10:21:14.0749 0892 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:21:14.0753 0892 RDPWD - ok
10:21:14.0794 0892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:21:14.0798 0892 rdyboost - ok
10:21:14.0827 0892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:21:14.0831 0892 RemoteAccess - ok
10:21:14.0854 0892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:21:14.0859 0892 RemoteRegistry - ok
10:21:14.0875 0892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:21:14.0877 0892 RpcEptMapper - ok
10:21:14.0889 0892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:21:14.0891 0892 RpcLocator - ok
10:21:14.0938 0892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
10:21:14.0944 0892 RpcSs - ok
10:21:14.0974 0892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:21:14.0977 0892 rspndr - ok
10:21:15.0033 0892 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:21:15.0037 0892 RTL8167 - ok
10:21:15.0050 0892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:21:15.0052 0892 SamSs - ok
10:21:15.0082 0892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:21:15.0086 0892 sbp2port - ok
10:21:15.0111 0892 SBRE - ok
10:21:15.0189 0892 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:21:15.0200 0892 SBSDWSCService - ok
10:21:15.0230 0892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:21:15.0235 0892 SCardSvr - ok
10:21:15.0266 0892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:21:15.0268 0892 scfilter - ok
10:21:15.0321 0892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:21:15.0333 0892 Schedule - ok
10:21:15.0389 0892 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
10:21:15.0391 0892 SCMNdisP - ok
10:21:15.0421 0892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:21:15.0422 0892 SCPolicySvc - ok
10:21:15.0452 0892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:21:15.0457 0892 SDRSVC - ok
10:21:15.0502 0892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:21:15.0504 0892 secdrv - ok
10:21:15.0516 0892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:21:15.0518 0892 seclogon - ok
10:21:15.0564 0892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:21:15.0566 0892 SENS - ok
10:21:15.0581 0892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:21:15.0584 0892 SensrSvc - ok
10:21:15.0592 0892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:21:15.0593 0892 Serenum - ok
10:21:15.0640 0892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:21:15.0641 0892 Serial - ok
10:21:15.0693 0892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:21:15.0695 0892 sermouse - ok
10:21:15.0742 0892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:21:15.0744 0892 SessionEnv - ok
10:21:15.0758 0892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:21:15.0761 0892 sffdisk - ok
10:21:15.0772 0892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:21:15.0774 0892 sffp_mmc - ok
10:21:15.0786 0892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:21:15.0788 0892 sffp_sd - ok
10:21:15.0807 0892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:15.0808 0892 sfloppy - ok
10:21:15.0866 0892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:21:15.0870 0892 SharedAccess - ok
10:21:15.0906 0892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:15.0911 0892 ShellHWDetection - ok
10:21:15.0924 0892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:15.0926 0892 SiSRaid2 - ok
10:21:15.0937 0892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:15.0940 0892 SiSRaid4 - ok
10:21:16.0035 0892 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:21:16.0036 0892 SkypeUpdate - ok
10:21:16.0086 0892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:21:16.0089 0892 Smb - ok
10:21:16.0155 0892 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
10:21:16.0157 0892 SMR311 - ok
10:21:16.0232 0892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:21:16.0235 0892 SNMPTRAP - ok
10:21:16.0252 0892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:21:16.0253 0892 spldr - ok
10:21:16.0295 0892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:21:16.0302 0892 Spooler - ok
10:21:16.0384 0892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:21:16.0417 0892 sppsvc - ok
10:21:16.0461 0892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:21:16.0465 0892 sppuinotify - ok
10:21:16.0560 0892 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\N360x64\1403000.024\SRTSP64.SYS
10:21:16.0567 0892 SRTSP - ok
10:21:16.0605 0892 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
10:21:16.0606 0892 SRTSPX - ok
10:21:16.0650 0892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:21:16.0657 0892 srv - ok
10:21:16.0699 0892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:21:16.0706 0892 srv2 - ok
10:21:16.0740 0892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:21:16.0743 0892 srvnet - ok
10:21:16.0799 0892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:21:16.0803 0892 SSDPSRV - ok
10:21:16.0813 0892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:21:16.0816 0892 SstpSvc - ok
10:21:16.0861 0892 Steam Client Service - ok
10:21:16.0913 0892 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:21:16.0917 0892 Stereo Service - ok
10:21:16.0938 0892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:21:16.0940 0892 stexstor - ok
10:21:16.0991 0892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:21:16.0999 0892 stisvc - ok
10:21:17.0033 0892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:21:17.0034 0892 swenum - ok
10:21:17.0071 0892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:21:17.0081 0892 swprv - ok
10:21:17.0128 0892 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
10:21:17.0135 0892 SymDS - ok
10:21:17.0192 0892 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
10:21:17.0217 0892 SymEFA - ok
10:21:17.0255 0892 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:21:17.0257 0892 SymEvent - ok
10:21:17.0272 0892 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
10:21:17.0274 0892 SymIRON - ok
10:21:17.0310 0892 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS
10:21:17.0314 0892 SymNetS - ok
