Infected with Trojan.Zeroaccess.B

[nevergohungry]

Norton detected a "Trojan.Zeroaccess.B" and it requires manual removal. MBAM didn't detect anything so here are the two DDS logs, hope I can get some help.

------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Shelby at 6:55:20 on 2012-03-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2488 [GMT -5:00]

.

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\GFNEXSrv.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.toshiba.com

uDefault_Page_URL = hxxp://start.toshiba.com

uInternet Settings,ProxyOverride = <local>;*.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [AdobeBridge]

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{02D6C4C5-4A2B-4526-9208-B8A9506010C0} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{02D6C4C5-4A2B-4526-9208-B8A9506010C0}\64163747023597374756D6370234F6D6075747562737 : DhcpNameServer = 71.92.29.130 97.81.22.195

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\ns4vrc0u.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys --> C:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-31 488568]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-03-31 11:40:11 -------- d-----w- C:\Users\Shelby\AppData\Roaming\Malwarebytes

2012-03-31 11:39:52 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-31 11:39:51 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-31 11:39:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-29 06:31:46 -------- d-----w- C:\Program Files (x86)\fbphotozoom

2012-03-29 06:29:22 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-03-27 03:19:52 -------- d-----w- C:\windows\PCHEALTH

2012-03-27 02:58:02 16200 ----a-w- C:\windows\stinger.sys

2012-03-27 02:57:19 -------- d-----w- C:\Program Files (x86)\stinger

2012-03-26 22:51:45 -------- d-----w- C:\windows\pss

2012-03-26 22:32:12 -------- d-----w- C:\Users\Shelby\AppData\Local\NPE

2012-03-26 22:11:11 27256 ----a-w- C:\windows\System32\drivers\FixZeroAccess.sys

2012-03-26 22:09:16 0 --sha-w- C:\windows\System32\dds_trash_log.cmd

2012-03-26 22:08:08 -------- d-----we C:\windows\system64

2012-03-26 20:37:44 -------- d-----w- C:\windows\AutoKMS

2012-03-23 11:58:12 738936 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\srtsp64.sys

2012-03-23 11:58:12 451192 ----a-r- C:\windows\System32\drivers\NAVx64\1306020.00A\symds64.sys

2012-03-23 11:58:12 405624 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\symnets.sys

2012-03-23 11:58:12 37496 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\srtspx64.sys

2012-03-23 11:58:12 190072 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\ironx64.sys

2012-03-23 11:58:12 1092728 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\symefa64.sys

2012-03-23 11:58:11 167048 ----a-w- C:\windows\System32\drivers\NAVx64\1306020.00A\ccsetx64.sys

2012-03-23 11:57:57 -------- d-----w- C:\windows\System32\drivers\NAVx64\1306020.00A

2012-03-18 18:29:52 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 18:29:52 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 08:03:31 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-14 08:03:30 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:03:29 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-03-13 22:09:53 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-03-13 22:09:53 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-03-13 22:09:53 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-03-13 22:09:38 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-03-13 22:09:38 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-03-13 22:09:38 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-03-13 22:09:38 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-03-13 22:09:37 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-03-13 22:09:37 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-03-13 22:09:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-03-07 04:58:18 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2012-03-02 08:45:40 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-03-02 06:18:47 -------- d-----w- C:\Users\Shelby\AppData\Local\SoftGrid Client

2012-03-02 06:18:46 -------- d-----w- C:\Users\Shelby\AppData\Roaming\SoftGrid Client

2012-03-02 06:15:38 -------- d-----w- C:\Users\Shelby\AppData\Roaming\TP

.

==================== Find3M ====================

.

2012-03-23 15:11:08 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2012-03-19 06:13:20 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-27 03:46:00 60304 ----a-w- C:\Users\Shelby\g2mdlhlpx.exe

2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

.

============= FINISH: 7:01:44.03 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/25/2011 6:24:32 AM

System Uptime: 3/30/2012 4:28:56 AM (27 hours ago)

.

Motherboard: Intel Corporation | | Oneonta Falls

Processor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU 1 | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 450 GiB total, 394.245 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP30: 3/22/2012 4:02:11 AM - Scheduled Checkpoint

RP31: 3/26/2012 3:47:27 PM - Removed Microsoft Office Click-to-Run 2010

RP32: 3/26/2012 4:14:10 PM - Installed Microsoft Office Home and Student 2010 Trial

RP33: 3/26/2012 4:38:42 PM - Installed Microsoft Office Home and Student 2010 Trial

RP34: 3/26/2012 5:37:57 PM - Norton_Power_Eraser_20120326173754389

RP35: 3/26/2012 10:16:11 PM - Installed Microsoft Office Home and Student 2007

RP36: 3/27/2012 2:24:26 PM - Windows Update

RP37: 3/31/2012 3:00:13 AM - Windows Update

RP38: 3/31/2012 5:56:21 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1ClickDownload

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Community Help

Adobe Content Viewer

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Download Assistant

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader X (10.1.2) MUI

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Story

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Widget Browser

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AIM 7

Apple Application Support

Apple Software Update

ArcSoft WebCam Companion 2

Connect

D3DX10

Download Updater (AOL LLC)

Google Earth Plug-in

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 25

Junk Mail filter update

kuler

Label@Once 1.0

Malwarebytes Anti-Malware version 1.60.1.1000

Mesh Runtime

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

Norton AntiVirus

PDF Settings CS4

Photoshop Camera Raw

PlayReady PC Runtime x86

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype Launcher

Suite Shared Configuration CS4

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

TOSHIBARegistration

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

3/31/2012 7:01:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.

3/31/2012 7:00:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.

3/31/2012 6:59:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wcncsvc service.

3/31/2012 6:59:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

3/31/2012 6:58:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

3/28/2012 1:00:26 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

3/28/2012 1:00:13 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/28/2012 1:00:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/28/2012 1:00:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/27/2012 8:42:03 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

3/26/2012 9:58:03 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

3/26/2012 5:55:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/26/2012 5:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/26/2012 5:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/26/2012 5:55:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/26/2012 5:55:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/26/2012 5:55:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

3/26/2012 5:55:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/26/2012 5:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

3/26/2012 5:53:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[nevergohungry]

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Shelby [Admin rights]

Mode: Scan -- Date: 04/02/2012 12:34:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Shelby\Desktop\dds.scr) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++

--- User ---

[MBR] fb3937a515e99166b4a1ba42b0da3b16

[bSP] 56d9ace4928dd91fd2fb74cbb1645ef0 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 460683 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 946552832 | Size: 14756 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.
  

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

---------------------------------------------

Please make sure system restore is running and create new restore point before proceeding.

