nevergohungry

No, I don't know why it can't remove it... that's why I came here. Feel free to close this thread, I'll try to get some help on another board. Thank you for your time though, it was very appreciated.

Ran a system scan with Norton and it still detected the virus

Hmm... it says "No infections were found"

ComboFix 12-04-01.03 - Shelby 04/02/2012 16:05:29.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2617 [GMT -5:00] Running from: c:\users\Shelby\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Shelby\g2mdlhlpx.exe c:\windows\system32\dds_trash_log.cmd c:\windows\Tasks\At1.job . . ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))) . . 2012-03-31 11:40 . 2012-03-31 11:40 -------- d-----w- c:\users\Shelby\AppData\Roaming\Malwarebytes 2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\programdata\Malwarebytes 2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-31 11:39 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 06:31 . 2012-03-29 06:31 -------- d-----w- c:\program files (x86)\fbphotozoom 2012-03-29 06:29 . 2012-03-29 06:56 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-03-27 19:25 . 2012-03-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-03-27 03:20 . 2012-03-31 08:03 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-03-27 03:19 . 2012-03-27 03:19 -------- d-----w- c:\windows\PCHEALTH 2012-03-27 03:16 . 2012-03-27 03:16 -------- d-----r- C:\MSOCache 2012-03-27 02:58 . 2012-03-27 03:02 16200 ----a-w- c:\windows\stinger.sys 2012-03-27 02:57 . 2012-03-27 03:05 -------- d-----w- c:\program files (x86)\stinger 2012-03-26 22:32 . 2012-03-26 23:00 -------- d-----w- c:\users\Shelby\AppData\Local\NPE 2012-03-26 22:11 . 2012-03-26 23:48 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-03-26 22:08 . 2012-03-26 22:08 -------- d-----we c:\windows\system64 2012-03-26 20:37 . 2012-03-26 21:25 -------- d-----w- c:\windows\AutoKMS 2012-03-23 11:57 . 2012-03-26 18:36 -------- d-----w- c:\windows\system32\drivers\NAVx64\1306020.00A 2012-03-18 18:29 . 2012-03-18 18:29 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 18:29 . 2012-03-18 18:29 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-13 22:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-13 22:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 22:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-13 22:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 22:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 22:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 22:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 22:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-07 04:58 . 2012-03-07 04:58 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-23 15:11 . 2012-01-03 21:04 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-19 06:13 . 2011-07-27 03:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-04 10:44 . 2012-02-15 05:45 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 05:45 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-27 1038088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-01-30 135608] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 138360] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-26 c:\windows\Tasks\AutoKMSCustom.job - c:\windows\AutoKMS\AutoKMS.exe [2012-03-26 20:37] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "(Default)"="" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rt2870 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\ns4vrc0u.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-04-02 16:14:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-02 21:14 ComboFix2.txt 2012-04-02 19:32 ComboFix3.txt 2012-04-02 18:37 . Pre-Run: 427,824,873,472 bytes free Post-Run: 427,939,942,400 bytes free . - - End Of File - - 81F15781BF0CEB235DBD2B9DC0825BAA

SystemLook 30.07.11 by jpshortstuff Log created at 15:44 on 02/04/2012 by Shelby Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rt2870] (Unable to open key - key not found) -= EOF =-

OTL logfile created on: 4/2/2012 3:23:23 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Shelby\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.91 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.33% Memory free 7.83 Gb Paging File | 6.09 Gb Available in Paging File | 77.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.89 Gb Total Space | 398.55 Gb Free Space | 88.59% Space Free | Partition Type: NTFS Computer Name: SHELBY-PC | User Name: Shelby | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days < End of report >

Hmmm.. found the log though? ComboFix 12-04-01.03 - Shelby 04/02/2012 14:22:27.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2563 [GMT -5:00] Running from: c:\users\Shelby\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Shelby\g2mdlhlpx.exe c:\windows\system32\dds_trash_log.cmd c:\windows\Tasks\At1.job . . ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))) . . 2012-03-31 11:40 . 2012-03-31 11:40 -------- d-----w- c:\users\Shelby\AppData\Roaming\Malwarebytes 2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\programdata\Malwarebytes 2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-31 11:39 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 06:31 . 2012-03-29 06:31 -------- d-----w- c:\program files (x86)\fbphotozoom 2012-03-29 06:29 . 2012-03-29 06:56 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-03-27 19:25 . 2012-03-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-03-27 03:20 . 2012-03-31 08:03 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-03-27 03:19 . 2012-03-27 03:19 -------- d-----w- c:\windows\PCHEALTH 2012-03-27 03:16 . 2012-03-27 03:16 -------- d-----r- C:\MSOCache 2012-03-27 02:58 . 2012-03-27 03:02 16200 ----a-w- c:\windows\stinger.sys 2012-03-27 02:57 . 2012-03-27 03:05 -------- d-----w- c:\program files (x86)\stinger 2012-03-26 22:32 . 2012-03-26 23:00 -------- d-----w- c:\users\Shelby\AppData\Local\NPE 2012-03-26 22:11 . 2012-03-26 23:48 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-03-26 22:08 . 2012-03-26 22:08 -------- d-----we c:\windows\system64 2012-03-26 20:37 . 2012-03-26 21:25 -------- d-----w- c:\windows\AutoKMS 2012-03-23 11:57 . 2012-03-26 18:36 -------- d-----w- c:\windows\system32\drivers\NAVx64\1306020.00A 2012-03-18 18:29 . 2012-03-18 18:29 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 18:29 . 2012-03-18 18:29 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-13 22:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-13 22:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 22:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-13 22:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 22:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 22:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 22:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 22:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-07 04:58 . 2012-03-07 04:58 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-23 15:11 . 2012-01-03 21:04 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-03-19 06:13 . 2011-07-27 03:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-04 10:44 . 2012-02-15 05:45 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 05:45 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeBridge"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-27 1038088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-01-30 135608] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 138360] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-26 c:\windows\Tasks\AutoKMSCustom.job - c:\windows\AutoKMS\AutoKMS.exe [2012-03-26 20:37] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "(Default)"="" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rt2870 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\ns4vrc0u.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-04-02 14:32:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-02 19:32 ComboFix2.txt 2012-04-02 18:37 . Pre-Run: 427,876,352,000 bytes free Post-Run: 427,724,677,120 bytes free . - - End Of File - - 638DADE518CCE959918F8BB019A61E83

Same thing happened. After the log popped up, I copied it and tried to open firefox and got the error "Illegal action on registry that has been marked for deletion." Had to do a system restore as nothing would work and any program I tried to open would come up with that error.