10:21:17.0425 0892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:21:17.0450 0892 SysMain - ok
10:21:17.0480 0892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:17.0483 0892 TabletInputService - ok
10:21:17.0497 0892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:21:17.0500 0892 TapiSrv - ok
10:21:17.0517 0892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:21:17.0519 0892 TBS - ok
10:21:17.0582 0892 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:21:17.0616 0892 Tcpip - ok
10:21:17.0679 0892 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:21:17.0690 0892 TCPIP6 - ok
10:21:17.0730 0892 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:21:17.0739 0892 tcpipreg - ok
10:21:17.0769 0892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:21:17.0780 0892 TDPIPE - ok
10:21:17.0813 0892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:21:17.0815 0892 TDTCP - ok
10:21:17.0850 0892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:21:17.0851 0892 tdx - ok
10:21:17.0897 0892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:21:17.0898 0892 TermDD - ok
10:21:17.0922 0892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:21:17.0930 0892 TermService - ok
10:21:17.0945 0892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:21:17.0947 0892 Themes - ok
10:21:17.0970 0892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:21:17.0971 0892 THREADORDER - ok
10:21:17.0978 0892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:21:17.0980 0892 TrkWks - ok
10:21:18.0036 0892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:18.0039 0892 TrustedInstaller - ok
10:21:18.0070 0892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:18.0072 0892 tssecsrv - ok
10:21:18.0109 0892 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:21:18.0111 0892 TsUsbFlt - ok
10:21:18.0146 0892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:21:18.0149 0892 tunnel - ok
10:21:18.0174 0892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:21:18.0177 0892 uagp35 - ok
10:21:18.0214 0892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:21:18.0219 0892 udfs - ok
10:21:18.0249 0892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:21:18.0252 0892 UI0Detect - ok
10:21:18.0293 0892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:21:18.0296 0892 uliagpkx - ok
10:21:18.0331 0892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:21:18.0333 0892 umbus - ok
10:21:18.0382 0892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:21:18.0384 0892 UmPass - ok
10:21:18.0451 0892 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:21:18.0453 0892 UMVPFSrv - ok
10:21:18.0471 0892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:21:18.0474 0892 upnphost - ok
10:21:18.0517 0892 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:21:18.0520 0892 USBAAPL64 - ok
10:21:18.0575 0892 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:21:18.0577 0892 usbaudio - ok
10:21:18.0616 0892 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:18.0619 0892 usbccgp - ok
10:21:18.0658 0892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:21:18.0661 0892 usbcir - ok
10:21:18.0693 0892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:21:18.0695 0892 usbehci - ok
10:21:18.0736 0892 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:21:18.0741 0892 usbhub - ok
10:21:18.0771 0892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:21:18.0773 0892 usbohci - ok
10:21:18.0809 0892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:21:18.0811 0892 usbprint - ok
10:21:18.0853 0892 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:21:18.0855 0892 usbscan - ok
10:21:18.0889 0892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:18.0892 0892 USBSTOR - ok
10:21:18.0923 0892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:21:18.0926 0892 usbuhci - ok
10:21:18.0970 0892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:21:18.0974 0892 usbvideo - ok
10:21:18.0997 0892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:21:18.0999 0892 UxSms - ok
10:21:19.0012 0892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:21:19.0014 0892 VaultSvc - ok
10:21:19.0021 0892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:21:19.0022 0892 vdrvroot - ok
10:21:19.0059 0892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:21:19.0076 0892 vds - ok
10:21:19.0123 0892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:19.0125 0892 vga - ok
10:21:19.0139 0892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:21:19.0140 0892 VgaSave - ok
10:21:19.0178 0892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:21:19.0181 0892 vhdmp - ok
10:21:19.0198 0892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:21:19.0200 0892 viaide - ok
10:21:19.0214 0892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:21:19.0216 0892 volmgr - ok
10:21:19.0260 0892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:21:19.0266 0892 volmgrx - ok
10:21:19.0285 0892 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:21:19.0290 0892 volsnap - ok
10:21:19.0313 0892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:19.0316 0892 vsmraid - ok
10:21:19.0370 0892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:21:19.0404 0892 VSS - ok
10:21:19.0414 0892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:19.0416 0892 vwifibus - ok
10:21:19.0428 0892 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:19.0429 0892 vwififlt - ok
10:21:19.0470 0892 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:19.0472 0892 vwifimp - ok
10:21:19.0524 0892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:21:19.0530 0892 W32Time - ok
10:21:19.0558 0892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:21:19.0560 0892 WacomPen - ok
10:21:19.0610 0892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:21:19.0611 0892 WANARP - ok
10:21:19.0629 0892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:21:19.0630 0892 Wanarpv6 - ok
10:21:19.0678 0892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:21:19.0702 0892 WatAdminSvc - ok
10:21:19.0755 0892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:21:19.0780 0892 wbengine - ok