----------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[nevergohungry]

13:01:49.0641 4480 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48

13:01:49.0641 4480 ============================================================

13:01:49.0641 4480 Current date / time: 2012/04/02 13:01:49.0641

13:01:49.0641 4480 SystemInfo:

13:01:49.0641 4480

13:01:49.0641 4480 OS Version: 6.1.7601 ServicePack: 1.0

13:01:49.0641 4480 Product type: Workstation

13:01:49.0641 4480 ComputerName: SHELBY-PC

13:01:49.0641 4480 UserName: Shelby

13:01:49.0641 4480 Windows directory: C:\windows

13:01:49.0641 4480 System windows directory: C:\windows

13:01:49.0641 4480 Running under WOW64

13:01:49.0641 4480 Processor architecture: Intel x64

13:01:49.0641 4480 Number of processors: 2

13:01:49.0641 4480 Page size: 0x1000

13:01:49.0641 4480 Boot type: Normal boot

13:01:49.0641 4480 ============================================================

13:01:50.0358 4480 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:01:50.0358 4480 \Device\Harddisk0\DR0:

13:01:50.0358 4480 MBR used

13:01:50.0358 4480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x383C5800

13:01:50.0421 4480 Initialize success

13:01:50.0421 4480 ============================================================

13:02:03.0728 2984 ============================================================

13:02:03.0728 2984 Scan started

13:02:03.0728 2984 Mode: Manual; SigCheck; TDLFS;

13:02:03.0728 2984 ============================================================

13:02:04.0227 2984 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

13:02:04.0398 2984 1394ohci - ok

13:02:04.0554 2984 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

13:02:04.0586 2984 ACDaemon - ok

13:02:04.0679 2984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

13:02:04.0726 2984 ACPI - ok

13:02:04.0804 2984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

13:02:04.0898 2984 AcpiPmi - ok

13:02:05.0038 2984 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\windows\system32\drivers\adfs.sys

13:02:05.0054 2984 adfs - ok

13:02:05.0163 2984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:02:05.0178 2984 AdobeARMservice - ok

13:02:05.0288 2984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

13:02:05.0319 2984 adp94xx - ok

13:02:05.0444 2984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

13:02:05.0475 2984 adpahci - ok

13:02:05.0600 2984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

13:02:05.0631 2984 adpu320 - ok

13:02:05.0693 2984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

13:02:05.0849 2984 AeLookupSvc - ok

13:02:05.0958 2984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

13:02:06.0036 2984 AFD - ok

13:02:06.0130 2984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

13:02:06.0146 2984 agp440 - ok

13:02:06.0224 2984 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

13:02:06.0317 2984 ALG - ok

13:02:06.0411 2984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

13:02:06.0426 2984 aliide - ok

13:02:06.0520 2984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

13:02:06.0536 2984 amdide - ok

13:02:06.0629 2984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

13:02:06.0692 2984 AmdK8 - ok

13:02:06.0785 2984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

13:02:06.0832 2984 AmdPPM - ok

13:02:06.0941 2984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

13:02:06.0972 2984 amdsata - ok

13:02:07.0128 2984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

13:02:07.0160 2984 amdsbs - ok

13:02:07.0253 2984 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

13:02:07.0284 2984 amdxata - ok

13:02:07.0378 2984 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

13:02:07.0565 2984 AppID - ok

13:02:07.0643 2984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

13:02:07.0706 2984 AppIDSvc - ok

13:02:07.0799 2984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

13:02:07.0877 2984 Appinfo - ok

13:02:07.0955 2984 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:02:07.0986 2984 Apple Mobile Device - ok

13:02:08.0080 2984 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

13:02:08.0111 2984 arc - ok

13:02:08.0205 2984 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

13:02:08.0220 2984 arcsas - ok

13:02:08.0314 2984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

13:02:08.0408 2984 AsyncMac - ok

13:02:08.0517 2984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

13:02:08.0548 2984 atapi - ok

13:02:08.0642 2984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

13:02:08.0720 2984 AudioEndpointBuilder - ok

13:02:08.0766 2984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

13:02:08.0829 2984 AudioSrv - ok

13:02:08.0907 2984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

13:02:08.0985 2984 AxInstSV - ok

13:02:09.0094 2984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

13:02:09.0188 2984 b06bdrv - ok

13:02:09.0297 2984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

13:02:09.0344 2984 b57nd60a - ok

13:02:09.0437 2984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

13:02:09.0515 2984 BDESVC - ok

13:02:09.0593 2984 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

13:02:09.0687 2984 Beep - ok

13:02:09.0874 2984 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys

13:02:09.0921 2984 BHDrvx64 - ok

13:02:10.0014 2984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

13:02:10.0092 2984 BITS - ok

13:02:10.0170 2984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

13:02:10.0217 2984 blbdrive - ok

13:02:10.0311 2984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

13:02:10.0342 2984 Bonjour Service - ok

13:02:10.0451 2984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

13:02:10.0514 2984 bowser - ok

13:02:10.0607 2984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

13:02:10.0654 2984 BrFiltLo - ok

13:02:10.0748 2984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

13:02:10.0779 2984 BrFiltUp - ok

13:02:10.0872 2984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

13:02:10.0950 2984 Browser - ok

13:02:11.0060 2984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

13:02:11.0138 2984 Brserid - ok

13:02:11.0231 2984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

13:02:11.0294 2984 BrSerWdm - ok

13:02:11.0372 2984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

13:02:11.0418 2984 BrUsbMdm - ok

13:02:11.0512 2984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

13:02:11.0559 2984 BrUsbSer - ok

13:02:11.0668 2984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

13:02:11.0715 2984 BTHMODEM - ok

13:02:11.0793 2984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

13:02:11.0871 2984 bthserv - ok

13:02:11.0996 2984 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys

13:02:12.0027 2984 ccSet_NAV - ok

13:02:12.0120 2984 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

13:02:12.0214 2984 cdfs - ok

13:02:12.0308 2984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

13:02:12.0370 2984 cdrom - ok

13:02:12.0464 2984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

13:02:12.0542 2984 CertPropSvc - ok

13:02:12.0651 2984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

13:02:12.0713 2984 circlass - ok

13:02:12.0807 2984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

13:02:12.0854 2984 CLFS - ok

13:02:12.0932 2984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:02:12.0947 2984 clr_optimization_v2.0.50727_32 - ok

13:02:13.0041 2984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:02:13.0072 2984 clr_optimization_v2.0.50727_64 - ok

13:02:13.0166 2984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:02:13.0197 2984 clr_optimization_v4.0.30319_32 - ok

13:02:13.0306 2984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:02:13.0337 2984 clr_optimization_v4.0.30319_64 - ok