When I click combofix to run I still get a popup before it begins saying that Norton Antivirus is still running. Should I click "OK" and continue anyway?

Hmmm... After following your directions, I ran combofix. I know I disabled Norton Antivirus properly as I followed the directions in the link you provided. However, after running combofix a popup appeared saying it was still running. I checked, it wasn't, so I clicked ok. Then after running combofix, a .txt file popped up. I copied it but when I went to open Mozilla Firefox (my browser) a message popped up saying something about "this registry has been marked for deletion" and it was the .exe file for the program. Tried to open photoshop, itunes, aim, etc. and the same error message popped up. I clicked on "system" via the start menu and for some reason the same thing popped up. Somehow found my way to the system restore and restored it to before we began working together.

13:01:49.0641 4480 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48 13:01:49.0641 4480 ============================================================ 13:01:49.0641 4480 Current date / time: 2012/04/02 13:01:49.0641 13:01:49.0641 4480 SystemInfo: 13:01:49.0641 4480 13:01:49.0641 4480 OS Version: 6.1.7601 ServicePack: 1.0 13:01:49.0641 4480 Product type: Workstation 13:01:49.0641 4480 ComputerName: SHELBY-PC 13:01:49.0641 4480 UserName: Shelby 13:01:49.0641 4480 Windows directory: C:\windows 13:01:49.0641 4480 System windows directory: C:\windows 13:01:49.0641 4480 Running under WOW64 13:01:49.0641 4480 Processor architecture: Intel x64 13:01:49.0641 4480 Number of processors: 2 13:01:49.0641 4480 Page size: 0x1000 13:01:49.0641 4480 Boot type: Normal boot 13:01:49.0641 4480 ============================================================ 13:01:50.0358 4480 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:01:50.0358 4480 \Device\Harddisk0\DR0: 13:01:50.0358 4480 MBR used 13:01:50.0358 4480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x383C5800 13:01:50.0421 4480 Initialize success 13:01:50.0421 4480 ============================================================ 13:02:03.0728 2984 ============================================================ 13:02:03.0728 2984 Scan started 13:02:03.0728 2984 Mode: Manual; SigCheck; TDLFS; 13:02:03.0728 2984 ============================================================ 13:02:04.0227 2984 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 13:02:04.0398 2984 1394ohci - ok 13:02:04.0554 2984 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 13:02:04.0586 2984 ACDaemon - ok 13:02:04.0679 2984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 13:02:04.0726 2984 ACPI - ok 13:02:04.0804 2984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 13:02:04.0898 2984 AcpiPmi - ok 13:02:05.0038 2984 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\windows\system32\drivers\adfs.sys 13:02:05.0054 2984 adfs - ok 13:02:05.0163 2984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:02:05.0178 2984 AdobeARMservice - ok 13:02:05.0288 2984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 13:02:05.0319 2984 adp94xx - ok 13:02:05.0444 2984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 13:02:05.0475 2984 adpahci - ok 13:02:05.0600 2984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 13:02:05.0631 2984 adpu320 - ok 13:02:05.0693 2984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 13:02:05.0849 2984 AeLookupSvc - ok 13:02:05.0958 2984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 13:02:06.0036 2984 AFD - ok 13:02:06.0130 2984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 13:02:06.0146 2984 agp440 - ok 13:02:06.0224 2984 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 13:02:06.0317 2984 ALG - ok 13:02:06.0411 2984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 13:02:06.0426 2984 aliide - ok 13:02:06.0520 2984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 13:02:06.0536 2984 amdide - ok 13:02:06.0629 2984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 13:02:06.0692 2984 AmdK8 - ok 13:02:06.0785 2984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 13:02:06.0832 2984 AmdPPM - ok 13:02:06.0941 2984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 13:02:06.0972 2984 amdsata - ok 13:02:07.0128 2984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 13:02:07.0160 2984 amdsbs - ok 13:02:07.0253 2984 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 13:02:07.0284 2984 amdxata - ok 13:02:07.0378 2984 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 13:02:07.0565 2984 AppID - ok 13:02:07.0643 2984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 13:02:07.0706 2984 AppIDSvc - ok 13:02:07.0799 2984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 13:02:07.0877 2984 Appinfo - ok 13:02:07.0955 2984 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:02:07.0986 2984 Apple Mobile Device - ok 13:02:08.0080 2984 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 13:02:08.0111 2984 arc - ok 13:02:08.0205 2984 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 13:02:08.0220 2984 arcsas - ok 13:02:08.0314 2984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 13:02:08.0408 2984 AsyncMac - ok 13:02:08.0517 2984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 13:02:08.0548 2984 atapi - ok 13:02:08.0642 2984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 13:02:08.0720 2984 AudioEndpointBuilder - ok 13:02:08.0766 2984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 13:02:08.0829 2984 AudioSrv - ok 13:02:08.0907 2984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 13:02:08.0985 2984 AxInstSV - ok 13:02:09.0094 2984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 13:02:09.0188 2984 b06bdrv - ok 13:02:09.0297 2984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 13:02:09.0344 2984 b57nd60a - ok 13:02:09.0437 2984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 13:02:09.0515 2984 BDESVC - ok 13:02:09.0593 2984 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 13:02:09.0687 2984 Beep - ok 13:02:09.0874 2984 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys 13:02:09.0921 2984 BHDrvx64 - ok 13:02:10.0014 2984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 13:02:10.0092 2984 BITS - ok 13:02:10.0170 2984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 13:02:10.0217 2984 blbdrive - ok 13:02:10.0311 2984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 13:02:10.0342 2984 Bonjour Service - ok 13:02:10.0451 2984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 13:02:10.0514 2984 bowser - ok 13:02:10.0607 2984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 13:02:10.0654 2984 BrFiltLo - ok 13:02:10.0748 2984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 13:02:10.0779 2984 BrFiltUp - ok 13:02:10.0872 2984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 13:02:10.0950 2984 Browser - ok 13:02:11.0060 2984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 13:02:11.0138 2984 Brserid - ok 13:02:11.0231 2984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 13:02:11.0294 2984 BrSerWdm - ok 13:02:11.0372 2984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 13:02:11.0418 2984 BrUsbMdm - ok 13:02:11.0512 2984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 13:02:11.0559 2984 BrUsbSer - ok 13:02:11.0668 2984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 13:02:11.0715 2984 BTHMODEM - ok 13:02:11.0793 2984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 13:02:11.0871 2984 bthserv - ok 13:02:11.0996 2984 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys 13:02:12.0027 2984 ccSet_NAV - ok 13:02:12.0120 2984 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 13:02:12.0214 2984 cdfs - ok 13:02:12.0308 2984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 13:02:12.0370 2984 cdrom - ok 13:02:12.0464 2984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 13:02:12.0542 2984 CertPropSvc - ok 13:02:12.0651 2984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 13:02:12.0713 2984 circlass - ok 13:02:12.0807 2984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 13:02:12.0854 2984 CLFS - ok 13:02:12.0932 2984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:02:12.0947 2984 clr_optimization_v2.0.50727_32 - ok 13:02:13.0041 2984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:02:13.0072 2984 clr_optimization_v2.0.50727_64 - ok 13:02:13.0166 2984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:02:13.0197 2984 clr_optimization_v4.0.30319_32 - ok 13:02:13.0306 2984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:02:13.0337 2984 clr_optimization_v4.0.30319_64 - ok 13:02:13.0431 2984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 13:02:13.0478 2984 CmBatt - ok 13:02:13.0571 2984 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 13:02:13.0587 2984 cmdide - ok 13:02:13.0696 2984 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 13:02:13.0758 2984 CNG - ok 13:02:13.0836 2984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 13:02:13.0868 2984 Compbatt - ok 13:02:13.0961 2984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 13:02:14.0008 2984 CompositeBus - ok 13:02:14.0070 2984 COMSysApp - ok 13:02:14.0164 2984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 13:02:14.0195 2984 crcdisk - ok 13:02:14.0289 2984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll 13:02:14.0367 2984 CryptSvc - ok 13:02:14.0460 2984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 13:02:14.0554 2984 DcomLaunch - ok 13:02:14.0648 2984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 13:02:14.0726 2984 defragsvc - ok 13:02:14.0835 2984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 13:02:14.0913 2984 DfsC - ok 13:02:15.0022 2984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 13:02:15.0100 2984 Dhcp - ok 13:02:15.0178 2984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 13:02:15.0272 2984 discache - ok 13:02:15.0381 2984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 13:02:15.0396 2984 Disk - ok 13:02:15.0506 2984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 13:02:15.0568 2984 Dnscache - ok 13:02:15.0646 2984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 13:02:15.0740 2984 dot3svc - ok 13:02:15.0833 2984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 13:02:15.0911 2984 DPS - ok 13:02:16.0005 2984 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 13:02:16.0052 2984 drmkaud - ok 13:02:16.0161 2984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 13:02:16.0192 2984 DXGKrnl - ok 13:02:16.0254 2984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 13:02:16.0348 2984 EapHost - ok 13:02:16.0535 2984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 13:02:16.0676 2984 ebdrv - ok 13:02:16.0785 2984 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 13:02:16.0832 2984 eeCtrl - ok 13:02:16.0910 2984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 13:02:16.0988 2984 EFS - ok 13:02:17.0066 2984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 13:02:17.0159 2984 ehRecvr - ok 13:02:17.0222 2984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 13:02:17.0253 2984 ehSched - ok 13:02:17.0362 2984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 13:02:17.0409 2984 elxstor - ok 13:02:17.0502 2984 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 13:02:17.0534 2984 EraserUtilRebootDrv - ok 13:02:17.0612 2984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 13:02:17.0658 2984 ErrDev - ok 13:02:17.0752 2984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 13:02:17.0830 2984 EventSystem - ok 13:02:17.0939 2984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 13:02:18.0017 2984 exfat - ok 13:02:18.0095 2984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 13:02:18.0189 2984 fastfat - ok 13:02:18.0282 2984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 13:02:18.0360 2984 Fax - ok 13:02:18.0454 2984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 13:02:18.0516 2984 fdc - ok 13:02:18.0594 2984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 13:02:18.0688 2984 fdPHost - ok 13:02:18.0750 2984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 13:02:18.0828 2984 FDResPub - ok 13:02:18.0922 2984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 13:02:18.0953 2984 FileInfo - ok 13:02:19.0031 2984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 13:02:19.0125 2984 Filetrace - ok 13:02:19.0218 2984 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 13:02:19.0265 2984 FLEXnet Licensing Service - ok 13:02:19.0343 2984 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 13:02:19.0390 2984 FLEXnet Licensing Service 64 - ok 13:02:19.0468 2984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 13:02:19.0499 2984 flpydisk - ok 13:02:19.0608 2984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 13:02:19.0640 2984 FltMgr - ok 13:02:19.0733 2984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 13:02:19.0842 2984 FontCache - ok 13:02:19.0920 2984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:02:19.0952 2984 FontCache3.0.0.0 - ok 13:02:20.0014 2984 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 13:02:20.0045 2984 FsDepends - ok 13:02:20.0123 2984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 13:02:20.0154 2984 Fs_Rec - ok 13:02:20.0248 2984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 13:02:20.0279 2984 fvevol - ok 13:02:20.0373 2984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 13:02:20.0388 2984 gagp30kx - ok 13:02:20.0498 2984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 13:02:20.0513 2984 GEARAspiWDM - ok 13:02:20.0607 2984 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe 13:02:20.0638 2984 GFNEXSrv - ok 13:02:20.0732 2984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 13:02:20.0794 2984 gpsvc - ok 13:02:20.0903 2984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:02:20.0919 2984 gupdate - ok 13:02:20.0934 2984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:02:20.0950 2984 gupdatem - ok 13:02:21.0075 2984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 13:02:21.0153 2984 hcw85cir - ok 13:02:21.0309 2984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 13:02:21.0356 2984 HdAudAddService - ok 13:02:21.0449 2984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 13:02:21.0512 2984 HDAudBus - ok 13:02:21.0590 2984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 13:02:21.0621 2984 HidBatt - ok 13:02:21.0714 2984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 13:02:21.0761 2984 HidBth - ok 13:02:21.0870 2984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 13:02:21.0902 2984 HidIr - ok 13:02:21.0980 2984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 13:02:22.0058 2984 hidserv - ok 13:02:22.0167 2984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 13:02:22.0198 2984 HidUsb - ok 13:02:22.0276 2984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 13:02:22.0370 2984 hkmsvc - ok 13:02:22.0463 2984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 13:02:22.0526 2984 HomeGroupListener - ok 13:02:22.0588 2984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 13:02:22.0635 2984 HomeGroupProvider - ok 13:02:22.0744 2984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 13:02:22.0760 2984 HpSAMD - ok 13:02:22.0884 2984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 13:02:22.0994 2984 HTTP - ok 13:02:23.0087 2984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 13:02:23.0103 2984 hwpolicy - ok 13:02:23.0212 2984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 13:02:23.0243 2984 i8042prt - ok 13:02:23.0337 2984 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys 13:02:23.0368 2984 iaStor - ok 13:02:23.0477 2984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 13:02:23.0508 2984 iaStorV - ok 13:02:23.0633 2984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:02:23.0680 