10:21:19.0807 0892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:21:19.0812 0892 WbioSrvc - ok
10:21:19.0854 0892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:21:19.0862 0892 wcncsvc - ok
10:21:19.0879 0892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:19.0883 0892 WcsPlugInService - ok
10:21:19.0905 0892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:21:19.0907 0892 Wd - ok
10:21:19.0953 0892 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
10:21:19.0955 0892 WDC_SAM - ok
10:21:19.0997 0892 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:21:20.0014 0892 Wdf01000 - ok
10:21:20.0028 0892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:21:20.0031 0892 WdiServiceHost - ok
10:21:20.0036 0892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:21:20.0039 0892 WdiSystemHost - ok
10:21:20.0081 0892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:21:20.0087 0892 WebClient - ok
10:21:20.0114 0892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:21:20.0120 0892 Wecsvc - ok
10:21:20.0134 0892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:21:20.0136 0892 wercplsupport - ok
10:21:20.0181 0892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:21:20.0183 0892 WerSvc - ok
10:21:20.0205 0892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:20.0206 0892 WfpLwf - ok
10:21:20.0217 0892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:21:20.0219 0892 WIMMount - ok
10:21:20.0231 0892 WinDefend - ok
10:21:20.0237 0892 WinHttpAutoProxySvc - ok
10:21:20.0285 0892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:21:20.0288 0892 Winmgmt - ok
10:21:20.0350 0892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:21:20.0387 0892 WinRM - ok
10:21:20.0436 0892 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:20.0437 0892 WinUsb - ok
10:21:20.0473 0892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:21:20.0483 0892 Wlansvc - ok
10:21:20.0603 0892 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:21:20.0632 0892 wlidsvc - ok
10:21:20.0664 0892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:21:20.0665 0892 WmiAcpi - ok
10:21:20.0687 0892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:21:20.0690 0892 wmiApSrv - ok
10:21:20.0730 0892 WMPNetworkSvc - ok
10:21:20.0751 0892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:21:20.0755 0892 WPCSvc - ok
10:21:20.0790 0892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:21:20.0794 0892 WPDBusEnum - ok
10:21:20.0819 0892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:21:20.0820 0892 ws2ifsl - ok
10:21:20.0866 0892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:21:20.0869 0892 wscsvc - ok
10:21:20.0873 0892 WSearch - ok
10:21:20.0954 0892 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
10:21:20.0957 0892 WSWNDA3100 - ok
10:21:21.0027 0892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:21:21.0062 0892 wuauserv - ok
10:21:21.0098 0892 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:21:21.0100 0892 WudfPf - ok
10:21:21.0150 0892 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:21.0154 0892 WUDFRd - ok
10:21:21.0193 0892 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:21:21.0197 0892 wudfsvc - ok
10:21:21.0225 0892 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:21:21.0267 0892 WwanSvc - ok
10:21:21.0286 0892 XFX_program - ok
10:21:21.0471 0892 ================ Scan global ===============================
10:21:21.0500 0892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:21:21.0537 0892 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:21:21.0547 0892 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:21:21.0573 0892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:21:21.0613 0892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:21:21.0618 0892 [Global] - ok
10:21:21.0619 0892 ================ Scan MBR ==================================
10:21:21.0632 0892 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:21:21.0632 0892 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:21:21.0681 0892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:21:21.0681 0892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:21:21.0682 0892 ================ Scan VBR ==================================
10:21:21.0686 0892 [ 87BF135D9D331B7530B02D0A3AF811F6 ] \Device\Harddisk0\DR0\Partition1
10:21:21.0688 0892 \Device\Harddisk0\DR0\Partition1 - ok
10:21:21.0701 0892 [ BC4003B5F7E3FAF6D4386D6ED222428D ] \Device\Harddisk0\DR0\Partition2
10:21:21.0704 0892 \Device\Harddisk0\DR0\Partition2 - ok
10:21:21.0705 0892 ============================================================
10:21:21.0705 0892 Scan finished
10:21:21.0705 0892 ============================================================
10:21:21.0721 3580 Detected object count: 2
10:21:21.0721 3580 Actual detected object count: 2
10:21:56.0699 3580 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:21:56.0699 3580 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:21:57.0248 3580 \Device\Harddisk0\DR0\# - copied to quarantine
10:21:57.0250 3580 \Device\Harddisk0\DR0 - copied to quarantine
10:21:57.0304 3580 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:21:57.0308 3580 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:21:57.0328 3580 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:21:57.0339 3580 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:21:57.0342 3580 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:21:57.0344 3580 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:21:57.0347 3580 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:21:57.0350 3580 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:21:57.0355 3580 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:21:57.0357 3580 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:21:57.0360 3580 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:21:57.0362 3580 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:21:57.0397 3580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:21:57.0400 3580 \Device\Harddisk0\DR0 - ok
10:21:57.0407 3580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:22:04.0240 2184 Deinitialize success