13:02:13.0431 2984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

13:02:13.0478 2984 CmBatt - ok

13:02:13.0571 2984 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

13:02:13.0587 2984 cmdide - ok

13:02:13.0696 2984 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

13:02:13.0758 2984 CNG - ok

13:02:13.0836 2984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

13:02:13.0868 2984 Compbatt - ok

13:02:13.0961 2984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

13:02:14.0008 2984 CompositeBus - ok

13:02:14.0070 2984 COMSysApp - ok

13:02:14.0164 2984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

13:02:14.0195 2984 crcdisk - ok

13:02:14.0289 2984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

13:02:14.0367 2984 CryptSvc - ok

13:02:14.0460 2984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

13:02:14.0554 2984 DcomLaunch - ok

13:02:14.0648 2984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

13:02:14.0726 2984 defragsvc - ok

13:02:14.0835 2984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

13:02:14.0913 2984 DfsC - ok

13:02:15.0022 2984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

13:02:15.0100 2984 Dhcp - ok

13:02:15.0178 2984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

13:02:15.0272 2984 discache - ok

13:02:15.0381 2984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

13:02:15.0396 2984 Disk - ok

13:02:15.0506 2984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

13:02:15.0568 2984 Dnscache - ok

13:02:15.0646 2984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

13:02:15.0740 2984 dot3svc - ok

13:02:15.0833 2984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

13:02:15.0911 2984 DPS - ok

13:02:16.0005 2984 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

13:02:16.0052 2984 drmkaud - ok

13:02:16.0161 2984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

13:02:16.0192 2984 DXGKrnl - ok

13:02:16.0254 2984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

13:02:16.0348 2984 EapHost - ok

13:02:16.0535 2984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

13:02:16.0676 2984 ebdrv - ok

13:02:16.0785 2984 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

13:02:16.0832 2984 eeCtrl - ok

13:02:16.0910 2984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

13:02:16.0988 2984 EFS - ok

13:02:17.0066 2984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

13:02:17.0159 2984 ehRecvr - ok

13:02:17.0222 2984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

13:02:17.0253 2984 ehSched - ok

13:02:17.0362 2984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

13:02:17.0409 2984 elxstor - ok

13:02:17.0502 2984 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:02:17.0534 2984 EraserUtilRebootDrv - ok

13:02:17.0612 2984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

13:02:17.0658 2984 ErrDev - ok

13:02:17.0752 2984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

13:02:17.0830 2984 EventSystem - ok

13:02:17.0939 2984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

13:02:18.0017 2984 exfat - ok

13:02:18.0095 2984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

13:02:18.0189 2984 fastfat - ok

13:02:18.0282 2984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

13:02:18.0360 2984 Fax - ok

13:02:18.0454 2984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

13:02:18.0516 2984 fdc - ok

13:02:18.0594 2984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

13:02:18.0688 2984 fdPHost - ok

13:02:18.0750 2984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

13:02:18.0828 2984 FDResPub - ok

13:02:18.0922 2984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

13:02:18.0953 2984 FileInfo - ok

13:02:19.0031 2984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

13:02:19.0125 2984 Filetrace - ok

13:02:19.0218 2984 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:02:19.0265 2984 FLEXnet Licensing Service - ok

13:02:19.0343 2984 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

13:02:19.0390 2984 FLEXnet Licensing Service 64 - ok

13:02:19.0468 2984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

13:02:19.0499 2984 flpydisk - ok

13:02:19.0608 2984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

13:02:19.0640 2984 FltMgr - ok

13:02:19.0733 2984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

13:02:19.0842 2984 FontCache - ok

13:02:19.0920 2984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:02:19.0952 2984 FontCache3.0.0.0 - ok

13:02:20.0014 2984 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

13:02:20.0045 2984 FsDepends - ok

13:02:20.0123 2984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

13:02:20.0154 2984 Fs_Rec - ok

13:02:20.0248 2984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

13:02:20.0279 2984 fvevol - ok

13:02:20.0373 2984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

13:02:20.0388 2984 gagp30kx - ok

13:02:20.0498 2984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

13:02:20.0513 2984 GEARAspiWDM - ok

13:02:20.0607 2984 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe

13:02:20.0638 2984 GFNEXSrv - ok

13:02:20.0732 2984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

13:02:20.0794 2984 gpsvc - ok

13:02:20.0903 2984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:02:20.0919 2984 gupdate - ok

13:02:20.0934 2984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:02:20.0950 2984 gupdatem - ok

13:02:21.0075 2984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

13:02:21.0153 2984 hcw85cir - ok

13:02:21.0309 2984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

13:02:21.0356 2984 HdAudAddService - ok

13:02:21.0449 2984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

13:02:21.0512 2984 HDAudBus - ok

13:02:21.0590 2984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

13:02:21.0621 2984 HidBatt - ok

13:02:21.0714 2984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

13:02:21.0761 2984 HidBth - ok

13:02:21.0870 2984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

13:02:21.0902 2984 HidIr - ok

13:02:21.0980 2984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

13:02:22.0058 2984 hidserv - ok

13:02:22.0167 2984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

13:02:22.0198 2984 HidUsb - ok

13:02:22.0276 2984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

13:02:22.0370 2984 hkmsvc - ok

13:02:22.0463 2984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

13:02:22.0526 2984 HomeGroupListener - ok

13:02:22.0588 2984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

13:02:22.0635 2984 HomeGroupProvider - ok

13:02:22.0744 2984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

13:02:22.0760 2984 HpSAMD - ok

13:02:22.0884 2984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

13:02:22.0994 2984 HTTP - ok

13:02:23.0087 2984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

13:02:23.0103 2984 hwpolicy - ok

13:02:23.0212 2984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

13:02:23.0243 2984 i8042prt - ok

13:02:23.0337 2984 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

13:02:23.0368 2984 iaStor - ok

13:02:23.0477 2984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

13:02:23.0508 2984 iaStorV - ok

13:02:23.0633 2984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:02:23.0680 2984 idsvc - ok

13:02:23.0852 2984 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSvia64.sys