2984 idsvc - ok 13:02:23.0852 2984 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSvia64.sys 13:02:23.0883 2984 IDSVia64 - ok 13:02:24.0226 2984 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys 13:02:24.0585 2984 igfx - ok 13:02:24.0772 2984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 13:02:24.0803 2984 iirsp - ok 13:02:24.0944 2984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 13:02:25.0006 2984 IKEEXT - ok 13:02:25.0178 2984 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys 13:02:25.0240 2984 IntcAzAudAddService - ok 13:02:25.0318 2984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 13:02:25.0349 2984 intelide - ok 13:02:25.0443 2984 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 13:02:25.0474 2984 intelppm - ok 13:02:25.0552 2984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 13:02:25.0630 2984 IPBusEnum - ok 13:02:25.0724 2984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 13:02:25.0802 2984 IpFilterDriver - ok 13:02:25.0895 2984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 13:02:25.0942 2984 IPMIDRV - ok 13:02:26.0051 2984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 13:02:26.0145 2984 IPNAT - ok 13:02:26.0207 2984 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe 13:02:26.0254 2984 iPod Service - ok 13:02:26.0348 2984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 13:02:26.0394 2984 IRENUM - ok 13:02:26.0472 2984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 13:02:26.0504 2984 isapnp - ok 13:02:26.0597 2984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 13:02:26.0628 2984 iScsiPrt - ok 13:02:26.0738 2984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 13:02:26.0753 2984 kbdclass - ok 13:02:26.0847 2984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 13:02:26.0894 2984 kbdhid - ok 13:02:26.0987 2984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 13:02:27.0018 2984 KeyIso - ok 13:02:27.0096 2984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 13:02:27.0112 2984 KSecDD - ok 13:02:27.0206 2984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 13:02:27.0237 2984 KSecPkg - ok 13:02:27.0330 2984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 13:02:27.0408 2984 ksthunk - ok 13:02:27.0502 2984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 13:02:27.0580 2984 KtmRm - ok 13:02:27.0674 2984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 13:02:27.0752 2984 LanmanServer - ok 13:02:27.0830 2984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 13:02:27.0908 2984 LanmanWorkstation - ok 13:02:28.0032 2984 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 13:02:28.0110 2984 lltdio - ok 13:02:28.0204 2984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 13:02:28.0298 2984 lltdsvc - ok 13:02:28.0376 2984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 13:02:28.0438 2984 lmhosts - ok 13:02:28.0500 2984 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 13:02:28.0547 2984 LMS - ok 13:02:28.0641 2984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 13:02:28.0672 2984 LSI_FC - ok 13:02:28.0781 2984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 13:02:28.0797 2984 LSI_SAS - ok 13:02:28.0906 2984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 13:02:28.0922 2984 LSI_SAS2 - ok 13:02:29.0031 2984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 13:02:29.0062 2984 LSI_SCSI - ok 13:02:29.0140 2984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 13:02:29.0218 2984 luafv - ok 13:02:29.0296 2984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 13:02:29.0312 2984 Mcx2Svc - ok 13:02:29.0405 2984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 13:02:29.0421 2984 megasas - ok 13:02:29.0530 2984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 13:02:29.0561 2984 MegaSR - ok 13:02:29.0655 2984 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 13:02:29.0670 2984 MEIx64 - ok 13:02:29.0748 2984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 13:02:29.0842 2984 MMCSS - ok 13:02:29.0920 2984 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 13:02:30.0014 2984 Modem - ok 13:02:30.0092 2984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 13:02:30.0154 2984 monitor - ok 13:02:30.0248 2984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 13:02:30.0263 2984 mouclass - ok 13:02:30.0372 2984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 13:02:30.0419 2984 mouhid - ok 13:02:30.0513 2984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 13:02:30.0544 2984 mountmgr - ok 13:02:30.0638 2984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 13:02:30.0669 2984 mpio - ok 13:02:30.0747 2984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 13:02:30.0809 2984 mpsdrv - ok 13:02:30.0903 2984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 13:02:30.0965 2984 MRxDAV - ok 13:02:31.0059 2984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 13:02:31.0121 2984 mrxsmb - ok 13:02:31.0215 2984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 13:02:31.0262 2984 mrxsmb10 - ok 13:02:31.0355 2984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 13:02:31.0386 2984 mrxsmb20 - ok 13:02:31.0480 2984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 13:02:31.0496 2984 msahci - ok 13:02:31.0589 2984 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 13:02:31.0620 2984 msdsm - ok 13:02:31.0698 2984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 13:02:31.0745 2984 MSDTC - ok 13:02:31.0839 2984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 13:02:31.0901 2984 Msfs - ok 13:02:31.0995 2984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 13:02:32.0088 2984 mshidkmdf - ok 13:02:32.0166 2984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 13:02:32.0198 2984 msisadrv - ok 13:02:32.0276 2984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 13:02:32.0369 2984 MSiSCSI - ok 13:02:32.0432 2984 msiserver - ok 13:02:32.0525 2984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 13:02:32.0603 2984 MSKSSRV - ok 13:02:32.0712 2984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 13:02:32.0790 2984 MSPCLOCK - ok 13:02:32.0884 2984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 13:02:32.0978 2984 MSPQM - ok 13:02:33.0071 2984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 13:02:33.0118 2984 MsRPC - ok 13:02:33.0196 2984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 13:02:33.0212 2984 mssmbios - ok 13:02:33.0305 2984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 13:02:33.0383 2984 MSTEE - ok 13:02:33.0477 2984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 13:02:33.0508 2984 MTConfig - ok 13:02:33.0586 2984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 13:02:33.0617 2984 Mup - ok 13:02:33.0695 2984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 13:02:33.0804 2984 napagent - ok 13:02:33.0914 2984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 13:02:33.0960 2984 NativeWifiP - ok 13:02:34.0085 2984 NAV (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe 13:02:34.0116 2984 NAV - ok 13:02:34.0288 2984 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120402.002\ENG64.SYS 13:02:34.0304 2984 NAVENG - ok 13:02:34.0506 2984 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120402.002\EX64.SYS 13:02:34.0553 2984 NAVEX15 - ok 13:02:34.0678 2984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 13:02:34.0725 2984 NDIS - ok 13:02:34.0803 2984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 13:02:34.0881 2984 NdisCap - ok 13:02:34.0974 2984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 13:02:35.0052 2984 NdisTapi - ok 13:02:35.0146 2984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 13:02:35.0224 2984 Ndisuio - ok 13:02:35.0318 2984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 13:02:35.0411 2984 NdisWan - ok 13:02:35.0505 2984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 13:02:35.0567 2984 