---------------------------
10:32:06.0523 2904 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:32:07.0422 2904 ============================================================
10:32:07.0422 2904 Current date / time: 2013/03/22 10:32:07.0422
10:32:07.0422 2904 SystemInfo:
10:32:07.0422 2904
10:32:07.0422 2904 OS Version: 6.1.7601 ServicePack: 1.0
10:32:07.0422 2904 Product type: Workstation
10:32:07.0422 2904 ComputerName: COMPY
10:32:07.0422 2904 UserName: Mairead
10:32:07.0422 2904 Windows directory: C:\Windows
10:32:07.0422 2904 System windows directory: C:\Windows
10:32:07.0422 2904 Running under WOW64
10:32:07.0422 2904 Processor architecture: Intel x64
10:32:07.0422 2904 Number of processors: 4
10:32:07.0422 2904 Page size: 0x1000
10:32:07.0422 2904 Boot type: Normal boot
10:32:07.0422 2904 ============================================================
10:32:11.0428 2904 BG loaded
10:32:11.0818 2904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:11.0834 2904 ============================================================
10:32:11.0834 2904 \Device\Harddisk0\DR0:
10:32:11.0834 2904 MBR partitions:
10:32:11.0834 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:32:11.0834 2904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
10:32:11.0834 2904 ============================================================
10:32:11.0865 2904 C: <-> \Device\Harddisk0\DR0\Partition2
10:32:11.0865 2904 ============================================================
10:32:11.0865 2904 Initialize success
10:32:11.0865 2904 ============================================================
10:32:21.0116 3016 Deinitialize success