13:02:23.0883 2984 IDSVia64 - ok

13:02:24.0226 2984 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys

13:02:24.0585 2984 igfx - ok

13:02:24.0772 2984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

13:02:24.0803 2984 iirsp - ok

13:02:24.0944 2984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

13:02:25.0006 2984 IKEEXT - ok

13:02:25.0178 2984 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys

13:02:25.0240 2984 IntcAzAudAddService - ok

13:02:25.0318 2984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

13:02:25.0349 2984 intelide - ok

13:02:25.0443 2984 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

13:02:25.0474 2984 intelppm - ok

13:02:25.0552 2984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

13:02:25.0630 2984 IPBusEnum - ok

13:02:25.0724 2984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

13:02:25.0802 2984 IpFilterDriver - ok

13:02:25.0895 2984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

13:02:25.0942 2984 IPMIDRV - ok

13:02:26.0051 2984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

13:02:26.0145 2984 IPNAT - ok

13:02:26.0207 2984 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe

13:02:26.0254 2984 iPod Service - ok

13:02:26.0348 2984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

13:02:26.0394 2984 IRENUM - ok

13:02:26.0472 2984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

13:02:26.0504 2984 isapnp - ok

13:02:26.0597 2984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

13:02:26.0628 2984 iScsiPrt - ok

13:02:26.0738 2984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

13:02:26.0753 2984 kbdclass - ok

13:02:26.0847 2984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

13:02:26.0894 2984 kbdhid - ok

13:02:26.0987 2984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

13:02:27.0018 2984 KeyIso - ok

13:02:27.0096 2984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

13:02:27.0112 2984 KSecDD - ok

13:02:27.0206 2984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

13:02:27.0237 2984 KSecPkg - ok

13:02:27.0330 2984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

13:02:27.0408 2984 ksthunk - ok

13:02:27.0502 2984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

13:02:27.0580 2984 KtmRm - ok

13:02:27.0674 2984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

13:02:27.0752 2984 LanmanServer - ok

13:02:27.0830 2984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

13:02:27.0908 2984 LanmanWorkstation - ok

13:02:28.0032 2984 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

13:02:28.0110 2984 lltdio - ok

13:02:28.0204 2984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

13:02:28.0298 2984 lltdsvc - ok

13:02:28.0376 2984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

13:02:28.0438 2984 lmhosts - ok

13:02:28.0500 2984 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

13:02:28.0547 2984 LMS - ok

13:02:28.0641 2984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

13:02:28.0672 2984 LSI_FC - ok

13:02:28.0781 2984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

13:02:28.0797 2984 LSI_SAS - ok

13:02:28.0906 2984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

13:02:28.0922 2984 LSI_SAS2 - ok

13:02:29.0031 2984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

13:02:29.0062 2984 LSI_SCSI - ok

13:02:29.0140 2984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

13:02:29.0218 2984 luafv - ok

13:02:29.0296 2984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

13:02:29.0312 2984 Mcx2Svc - ok

13:02:29.0405 2984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

13:02:29.0421 2984 megasas - ok

13:02:29.0530 2984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

13:02:29.0561 2984 MegaSR - ok

13:02:29.0655 2984 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

13:02:29.0670 2984 MEIx64 - ok

13:02:29.0748 2984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

13:02:29.0842 2984 MMCSS - ok

13:02:29.0920 2984 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

13:02:30.0014 2984 Modem - ok

13:02:30.0092 2984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

13:02:30.0154 2984 monitor - ok

13:02:30.0248 2984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

13:02:30.0263 2984 mouclass - ok

13:02:30.0372 2984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

13:02:30.0419 2984 mouhid - ok

13:02:30.0513 2984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

13:02:30.0544 2984 mountmgr - ok

13:02:30.0638 2984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

13:02:30.0669 2984 mpio - ok

13:02:30.0747 2984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

13:02:30.0809 2984 mpsdrv - ok

13:02:30.0903 2984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

13:02:30.0965 2984 MRxDAV - ok

13:02:31.0059 2984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

13:02:31.0121 2984 mrxsmb - ok

13:02:31.0215 2984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

13:02:31.0262 2984 mrxsmb10 - ok

13:02:31.0355 2984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

13:02:31.0386 2984 mrxsmb20 - ok

13:02:31.0480 2984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

13:02:31.0496 2984 msahci - ok

13:02:31.0589 2984 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

13:02:31.0620 2984 msdsm - ok

13:02:31.0698 2984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

13:02:31.0745 2984 MSDTC - ok

13:02:31.0839 2984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

13:02:31.0901 2984 Msfs - ok

13:02:31.0995 2984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

13:02:32.0088 2984 mshidkmdf - ok

13:02:32.0166 2984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

13:02:32.0198 2984 msisadrv - ok

13:02:32.0276 2984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

13:02:32.0369 2984 MSiSCSI - ok

13:02:32.0432 2984 msiserver - ok

13:02:32.0525 2984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

13:02:32.0603 2984 MSKSSRV - ok

13:02:32.0712 2984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

13:02:32.0790 2984 MSPCLOCK - ok

13:02:32.0884 2984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

13:02:32.0978 2984 MSPQM - ok

13:02:33.0071 2984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

13:02:33.0118 2984 MsRPC - ok

13:02:33.0196 2984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

13:02:33.0212 2984 mssmbios - ok

13:02:33.0305 2984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

13:02:33.0383 2984 MSTEE - ok

13:02:33.0477 2984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

13:02:33.0508 2984 MTConfig - ok

13:02:33.0586 2984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

13:02:33.0617 2984 Mup - ok

13:02:33.0695 2984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

13:02:33.0804 2984 napagent - ok

13:02:33.0914 2984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

13:02:33.0960 2984 NativeWifiP - ok

13:02:34.0085 2984 NAV (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe

13:02:34.0116 2984 NAV - ok

13:02:34.0288 2984 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120402.002\ENG64.SYS

13:02:34.0304 2984 NAVENG - ok

13:02:34.0506 2984 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120402.002\EX64.SYS

13:02:34.0553 2984 NAVEX15 - ok

13:02:34.0678 2984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

13:02:34.0725 2984 NDIS - ok

13:02:34.0803 2984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

13:02:34.0881 2984 NdisCap - ok

13:02:34.0974 2984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

13:02:35.0052 2984 NdisTapi - ok

13:02:35.0146 2984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

13:02:35.0224 2984 Ndisuio - ok

13:02:35.0318 2984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

13:02:35.0411 2984 NdisWan - ok

13:02:35.0505 2984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

13:02:35.0567 2984 NDProxy - ok

13:02:35.0661 2984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

13:02:35.0739 2984 NetBIOS - ok

13:02:35.0832 2984 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

13:02:35.0895 2984 NetBT - ok

13:02:35.0973 2984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

13:02:36.0004 2984 Netlogon - ok

13:02:36.0098 2984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

13:02:36.0160 2984 Netman - ok

13:02:36.0238 2984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

13:02:36.0332 2984 netprofm - ok

13:02:36.0441 2984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:02:36.0456 2984 NetTcpPortSharing - ok