NDProxy - ok 13:02:35.0661 2984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 13:02:35.0739 2984 NetBIOS - ok 13:02:35.0832 2984 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 13:02:35.0895 2984 NetBT - ok 13:02:35.0973 2984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 13:02:36.0004 2984 Netlogon - ok 13:02:36.0098 2984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 13:02:36.0160 2984 Netman - ok 13:02:36.0238 2984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 13:02:36.0332 2984 netprofm - ok 13:02:36.0441 2984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:02:36.0456 2984 NetTcpPortSharing - ok 13:02:36.0550 2984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 13:02:36.0581 2984 nfrd960 - ok 13:02:36.0690 2984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 13:02:36.0768 2984 NlaSvc - ok 13:02:36.0846 2984 Norton PC Checkup Application Launcher - ok 13:02:36.0924 2984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 13:02:37.0002 2984 Npfs - ok 13:02:37.0065 2984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 13:02:37.0143 2984 nsi - ok 13:02:37.0236 2984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 13:02:37.0314 2984 nsiproxy - ok 13:02:37.0439 2984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 13:02:37.0502 2984 Ntfs - ok 13:02:37.0580 2984 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 13:02:37.0658 2984 Null - ok 13:02:37.0751 2984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 13:02:37.0782 2984 nvraid - ok 13:02:37.0892 2984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 13:02:37.0923 2984 nvstor - ok 13:02:38.0016 2984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 13:02:38.0048 2984 nv_agp - ok 13:02:38.0141 2984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:02:38.0188 2984 odserv - ok 13:02:38.0282 2984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 13:02:38.0328 2984 ohci1394 - ok 13:02:38.0406 2984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:02:38.0438 2984 ose - ok 13:02:38.0516 2984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 13:02:38.0578 2984 p2pimsvc - ok 13:02:38.0656 2984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 13:02:38.0703 2984 p2psvc - ok 13:02:38.0781 2984 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 13:02:38.0812 2984 Parport - ok 13:02:38.0906 2984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 13:02:38.0937 2984 partmgr - ok 13:02:39.0015 2984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 13:02:39.0077 2984 PcaSvc - ok 13:02:39.0155 2984 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe 13:02:39.0186 2984 PCCUJobMgr - ok 13:02:39.0280 2984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 13:02:39.0311 2984 pci - ok 13:02:39.0389 2984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 13:02:39.0420 2984 pciide - ok 13:02:39.0514 2984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 13:02:39.0545 2984 pcmcia - ok 13:02:39.0623 2984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 13:02:39.0639 2984 pcw - ok 13:02:39.0748 2984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 13:02:39.0826 2984 PEAUTH - ok 13:02:39.0904 2984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 13:02:39.0951 2984 PerfHost - ok 13:02:40.0076 2984 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 13:02:40.0091 2984 PGEffect - ok 13:02:40.0200 2984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 13:02:40.0294 2984 pla - ok 13:02:40.0372 2984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 13:02:40.0434 2984 PlugPlay - ok 13:02:40.0497 2984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 13:02:40.0544 2984 PNRPAutoReg - ok 13:02:40.0622 2984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 13:02:40.0653 2984 PNRPsvc - ok 13:02:40.0731 2984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 13:02:40.0809 2984 PolicyAgent - ok 13:02:40.0902 2984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 13:02:40.0996 2984 Power - ok 13:02:41.0074 2984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 13:02:41.0168 2984 PptpMiniport - ok 13:02:41.0261 2984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 13:02:41.0308 2984 Processor - ok 13:02:41.0386 2984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll 13:02:41.0480 2984 ProfSvc - ok 13:02:41.0542 2984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 13:02:41.0573 2984 ProtectedStorage - ok 13:02:41.0667 2984 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 13:02:41.0745 2984 Psched - ok 13:02:41.0885 2984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 13:02:41.0948 2984 ql2300 - ok 13:02:42.0057 2984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 13:02:42.0088 2984 ql40xx - ok 13:02:42.0150 2984 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 13:02:42.0197 2984 QWAVE - ok 13:02:42.0291 2984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 13:02:42.0353 2984 QWAVEdrv - ok 13:02:42.0447 2984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 13:02:42.0525 2984 RasAcd - ok 13:02:42.0618 2984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 13:02:42.0681 2984 RasAgileVpn - ok 13:02:42.0743 2984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 13:02:42.0837 2984 RasAuto - ok 13:02:42.0930 2984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 13:02:43.0008 2984 Rasl2tp - ok 13:02:43.0086 2984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 13:02:43.0164 2984 RasMan - ok 13:02:43.0242 2984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 13:02:43.0336 2984 RasPppoe - ok 13:02:43.0414 2984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 13:02:43.0492 2984 RasSstp - ok 13:02:43.0601 2984 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 13:02:43.0679 2984 rdbss - ok 13:02:43.0773 2984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 13:02:43.0820 2984 rdpbus - ok 13:02:43.0913 2984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 13:02:44.0007 2984 RDPCDD - ok 13:02:44.0100 2984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 13:02:44.0178 2984 RDPENCDD - ok 13:02:44.0288 2984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 13:02:44.0334 2984 RDPREFMP - ok 13:02:44.0428 2984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys 13:02:44.0490 2984 RDPWD - ok 13:02:44.0584 2984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 13:02:44.0615 2984 rdyboost - ok 13:02:44.0693 2984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 13:02:44.0771 2984 RemoteAccess - ok 13:02:44.0849 2984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 13:02:44.0943 2984 RemoteRegistry - ok 13:02:45.0052 2984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 13:02:45.0130 2984 RpcEptMapper - ok 13:02:45.0208 2984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 13:02:45.0239 2984 RpcLocator - ok 13:02:45.0317 2984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 13:02:45.0395 2984 RpcSs - ok 13:02:45.0489 2984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 13:02:45.0567 2984 rspndr - ok 13:02:45.0660 2984 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys 13:02:45.0692 2984 RSUSBSTOR - ok 13:02:45.0801 2984 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys 13:02:45.0848 2984 RTL8167 - ok 13:02:45.0957 2984 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\windows\system32\DRIVERS\rtl8192Ce.sys 13:02:46.0019 2984 RTL8192Ce - ok 13:02:46.0097 2984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 13:02:46.0128 2984 SamSs - ok 13:02:46.0222 2984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 13:02:46.0238 2984 sbp2port - ok 13:02:46.0331 2984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 13:02:46.0394 2984 SCardSvr - ok 13:02:46.0472 2984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 13:02:46.0550 2984 scfilter - ok 13:02:46.0659 2984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 13:02:46.0737 2984 Schedule - ok 13:02:46.0815 2984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 13:02:46.0877 2984 SCPolicySvc - ok 13:02:46.0955 2984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 13:02:47.0033 2984 SDRSVC - ok 13:02:47.0127 2984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 13:02:47.0205 2984 secdrv - ok 13:02:47.0283 2984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 13:02:47.0345 2984 seclogon - ok 13:02:47.0408 2984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 13:02:47.0470 2984 SENS - ok 13:02:47.0548 2984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 13:02:47.0610 2984 SensrSvc - ok 13:02:47.0657 2984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 13:02:47.0704 2984 Serenum - ok 13:02:47.0813 2984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 13:02:47.0860 2984 Serial - ok 13:02:47.0954 2984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 13:02:48.0000 2984 sermouse - ok 13:02:48.0094 2984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 13:02:48.0188 2984 SessionEnv - ok 13:02:48.0281 2984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 13:02:48.0312 2984 sffdisk - ok 13:02:48.0406 2984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 13:02:48.0453 2984 sffp_mmc - ok 13:02:48.0546 2984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 13:02:48.0593 2984 sffp_sd - ok 13:02:48.0687 2984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 13:02:48.0734 2984 sfloppy - ok 13:02:48.0812 2984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 13:02:48.0874 2984 SharedAccess - ok 13:02:48.0952 2984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 13:02:49.0030 2984 ShellHWDetection - ok 13:02:49.0139 2984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 13:02:49.0170 2984 SiSRaid2 - ok 13:02:49.0264 2984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 13:02:49.0280 2984 SiSRaid4 - ok 13:02:49.0373 2984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 13:02:49.0451 2984 Smb - ok 13:02:49.0529 2984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 13:02:49.0576 2984 SNMPTRAP - ok 13:02:49.0670 2984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 13:02:49.0685 2984 spldr - ok 13:02:49.0779 2984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 13:02:49.0826 2984 Spooler - ok 13:02:49.0997 2984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 13:02:50.0169 2984 sppsvc - ok 13:02:50.0247 2984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 13:02:50.0309 2984 sppuinotify - ok 13:02:50.0434 2984 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NAVx64\1306020.00A\SRTSP64.SYS 13:02:50.0465 2984 SRTSP - ok 13:02:50.0574 2984 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NAVx64\1306020.00A\SRTSPX64.SYS 13:02:50.0590 2984 SRTSPX - ok 13:02:50.0684 2984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 13:02:50.0762 2984 srv - ok 13:02:50.0855 2984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 13:02:50.0902 2984 srv2 - ok 13:02:50.0996 2984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 13:02:51.0027 2984 srvnet - ok 13:02:51.0105 2984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 13:02:51.0198 2984 SSDPSRV - ok 13:02:51.0276 2984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 13:02:51.0323 2984 SstpSvc - ok 13:02:51.0417 2984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 13:02:51.0448 2984 stexstor - ok 13:02:51.0542 2984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 13:02:51.0588 2984 stisvc - ok 13:02:51.0666 2984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 13:02:51.0698 2984 swenum - ok 13:02:51.0807 2984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 13:02:51.0885 2984 swprv - ok 13:02:52.0025 2984 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS 13:02:52.0056 2984 SymDS - ok 13:02:52.0212 2984 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS 13:02:52.0244 2984 SymEFA - ok 13:02:52.0337 2984 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 13:02:52.0368 2984 SymEvent - ok 13:02:52.0478 2984 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS 13:02:52.0509 2984 SymIRON - ok 13:02:52.0634 2984 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS 13:02:52.0665 2984 SymNetS - ok 13:02:52.0790 2984 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys 13:02:52.0836 2984 SynTP - ok 13:02:52.0946 2984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 13:02:53.0024 2984 SysMain - ok 13:02:53.0086 2984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 13:02:53.0133 2984 TabletInputService - ok 13:02:53.0226 2984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 13:02:53.0304 2984 TapiSrv - ok 13:02:53.0382 2984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 13:02:53.0445 2984 TBS - ok 13:02:53.0570 2984 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 13:02:53.0616 2984 Tcpip - ok 13:02:53.0757 2984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 13:02:53.0804 2984 TCPIP6 - ok 13:02:53.0897 2984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 13:02:53.0960 2984 tcpipreg - ok 13:02:54.0053 2984 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 13:02:54.0084 2984 tdcmdpst - ok 13:02:54.0162 2984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 13:02:54.0209 2984 TDPIPE - ok 13:02:54.0287 2984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 13:02:54.0334 2984 TDTCP - ok 13:02:54.0443 2984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 13:02:54.0506 2984 tdx - ok 13:02:54.0599 2984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 13:02:54.0615 2984 TermDD - ok 13:02:54.0708 2984 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 13:02:54.0802 2984 TermService - ok 13:02:54.0864 2984 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 13:02:54.0911 2984 Themes - ok 13:02:54.0989 2984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 13:02:55.0052 2984 THREADORDER - ok 13:02:55.0130 2984 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 13:02:55.0161 2984 TMachInfo - ok 13:02:55.0223 2984 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe 13:02:55.0239 2984 TODDSrv - ok 13:02:55.0317 2984 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 13:02:55.0348 2984 TosCoSrv - ok 13:02:55.0395 2984 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 13:02:55.0410 2984 TOSHIBA HDD SSD Alert Service - ok 13:02:55.0504 2984 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys 13:02:55.0535 2984 tos_sps64 - ok 13:02:55.0629 2984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 13:02:55.0707 2984 TrkWks - ok 13:02:55.0769 2984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 13:02:55.0863 2984 TrustedInstaller - ok 13:02:55.0941 2984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 13:02:56.0019 2984 tssecsrv - ok 13:02:56.0128 2984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 13:02:56.0175 2984 TsUsbFlt - ok 13:02:56.0268 2984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 13:02:56.0315 2984 TsUsbGD - ok 13:02:56.0409 2984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 13:02:56.0471 2984 tunnel - ok 13:02:56.0596 2984 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 13:02:56.0612 2984 TVALZ - ok 13:02:56.0690 2984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 13:02:56.0721 2984 uagp35 - ok 13:02:56.0861 2984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 13:02:56.0939 2984 udfs - ok 13:02:57.0064 2984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 13:02:57.0095 2984 UI0Detect - ok 13:02:57.0189 2984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 13:02:57.0204 2984 uliagpkx - ok 13:02:57.0298 2984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 13:02:57.0360 2984 umbus - ok 13:02:57.0454 2984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 13:02:57.0485 2984 UmPass - ok 13:02:57.0610 2984 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 13:02:57.0672 2984 UNS - ok 13:02:57.0750 