[ken545]

Great,

It looks like one of the partitions of your hard drive was infected with a rootkit and TDSSKiller may have fixed it.

I should of posted this earlier, but these type of infections can steal passwords and account numbers, there is no way to tell what this pest has done, I strongly urge you to use a known clean computer and go into any bank sites you may use or sites that you may shop from using a credit card and change all your passwords. Use a strong password, it should contain a combination of letters and numbers and use 12 of them.


Lets see if this pest is gone, first rerun TDSSkiller and post the log

Then rerun aswMBR and post the new log

And finally go ahead and run a new scan with OTL and post that log as well

[Bastet0330]

Good call on the passwords -- I'll change those soon and I'll alert my credit card company, just in case.

Here's the OTL:
OTL logfile created on: 3/24/2013 2:50:12 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.41 Gb Available Physical Memory | 86.80% Memory free
23.98 Gb Paging File | 21.51 Gb Available in Paging File | 89.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 125.84 Gb Free Space | 54.06% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Mairead\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Users\Mairead\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130322.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
DRV - (XFX_program) -- C:\Windows\SysWow64\drivers\XFX_program.sys (Sengital Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mairead\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE B7 A0 1F D0 35 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {F3079613-14CE-4bac-AAC1-DC779C94F1DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{CD2529CB-AADE-4129-953A-331E35A57AD0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{F3079613-14CE-4bac-AAC1-DC779C94F1DF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/03/12 03:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/03/23 14:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]