13:02:36.0550 2984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

13:02:36.0581 2984 nfrd960 - ok

13:02:36.0690 2984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

13:02:36.0768 2984 NlaSvc - ok

13:02:36.0846 2984 Norton PC Checkup Application Launcher - ok

13:02:36.0924 2984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

13:02:37.0002 2984 Npfs - ok

13:02:37.0065 2984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

13:02:37.0143 2984 nsi - ok

13:02:37.0236 2984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

13:02:37.0314 2984 nsiproxy - ok

13:02:37.0439 2984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

13:02:37.0502 2984 Ntfs - ok

13:02:37.0580 2984 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

13:02:37.0658 2984 Null - ok

13:02:37.0751 2984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

13:02:37.0782 2984 nvraid - ok

13:02:37.0892 2984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

13:02:37.0923 2984 nvstor - ok

13:02:38.0016 2984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

13:02:38.0048 2984 nv_agp - ok

13:02:38.0141 2984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:02:38.0188 2984 odserv - ok

13:02:38.0282 2984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

13:02:38.0328 2984 ohci1394 - ok

13:02:38.0406 2984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:02:38.0438 2984 ose - ok

13:02:38.0516 2984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

13:02:38.0578 2984 p2pimsvc - ok

13:02:38.0656 2984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

13:02:38.0703 2984 p2psvc - ok

13:02:38.0781 2984 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

13:02:38.0812 2984 Parport - ok

13:02:38.0906 2984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

13:02:38.0937 2984 partmgr - ok

13:02:39.0015 2984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

13:02:39.0077 2984 PcaSvc - ok

13:02:39.0155 2984 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

13:02:39.0186 2984 PCCUJobMgr - ok

13:02:39.0280 2984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

13:02:39.0311 2984 pci - ok

13:02:39.0389 2984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

13:02:39.0420 2984 pciide - ok

13:02:39.0514 2984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

13:02:39.0545 2984 pcmcia - ok

13:02:39.0623 2984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

13:02:39.0639 2984 pcw - ok

13:02:39.0748 2984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

13:02:39.0826 2984 PEAUTH - ok

13:02:39.0904 2984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

13:02:39.0951 2984 PerfHost - ok

13:02:40.0076 2984 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

13:02:40.0091 2984 PGEffect - ok

13:02:40.0200 2984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

13:02:40.0294 2984 pla - ok

13:02:40.0372 2984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

13:02:40.0434 2984 PlugPlay - ok

13:02:40.0497 2984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

13:02:40.0544 2984 PNRPAutoReg - ok

13:02:40.0622 2984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

13:02:40.0653 2984 PNRPsvc - ok

13:02:40.0731 2984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

13:02:40.0809 2984 PolicyAgent - ok

13:02:40.0902 2984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

13:02:40.0996 2984 Power - ok

13:02:41.0074 2984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

13:02:41.0168 2984 PptpMiniport - ok

13:02:41.0261 2984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

13:02:41.0308 2984 Processor - ok

13:02:41.0386 2984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

13:02:41.0480 2984 ProfSvc - ok

13:02:41.0542 2984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

13:02:41.0573 2984 ProtectedStorage - ok

13:02:41.0667 2984 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

13:02:41.0745 2984 Psched - ok

13:02:41.0885 2984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

13:02:41.0948 2984 ql2300 - ok

13:02:42.0057 2984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

13:02:42.0088 2984 ql40xx - ok

13:02:42.0150 2984 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

13:02:42.0197 2984 QWAVE - ok

13:02:42.0291 2984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

13:02:42.0353 2984 QWAVEdrv - ok

13:02:42.0447 2984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

13:02:42.0525 2984 RasAcd - ok

13:02:42.0618 2984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

13:02:42.0681 2984 RasAgileVpn - ok

13:02:42.0743 2984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

13:02:42.0837 2984 RasAuto - ok

13:02:42.0930 2984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

13:02:43.0008 2984 Rasl2tp - ok

13:02:43.0086 2984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

13:02:43.0164 2984 RasMan - ok

13:02:43.0242 2984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

13:02:43.0336 2984 RasPppoe - ok

13:02:43.0414 2984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

13:02:43.0492 2984 RasSstp - ok

13:02:43.0601 2984 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

13:02:43.0679 2984 rdbss - ok

13:02:43.0773 2984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

13:02:43.0820 2984 rdpbus - ok

13:02:43.0913 2984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

13:02:44.0007 2984 RDPCDD - ok

13:02:44.0100 2984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

13:02:44.0178 2984 RDPENCDD - ok

13:02:44.0288 2984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

13:02:44.0334 2984 RDPREFMP - ok

13:02:44.0428 2984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

13:02:44.0490 2984 RDPWD - ok

13:02:44.0584 2984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

13:02:44.0615 2984 rdyboost - ok

13:02:44.0693 2984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

13:02:44.0771 2984 RemoteAccess - ok

13:02:44.0849 2984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

13:02:44.0943 2984 RemoteRegistry - ok

13:02:45.0052 2984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

13:02:45.0130 2984 RpcEptMapper - ok

13:02:45.0208 2984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

13:02:45.0239 2984 RpcLocator - ok

13:02:45.0317 2984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

13:02:45.0395 2984 RpcSs - ok

13:02:45.0489 2984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

13:02:45.0567 2984 rspndr - ok

13:02:45.0660 2984 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys

13:02:45.0692 2984 RSUSBSTOR - ok

13:02:45.0801 2984 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys

13:02:45.0848 2984 RTL8167 - ok

13:02:45.0957 2984 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\windows\system32\DRIVERS\rtl8192Ce.sys