2984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 13:02:57.0860 2984 upnphost - ok 13:02:57.0953 2984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys 13:02:58.0016 2984 USBAAPL64 - ok 13:02:58.0125 2984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys 13:02:58.0187 2984 usbaudio - ok 13:02:58.0281 2984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 13:02:58.0328 2984 usbccgp - ok 13:02:58.0406 2984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 13:02:58.0452 2984 usbcir - ok 13:02:58.0546 2984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 13:02:58.0593 2984 usbehci - ok 13:02:58.0702 2984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 13:02:58.0749 2984 usbhub - ok 13:02:58.0842 2984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 13:02:58.0889 2984 usbohci - ok 13:02:58.0983 2984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 13:02:59.0030 2984 usbprint - ok 13:02:59.0139 2984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 13:02:59.0186 2984 USBSTOR - ok 13:02:59.0279 2984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 13:02:59.0310 2984 usbuhci - ok 13:02:59.0420 2984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 13:02:59.0466 2984 usbvideo - ok 13:02:59.0544 2984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 13:02:59.0622 2984 UxSms - ok 13:02:59.0716 2984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 13:02:59.0747 2984 VaultSvc - ok 13:02:59.0841 2984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 13:02:59.0856 2984 vdrvroot - ok 13:02:59.0950 2984 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 13:03:00.0044 2984 vds - ok 13:03:00.0153 2984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 13:03:00.0200 2984 vga - ok 13:03:00.0278 2984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 13:03:00.0371 2984 VgaSave - ok 13:03:00.0465 2984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 13:03:00.0496 2984 vhdmp - ok 13:03:00.0590 2984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 13:03:00.0621 2984 viaide - ok 13:03:00.0714 2984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 13:03:00.0730 2984 volmgr - ok 13:03:00.0824 2984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 13:03:00.0870 2984 volmgrx - ok 13:03:00.0964 2984 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 13:03:00.0995 2984 volsnap - ok 13:03:01.0073 2984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 13:03:01.0104 2984 vsmraid - ok 13:03:01.0229 2984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 13:03:01.0307 2984 VSS - ok 13:03:01.0385 2984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 13:03:01.0432 2984 vwifibus - ok 13:03:01.0526 2984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 13:03:01.0572 2984 vwififlt - ok 13:03:01.0682 2984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 13:03:01.0744 2984 W32Time - ok 13:03:01.0822 2984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 13:03:01.0869 2984 WacomPen - ok 13:03:01.0962 2984 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 13:03:02.0040 2984 WANARP - ok 13:03:02.0056 2984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 13:03:02.0087 2984 Wanarpv6 - ok 13:03:02.0212 2984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 13:03:02.0243 2984 WatAdminSvc - ok 13:03:02.0384 2984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 13:03:02.0446 2984 wbengine - ok 13:03:02.0524 2984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 13:03:02.0586 2984 WbioSrvc - ok 13:03:02.0680 2984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 13:03:02.0742 2984 wcncsvc - ok 13:03:02.0820 2984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 13:03:02.0867 2984 WcsPlugInService - ok 13:03:02.0945 2984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 13:03:02.0961 2984 Wd - ok 13:03:03.0054 2984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 13:03:03.0086 2984 Wdf01000 - ok 13:03:03.0179 2984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 13:03:03.0273 2984 WdiServiceHost - ok 13:03:03.0288 2984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 13:03:03.0320 2984 WdiSystemHost - ok 13:03:03.0413 2984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 13:03:03.0476 2984 WebClient - ok 13:03:03.0554 2984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 13:03:03.0647 2984 Wecsvc - ok 13:03:03.0710 2984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 13:03:03.0788 2984 wercplsupport - ok 13:03:03.0866 2984 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 13:03:03.0944 2984 WerSvc - ok 13:03:04.0022 2984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 13:03:04.0100 2984 WfpLwf - ok 13:03:04.0178 2984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 13:03:04.0193 2984 WIMMount - ok 13:03:04.0209 2984 WinHttpAutoProxySvc - ok 13:03:04.0318 2984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 13:03:04.0365 2984 Winmgmt - ok 13:03:04.0490 2984 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 13:03:04.0568 2984 WinRM - ok 13:03:04.0661 2984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 13:03:04.0724 2984 Wlansvc - ok 13:03:04.0802 2984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 13:03:04.0817 2984 wlcrasvc - ok 13:03:04.0958 2984 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:03:05.0020 2984 wlidsvc - ok 13:03:05.0098 2984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 13:03:05.0160 2984 WmiAcpi - ok 13:03:05.0254 2984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 13:03:05.0301 2984 wmiApSrv - ok 13:03:05.0363 2984 WMPNetworkSvc - ok 13:03:05.0441 2984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 13:03:05.0472 2984 WPCSvc - ok 13:03:05.0550 2984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 13:03:05.0582 2984 WPDBusEnum - ok 13:03:05.0660 2984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 13:03:05.0738 2984 ws2ifsl - ok 13:03:05.0784 2984 WSearch - ok 13:03:05.0878 2984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll 13:03:05.0956 2984 wuauserv - ok 13:03:06.0050 2984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 13:03:06.0128 2984 WudfPf - ok 13:03:06.0190 2984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 13:03:06.0268 2984 wudfsvc - ok 13:03:06.0346 2984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 13:03:06.0424 2984 WwanSvc - ok 13:03:06.0440 2984 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 13:03:06.0658 2984 \Device\Harddisk0\DR0 - ok 13:03:06.0689 2984 Boot (0x1200) (ea7e4e678d237fdaa5a4381d2dc61e37) \Device\Harddisk0\DR0\Partition0 13:03:06.0689 2984 \Device\Harddisk0\DR0\Partition0 - ok 13:03:06.0689 2984 ============================================================ 13:03:06.0689 2984 Scan finished 13:03:06.0689 2984 ============================================================ 13:03:06.0705 3652 Detected object count: 0 13:03:06.0705 3652 Actual detected object count: 0

RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Shelby [Admin rights] Mode: Scan -- Date: 04/02/2012 12:34:32 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 10 ¤¤¤ [sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Shelby\Desktop\dds.scr) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] sys32\consrv.dll present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++ --- User --- [MBR] fb3937a515e99166b4a1ba42b0da3b16 [bSP] 56d9ace4928dd91fd2fb74cbb1645ef0 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 460683 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 946552832 | Size: 14756 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Norton detected a "Trojan.Zeroaccess.B" and it requires manual removal. MBAM didn't detect anything so here are the two DDS logs, hope I can get some help. ------------------------------------------------------------------ . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Shelby at 6:55:20 on 2012-03-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2488 [GMT -5:00] . AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com uDefault_Page_URL = hxxp://start.toshiba.com uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [AdobeBridge] mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{02D6C4C5-4A2B-4526-9208-B8A9506010C0} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{02D6C4C5-4A2B-4526-9208-B8A9506010C0}\64163747023597374756D6370234F6D6075747562737 : DhcpNameServer = 71.92.29.130 97.81.22.195 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\ns4vrc0u.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys --> C:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-31 488568] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2012-03-31 11:40:11 -------- d-----w- C:\Users\Shelby\AppData\Roaming\Malwarebytes 2012-03-31 11:39:52 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-31 11:39:51 23152 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-03-31 11:39:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-29 06:31:46 -------- d-----w- C:\Program Files (x86)\fbphotozoom 2012-03-29 06:29:22 -------- d-----w- C:\Program Files (x86)\1ClickDownload 2012-03-27 03:19:52 -------- d-----w- C:\windows\PCHEALTH 2012-03-27 02:58:02 16200 ----a-w- C:\windows\stinger.sys 2012-03-27 02:57:19 -------- d-----w- C:\Program Files (x86)\stinger 2012-03-26 22:51:45 -------- d-----w- C:\windows\pss 2012-03-26 22:32:12 -------- d-----w- C:\Users\Shelby\AppData\Local\NPE 2012-03-26 22:11:11 27256 ----a-w- C:\windows\System32\drivers\FixZeroAccess.sys 2012-03-26 22:09:16 0 --sha-w- C:\windows\System32\dds_trash_log.cmd 2012-03-26 22:08:08 -------- d-----we C:\windows\system64 2012-03-26 20:37:44 -------- d-----w- C:\windows\AutoKMS 2012-03-23 11:58:12 738936 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\srtsp64.sys 2012-03-23 11:58:12 451192 ----a-r- C:\windows\System32\drivers\NAVx64\1306020.00A\symds64.sys 2012-03-23 11:58:12 405624 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\symnets.sys 2012-03-23 11:58:12 37496 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\srtspx64.sys 2012-03-23 11:58:12 190072 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\ironx64.sys 2012-03-23 11:58:12 1092728 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\symefa64.sys 2012-03-23 11:58:11 167048 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\ccsetx64.sys 2012-03-23 11:57:57 -------- d-----w- C:\windows\System32\drivers\NAVx64\1306020.00A 2012-03-18 18:29:52 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 18:29:52 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 08:03:31 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-03-14 08:03:30 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 08:03:29 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-03-13 22:09:53 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-03-13 22:09:53 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-03-13 22:09:53 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-03-13 22:09:38 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-03-13 22:09:38 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-03-13 22:09:38 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-03-13 22:09:38 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-03-13 22:09:37 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-03-13 22:09:37 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-03-13 22:09:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-03-07 04:58:18 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility 2012-03-02 08:45:40 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-03-02 06:18:47 -------- d-----w- C:\Users\Shelby\AppData\Local\SoftGrid Client 2012-03-02 06:18:46 -------- d-----w- C:\Users\Shelby\AppData\Roaming\SoftGrid Client 2012-03-02 06:15:38 -------- d-----w- C:\Users\Shelby\AppData\Roaming\TP . ==================== Find3M ==================== . 2012-03-23 15:11:08 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2012-03-19 06:13:20 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-27 03:46:00 60304 ----a-w- C:\Users\Shelby\g2mdlhlpx.exe 2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll . ============= FINISH: 7:01:44.03 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/25/2011 6:24:32 AM System Uptime: 3/30/2012 4:28:56 AM (27 hours ago) . Motherboard: Intel Corporation | | Oneonta Falls Processor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU 1 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 450 GiB total, 394.245 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP30: 3/22/2012 4:02:11 AM - Scheduled Checkpoint RP31: 3/26/2012 3:47:27 PM - Removed Microsoft Office Click-to-Run 2010 RP32: 3/26/2012 4:14:10 PM - Installed Microsoft Office Home and Student 2010 Trial RP33: 3/26/2012 4:38:42 PM - Installed Microsoft Office Home and Student 2010 Trial RP34: 3/26/2012 5:37:57 PM - Norton_Power_Eraser_20120326173754389 RP35: 3/26/2012 10:16:11 PM - Installed Microsoft Office Home and Student 2007 RP36: 3/27/2012 2:24:26 PM - Windows Update RP37: 3/31/2012 3:00:13 AM - Windows Update RP38: 3/31/2012 5:56:21 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 1ClickDownload Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Community Help Adobe Content Viewer Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Download Assistant Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Fonts All Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader X (10.1.2) MUI Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Story Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Widget Browser Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AIM 7 Apple Application Support Apple Software Update ArcSoft WebCam Companion 2 Connect D3DX10 Download Updater (AOL LLC) Google Earth Plug-in Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 25 Junk Mail filter update kuler Label@Once 1.0 Malwarebytes Anti-Malware version 1.60.1.1000 Mesh Runtime Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 11.0 (x86 en-US) MSVCRT MSVCRT_amd64 Norton AntiVirus PDF Settings CS4 Photoshop Camera Raw PlayReady PC Runtime x86 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Skype Launcher Suite Shared Configuration CS4 Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Face Recognition TOSHIBA Hardware Setup Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TOSHIBARegistration Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 3/31/2012 7:01:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service. 3/31/2012 7:00:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service. 3/31/2012 6:59:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wcncsvc service. 3/31/2012 6:59:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service. 3/31/2012 6:58:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service. 3/28/2012 1:00:26 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 3/28/2012 1:00:13 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/28/2012 1:00:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 3/28/2012 1:00:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/27/2012 8:42:03 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance. 3/26/2012 9:58:03 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 3/26/2012 5:55:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/26/2012 5:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/26/2012 5:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/26/2012 5:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/26/2012 5:55:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/26/2012 5:55:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6 3/26/2012 5:55:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/26/2012 5:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 3/26/2012 5:53:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} . ==== End Of File ===========================