[2011/05/18 23:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/10/25 03:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\SeaMonkey\Profiles\06spn8ys.default\extensions
[2013/03/10 06:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 06:21:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/21 16:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/21 16:51:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/21 16:51:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/06 03:27:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 06:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2013/03/09 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/09 14:33:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/22 00:57:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([gse] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://cloud1.saba.com/SiteRoots/mai...aUpdaterAx.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/24 02:03:46 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\77367830.sys
[2013/03/22 10:21:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/22 10:20:47 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\tdsskiller
[2013/03/22 03:31:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/22 00:57:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/22 00:51:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/21 14:28:35 | 005,042,493 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/21 00:48:19 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{4D797761-0F38-4079-8348-238EC3AA69FF}
[2013/03/20 02:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/20 02:33:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/20 02:33:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/20 02:33:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/20 02:33:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/20 02:33:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/20 02:33:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/20 02:33:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/20 02:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/20 02:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/20 02:33:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/20 02:33:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/20 02:33:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/20 02:33:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/20 02:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/20 02:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 02:31:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 03:57:11 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/12 03:56:18 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys
[2013/03/12 03:56:18 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys
[2013/03/12 03:56:18 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
[2013/03/12 03:56:18 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys
[2013/03/12 03:56:18 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM.sys
[2013/03/12 03:56:17 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys
[2013/03/12 03:56:17 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys
[2013/03/12 03:56:17 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403000.024
[2013/03/12 03:56:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/03/12 03:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/03/12 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/12 00:00:10 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/03/11 14:15:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 20:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Malwarebytes
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 18:38:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 10:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/10 10:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/10 10:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/10 10:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\ESL
[2013/03/05 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/03/05 16:02:09 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\NPE
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/05 11:49:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/05 11:34:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/05 11:28:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/03/04 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/24 02:49:52 | 000,000,512 | ---- | M] () -- C:\Users\Mairead\Desktop\MBR.dat
[2013/03/24 02:48:50 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 02:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 02:10:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
[2013/03/24 02:03:46 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\77367830.sys
[2013/03/24 02:03:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 23:07:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 14:47:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/03/23 14:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 14:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 14:37:39 | 1066,704,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/22 04:10:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
[2013/03/22 00:57:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/21 14:45:52 | 752,827,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/21 14:28:51 | 005,042,493 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/20 11:22:58 | 002,216,339 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/20 02:39:09 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/03/20 00:53:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/20 00:53:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 03:57:11 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/11 00:09:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:09:52 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 00:09:52 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 20:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/05 16:02:09 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 15:43:20 | 000,002,985 | ---- | M] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:49:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:14 | 000,000,928 | ---- | M] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | M] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/03/05 11:29:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/02/22 14:06:50 | 000,350,019 | ---- | M] () -- C:\Users\Mairead\Desktop\Untitled.png
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/24 02:49:52 | 000,000,512 | ---- | C] () -- C:\Users\Mairead\Desktop\MBR.dat
[2013/03/20 02:39:09 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 23:36:55 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/03/12 03:57:15 | 002,216,339 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/12 03:57:11 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/12 03:56:11 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymVTcer.dat
[2013/03/12 03:56:11 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA.inf
[2013/03/12 03:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS.inf
[2013/03/12 03:56:11 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymNet.inf
[2013/03/12 03:56:11 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.inf
[2013/03/12 03:56:11 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.inf
[2013/03/12 03:56:11 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symELAM.inf
[2013/03/12 03:56:11 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.inf
[2013/03/12 03:56:11 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Iron.inf
[2013/03/12 03:56:10 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM64.cat
[2013/03/12 03:56:10 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.cat
[2013/03/12 03:56:10 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet64.cat
[2013/03/12 03:56:10 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\iron.cat
[2013/03/12 03:56:10 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
[2013/03/12 03:56:10 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.cat
[2013/03/12 03:56:10 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
[2013/03/12 03:56:10 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.cat
[2013/03/12 03:56:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/03/10 18:38:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 10:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 10:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 10:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 10:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 15:43:20 | 000,002,985 | ---- | C] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | C] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | C] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/02/22 14:06:11 | 000,350,019 | ---- | C] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/11 12:27:05 | 000,001,067 | ---- | C] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/12 15:28:34 | 000,007,606 | ---- | C] () -- C:\Users\Mairead\AppData\Local\Resmon.ResmonCfg
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/25 13:44:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2011/05/18 16:55:22 | 000,001,940 | ---- | C] () -- C:\Users\Mairead\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 00:19:17 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/22 00:19:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/03 15:05:42 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/02/03 02:48:15 | 000,149,504 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\SharedSettings.ccs
[2011/01/12 19:15:04 | 000,000,154 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\burnaware.ini
[2011/01/06 16:32:21 | 000,061,678 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JPR.{PB
[2011/01/06 16:32:21 | 000,012,358 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JCM.{PB
[2010/12/09 23:08:48 | 000,004,608 | ---- | C] () -- C:\Users\Mairead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 00:20:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2012/07/22 18:51:12 | 000,002,048 | -HS- | M] () -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
----------------
Here's the aswMBR:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-24 02:04:34
-----------------------------
02:04:34.370 OS Version: Windows x64 6.1.7601 Service Pack 1
02:04:34.370 Number of processors: 4 586 0x1E05
02:04:34.370 ComputerName: COMPY UserName:
02:04:36.855 Initialize success
02:05:16.849 AVAST engine defs: 13032302
02:05:25.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:05:25.320 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
02:05:25.345 Disk 0 MBR read successfully
02:05:25.345 Disk 0 MBR scan
02:05:25.355 Disk 0 Windows 7 default MBR code
02:05:25.365 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:05:25.380 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
02:05:25.400 Disk 0 scanning C:\Windows\system32\drivers
02:05:40.377 Service scanning
02:06:10.967 Modules scanning
02:06:10.977 Disk 0 trace - called modules:
02:06:10.992 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
02:06:11.002 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800af58060]
02:06:11.012 3 CLASSPNP.SYS[fffff88001a7343f] -> nt!IofCallDriver -> [0xfffffa8009ce0e40]
02:06:11.017 5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ac16060]
02:06:14.243 AVAST engine scan C:\Windows
02:06:17.344 AVAST engine scan C:\Windows\system32
02:08:55.785 AVAST engine scan C:\Windows\system32\drivers
02:09:11.803 AVAST engine scan C:\Users\Mairead
02:14:40.724 AVAST engine scan C:\ProgramData
02:17:42.850 Scan finished successfully
02:49:52.298 Disk 0 MBR has been saved successfully to "C:\Users\Mairead\Desktop\MBR.dat"
02:49:52.298 The log file has been saved successfully to "C:\Users\Mairead\Desktop\aswMBRlog.txt"