13:02:46.0019 2984 RTL8192Ce - ok

13:02:46.0097 2984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

13:02:46.0128 2984 SamSs - ok

13:02:46.0222 2984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

13:02:46.0238 2984 sbp2port - ok

13:02:46.0331 2984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

13:02:46.0394 2984 SCardSvr - ok

13:02:46.0472 2984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

13:02:46.0550 2984 scfilter - ok

13:02:46.0659 2984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

13:02:46.0737 2984 Schedule - ok

13:02:46.0815 2984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

13:02:46.0877 2984 SCPolicySvc - ok

13:02:46.0955 2984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

13:02:47.0033 2984 SDRSVC - ok

13:02:47.0127 2984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

13:02:47.0205 2984 secdrv - ok

13:02:47.0283 2984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

13:02:47.0345 2984 seclogon - ok

13:02:47.0408 2984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

13:02:47.0470 2984 SENS - ok

13:02:47.0548 2984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

13:02:47.0610 2984 SensrSvc - ok

13:02:47.0657 2984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

13:02:47.0704 2984 Serenum - ok

13:02:47.0813 2984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

13:02:47.0860 2984 Serial - ok

13:02:47.0954 2984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

13:02:48.0000 2984 sermouse - ok

13:02:48.0094 2984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

13:02:48.0188 2984 SessionEnv - ok

13:02:48.0281 2984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

13:02:48.0312 2984 sffdisk - ok

13:02:48.0406 2984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

13:02:48.0453 2984 sffp_mmc - ok

13:02:48.0546 2984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

13:02:48.0593 2984 sffp_sd - ok

13:02:48.0687 2984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

13:02:48.0734 2984 sfloppy - ok

13:02:48.0812 2984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

13:02:48.0874 2984 SharedAccess - ok

13:02:48.0952 2984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

13:02:49.0030 2984 ShellHWDetection - ok

13:02:49.0139 2984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

13:02:49.0170 2984 SiSRaid2 - ok

13:02:49.0264 2984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

13:02:49.0280 2984 SiSRaid4 - ok

13:02:49.0373 2984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

13:02:49.0451 2984 Smb - ok

13:02:49.0529 2984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

13:02:49.0576 2984 SNMPTRAP - ok

13:02:49.0670 2984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

13:02:49.0685 2984 spldr - ok

13:02:49.0779 2984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

13:02:49.0826 2984 Spooler - ok

13:02:49.0997 2984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

13:02:50.0169 2984 sppsvc - ok

13:02:50.0247 2984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

13:02:50.0309 2984 sppuinotify - ok

13:02:50.0434 2984 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NAVx64\1306020.00A\SRTSP64.SYS

13:02:50.0465 2984 SRTSP - ok

13:02:50.0574 2984 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NAVx64\1306020.00A\SRTSPX64.SYS

13:02:50.0590 2984 SRTSPX - ok

13:02:50.0684 2984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

13:02:50.0762 2984 srv - ok

13:02:50.0855 2984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

13:02:50.0902 2984 srv2 - ok

13:02:50.0996 2984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

13:02:51.0027 2984 srvnet - ok

13:02:51.0105 2984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

13:02:51.0198 2984 SSDPSRV - ok

13:02:51.0276 2984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

13:02:51.0323 2984 SstpSvc - ok

13:02:51.0417 2984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

13:02:51.0448 2984 stexstor - ok

13:02:51.0542 2984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

13:02:51.0588 2984 stisvc - ok

13:02:51.0666 2984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

13:02:51.0698 2984 swenum - ok

13:02:51.0807 2984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

13:02:51.0885 2984 swprv - ok

13:02:52.0025 2984 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS

13:02:52.0056 2984 SymDS - ok

13:02:52.0212 2984 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS

13:02:52.0244 2984 SymEFA - ok

13:02:52.0337 2984 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

13:02:52.0368 2984 SymEvent - ok

13:02:52.0478 2984 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS

13:02:52.0509 2984 SymIRON - ok

13:02:52.0634 2984 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS

13:02:52.0665 2984 SymNetS - ok

13:02:52.0790 2984 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

13:02:52.0836 2984 SynTP - ok

13:02:52.0946 2984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

13:02:53.0024 2984 SysMain - ok

13:02:53.0086 2984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

13:02:53.0133 2984 TabletInputService - ok

13:02:53.0226 2984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

13:02:53.0304 2984 TapiSrv - ok

13:02:53.0382 2984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

13:02:53.0445 2984 TBS - ok

13:02:53.0570 2984 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

13:02:53.0616 2984 Tcpip - ok

13:02:53.0757 2984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

13:02:53.0804 2984 TCPIP6 - ok

13:02:53.0897 2984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

13:02:53.0960 2984 tcpipreg - ok

13:02:54.0053 2984 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

13:02:54.0084 2984 tdcmdpst - ok

13:02:54.0162 2984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

13:02:54.0209 2984 TDPIPE - ok

13:02:54.0287 2984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

13:02:54.0334 2984 TDTCP - ok

13:02:54.0443 2984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

13:02:54.0506 2984 tdx - ok

13:02:54.0599 2984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

13:02:54.0615 2984 TermDD - ok

13:02:54.0708 2984 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

13:02:54.0802 2984 TermService - ok

13:02:54.0864 2984 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

13:02:54.0911 2984 Themes - ok

13:02:54.0989 2984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

13:02:55.0052 2984 THREADORDER - ok

13:02:55.0130 2984 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

13:02:55.0161 2984 TMachInfo - ok

13:02:55.0223 2984 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe

13:02:55.0239 2984 TODDSrv - ok

13:02:55.0317 2984 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

13:02:55.0348 2984 TosCoSrv - ok

13:02:55.0395 2984 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

13:02:55.0410 2984 TOSHIBA HDD SSD Alert Service - ok

13:02:55.0504 2984 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

13:02:55.0535 2984 tos_sps64 - ok

13:02:55.0629 2984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

13:02:55.0707 2984 TrkWks - ok

13:02:55.0769 2984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

13:02:55.0863 2984 TrustedInstaller - ok

13:02:55.0941 2984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

13:02:56.0019 2984 tssecsrv - ok

13:02:56.0128 2984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

13:02:56.0175 2984 TsUsbFlt - ok

13:02:56.0268 2984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

13:02:56.0315 2984 TsUsbGD - ok

13:02:56.0409 2984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

13:02:56.0471 2984 tunnel - ok

13:02:56.0596 2984 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

13:02:56.0612 2984 TVALZ - ok

13:02:56.0690 2984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

13:02:56.0721 2984 uagp35 - ok

13:02:56.0861 2984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

13:02:56.0939 2984 udfs - ok

13:02:57.0064 2984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

13:02:57.0095 2984 UI0Detect - ok

13:02:57.0189 2984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

13:02:57.0204 2984 uliagpkx - ok

13:02:57.0298 2984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

13:02:57.0360 2984 umbus - ok

13:02:57.0454 2984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

13:02:57.0485 2984 UmPass - ok

13:02:57.0610 2984 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

13:02:57.0672 2984 UNS - ok

13:02:57.0750 2984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

13:02:57.0860 2984 upnphost - ok

13:02:57.0953 2984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

13:02:58.0016 2984 USBAAPL64 - ok

13:02:58.0125 2984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

13:02:58.0187 2984 usbaudio - ok

13:02:58.0281 2984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

13:02:58.0328 2984 usbccgp - ok

13:02:58.0406 2984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

13:02:58.0452 2984 usbcir - ok

13:02:58.0546 2984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

13:02:58.0593 2984 usbehci - ok

13:02:58.0702 2984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

13:02:58.0749 2984 usbhub - ok

13:02:58.0842 2984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

13:02:58.0889 2984 usbohci - ok

13:02:58.0983 2984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

13:02:59.0030 2984 usbprint - ok

13:02:59.0139 2984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

13:02:59.0186 2984 USBSTOR - ok

13:02:59.0279 2984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

13:02:59.0310 2984 usbuhci - ok

13:02:59.0420 2984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

13:02:59.0466 2984 usbvideo - ok

13:02:59.0544 2984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

13:02:59.0622 2984 UxSms - ok

13:02:59.0716 2984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

13:02:59.0747 2984 VaultSvc - ok

13:02:59.0841 2984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

13:02:59.0856 2984 vdrvroot - ok

13:02:59.0950 2984 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

13:03:00.0044 2984 vds - ok

13:03:00.0153 2984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

13:03:00.0200 2984 vga - ok

13:03:00.0278 2984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

13:03:00.0371 2984 VgaSave - ok

13:03:00.0465 2984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

13:03:00.0496 2984 vhdmp - ok

13:03:00.0590 2984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

13:03:00.0621 2984 viaide - ok

13:03:00.0714 2984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

13:03:00.0730 2984 volmgr - ok

13:03:00.0824 2984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

13:03:00.0870 2984 volmgrx - ok

13:03:00.0964 2984 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

13:03:00.0995 2984 volsnap - ok

13:03:01.0073 2984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

13:03:01.0104 2984 vsmraid - ok

13:03:01.0229 2984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

13:03:01.0307 2984 VSS - ok

13:03:01.0385 2984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

13:03:01.0432 2984 vwifibus - ok

13:03:01.0526 2984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

13:03:01.0572 2984 vwififlt - ok

13:03:01.0682 2984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

13:03:01.0744 2984 W32Time - ok

13:03:01.0822 2984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

13:03:01.0869 2984 WacomPen - ok

13:03:01.0962 2984 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

13:03:02.0040 2984 WANARP - ok

13:03:02.0056 2984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

13:03:02.0087 2984 Wanarpv6 - ok

13:03:02.0212 2984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

13:03:02.0243 2984 WatAdminSvc - ok

13:03:02.0384 2984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

13:03:02.0446 2984 wbengine - ok

13:03:02.0524 2984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

13:03:02.0586 2984 WbioSrvc - ok

13:03:02.0680 2984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

13:03:02.0742 2984 wcncsvc - ok

13:03:02.0820 2984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

13:03:02.0867 2984 WcsPlugInService - ok

13:03:02.0945 2984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

13:03:02.0961 2984 Wd - ok

13:03:03.0054 2984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

13:03:03.0086 2984 Wdf01000 - ok

13:03:03.0179 2984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

13:03:03.0273 2984 WdiServiceHost - ok

13:03:03.0288 2984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

13:03:03.0320 2984 WdiSystemHost - ok

13:03:03.0413 2984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

13:03:03.0476 2984 WebClient - ok

13:03:03.0554 2984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

13:03:03.0647 2984 Wecsvc - ok

13:03:03.0710 2984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

13:03:03.0788 2984 wercplsupport - ok

13:03:03.0866 2984 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

13:03:03.0944 2984 WerSvc - ok

13:03:04.0022 2984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

13:03:04.0100 2984 WfpLwf - ok

13:03:04.0178 2984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

13:03:04.0193 2984 WIMMount - ok

13:03:04.0209 2984 WinHttpAutoProxySvc - ok

13:03:04.0318 2984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

13:03:04.0365 2984 Winmgmt - ok

13:03:04.0490 2984 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

13:03:04.0568 2984 WinRM - ok

13:03:04.0661 2984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

13:03:04.0724 2984 Wlansvc - ok

13:03:04.0802 2984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:03:04.0817 2984 wlcrasvc - ok

13:03:04.0958 2984 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:03:05.0020 2984 wlidsvc - ok

13:03:05.0098 2984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

13:03:05.0160 2984 WmiAcpi - ok

13:03:05.0254 2984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

13:03:05.0301 2984 wmiApSrv - ok

13:03:05.0363 2984 WMPNetworkSvc - ok

13:03:05.0441 2984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

13:03:05.0472 2984 WPCSvc - ok

13:03:05.0550 2984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

13:03:05.0582 2984 WPDBusEnum - ok

13:03:05.0660 2984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

13:03:05.0738 2984 ws2ifsl - ok

13:03:05.0784 2984 WSearch - ok

13:03:05.0878 2984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

13:03:05.0956 2984 wuauserv - ok

13:03:06.0050 2984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

13:03:06.0128 2984 WudfPf - ok

13:03:06.0190 2984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

13:03:06.0268 2984 wudfsvc - ok

13:03:06.0346 2984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

13:03:06.0424 2984 WwanSvc - ok

13:03:06.0440 2984 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

13:03:06.0658 2984 \Device\Harddisk0\DR0 - ok

13:03:06.0689 2984 Boot (0x1200) (ea7e4e678d237fdaa5a4381d2dc61e37) \Device\Harddisk0\DR0\Partition0

13:03:06.0689 2984 \Device\Harddisk0\DR0\Partition0 - ok

13:03:06.0689 2984 ============================================================

13:03:06.0689 2984 Scan finished

13:03:06.0689 2984 ============================================================

13:03:06.0705 3652 Detected object count: 0

13:03:06.0705 3652 Actual detected object count: 0

[MrCharlie]

OK, that scan was clean.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[nevergohungry]

Hmmm... After following your directions, I ran combofix. I know I disabled Norton Antivirus properly as I followed the directions in the link you provided.

However, after running combofix a popup appeared saying it was still running. I checked, it wasn't, so I clicked ok. Then after running combofix, a .txt file popped up. I copied it but when I went to open Mozilla Firefox (my browser) a message popped up saying something about "this registry has been marked for deletion" and it was the .exe file for the program. Tried to open photoshop, itunes, aim, etc. and the same error message popped up.

I clicked on "system" via the start menu and for some reason the same thing popped up. Somehow found my way to the system restore and restored it to before we began working together.

[MrCharlie]

To fix that problem, you need to shut the computer OFF, turn it back on and let it boot back up.

You may have to do this a couple of times to correct it, sorry but sometimes this happens.

Delete your copy of ComboFix and download a fresh one, Could you try and run it again.

MrC

[nevergohungry]

When I click combofix to run I still get a popup before it begins saying that Norton Antivirus is still running. Should I click "OK" and continue anyway?

[MrCharlie]

Yes, as long as you're sure that it's disabled.

MrC

[nevergohungry]

Same thing happened. After the log popped up, I copied it and tried to open firefox and got the error "Illegal action on registry that has been marked for deletion." Had to do a system restore as nothing would work and any program I tried to open would come up with that error.

[nevergohungry]

Hmmm.. found the log though?

ComboFix 12-04-01.03 - Shelby 04/02/2012 14:22:27.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2563 [GMT -5:00]

Running from: c:\users\Shelby\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Shelby\g2mdlhlpx.exe

c:\windows\system32\dds_trash_log.cmd

c:\windows\Tasks\At1.job

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-03-31 11:40 . 2012-03-31 11:40 -------- d-----w- c:\users\Shelby\AppData\Roaming\Malwarebytes

2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\programdata\Malwarebytes

2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-31 11:39 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 06:31 . 2012-03-29 06:31 -------- d-----w- c:\program files (x86)\fbphotozoom

2012-03-29 06:29 . 2012-03-29 06:56 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-03-27 19:25 . 2012-03-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-03-27 03:20 . 2012-03-31 08:03 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-03-27 03:19 . 2012-03-27 03:19 -------- d-----w- c:\windows\PCHEALTH

2012-03-27 03:16 . 2012-03-27 03:16 -------- d-----r- C:\MSOCache

2012-03-27 02:58 . 2012-03-27 03:02 16200 ----a-w- c:\windows\stinger.sys

2012-03-27 02:57 . 2012-03-27 03:05 -------- d-----w- c:\program files (x86)\stinger

2012-03-26 22:32 . 2012-03-26 23:00 -------- d-----w- c:\users\Shelby\AppData\Local\NPE

2012-03-26 22:11 . 2012-03-26 23:48 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-03-26 22:08 . 2012-03-26 22:08 -------- d-----we c:\windows\system64

2012-03-26 20:37 . 2012-03-26 21:25 -------- d-----w- c:\windows\AutoKMS

2012-03-23 11:57 . 2012-03-26 18:36 -------- d-----w- c:\windows\system32\drivers\NAVx64\1306020.00A

2012-03-18 18:29 . 2012-03-18 18:29 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 18:29 . 2012-03-18 18:29 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-13 22:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 22:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-13 22:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 22:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 22:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-13 22:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 22:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 22:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 22:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 22:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-07 04:58 . 2012-03-07 04:58 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 15:11 . 2012-01-03 21:04 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-19 06:13 . 2011-07-27 03:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-04 10:44 . 2012-02-15 05:45 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 05:45 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeBridge"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-27 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-01-30 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 138360]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-26 c:\windows\Tasks\AutoKMSCustom.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-03-26 20:37]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"(Default)"="" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

rt2870

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.toshiba.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\ns4vrc0u.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-04-02 14:32:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 19:32

ComboFix2.txt 2012-04-02 18:37

.

Pre-Run: 427,876,352,000 bytes free

Post-Run: 427,724,677,120 bytes free

.

- - End Of File - - 638DADE518CCE959918F8BB019A61E83

[MrCharlie]

Same thing happened. After the log popped up, I copied it and tried to open firefox and got the error "Illegal action on registry that has been marked for deletion." Had to do a system restore as nothing would work and any program I tried to open would come up with that error.

To fix that problem, you need to shut the computer OFF, turn it back on and let it boot back up.

You may have to do this a couple of times to correct it, sorry but sometimes this happens.

------------------------------------------

Please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL

Under the Custom Scans/Fixes

Copy and paste this in: netsvcs

Click the None button on top

Now click on the blue Run Scan button

Post the log it creates.

MrC

[nevergohungry]

OTL logfile created on: 4/2/2012 3:23:23 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Shelby\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.33% Memory free

7.83 Gb Paging File | 6.09 Gb Available in Paging File | 77.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.89 Gb Total Space | 398.55 Gb Free Space | 88.59% Space Free | Partition Type: NTFS

Computer Name: SHELBY-PC | User Name: Shelby | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

[MrCharlie]

Are you sure you entered NetSvcs into the Custom Scans/Fixes box?

Please download SystemLook from thelink below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :reg
  hkey_local_machine\system\currentcontrolset\services\rt2870 /s
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

[nevergohungry]

SystemLook 30.07.11 by jpshortstuff

Log created at 15:44 on 02/04/2012 by Shelby

Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rt2870]

(Unable to open key - key not found)

-= EOF =-

[MrCharlie]

OK, I need you to run ComboFix again.

This time if you run into the same problem, just shut down the computer and then restart it.

If you can't shut it down, just reboot it.

You may have to do it a couple of times to clear the problem.

Post back the log, MrC

[nevergohungry]

ComboFix 12-04-01.03 - Shelby 04/02/2012 16:05:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2617 [GMT -5:00]

Running from: c:\users\Shelby\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Shelby\g2mdlhlpx.exe

c:\windows\system32\dds_trash_log.cmd

c:\windows\Tasks\At1.job

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-03-31 11:40 . 2012-03-31 11:40 -------- d-----w- c:\users\Shelby\AppData\Roaming\Malwarebytes

2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\programdata\Malwarebytes

2012-03-31 11:39 . 2012-03-31 11:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-31 11:39 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 06:31 . 2012-03-29 06:31 -------- d-----w- c:\program files (x86)\fbphotozoom

2012-03-29 06:29 . 2012-03-29 06:56 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-03-27 19:25 . 2012-03-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-03-27 03:20 . 2012-03-31 08:03 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-03-27 03:19 . 2012-03-27 03:19 -------- d-----w- c:\windows\PCHEALTH

2012-03-27 03:16 . 2012-03-27 03:16 -------- d-----r- C:\MSOCache

2012-03-27 02:58 . 2012-03-27 03:02 16200 ----a-w- c:\windows\stinger.sys

2012-03-27 02:57 . 2012-03-27 03:05 -------- d-----w- c:\program files (x86)\stinger

2012-03-26 22:32 . 2012-03-26 23:00 -------- d-----w- c:\users\Shelby\AppData\Local\NPE

2012-03-26 22:11 . 2012-03-26 23:48 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-03-26 22:08 . 2012-03-26 22:08 -------- d-----we c:\windows\system64

2012-03-26 20:37 . 2012-03-26 21:25 -------- d-----w- c:\windows\AutoKMS

2012-03-23 11:57 . 2012-03-26 18:36 -------- d-----w- c:\windows\system32\drivers\NAVx64\1306020.00A

2012-03-18 18:29 . 2012-03-18 18:29 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 18:29 . 2012-03-18 18:29 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 08:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 08:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-13 22:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 22:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-13 22:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 22:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 22:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-13 22:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 22:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 22:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 22:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 22:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-07 04:58 . 2012-03-07 04:58 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 15:11 . 2012-01-03 21:04 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-19 06:13 . 2011-07-27 03:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-04 10:44 . 2012-02-15 05:45 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 05:45 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeBridge"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-27 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-01-30 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-05 138360]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-26 c:\windows\Tasks\AutoKMSCustom.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-03-26 20:37]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 09:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"(Default)"="" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

rt2870

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.toshiba.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\ns4vrc0u.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-04-02 16:14:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 21:14

ComboFix2.txt 2012-04-02 19:32

ComboFix3.txt 2012-04-02 18:37

.

Pre-Run: 427,824,873,472 bytes free

Post-Run: 427,939,942,400 bytes free

.

- - End Of File - - 81F15781BF0CEB235DBD2B9DC0825BAA

[MrCharlie]

Looks Good

Download and run the Trojan.Zeroaccess Removal Tool ( FixZeroAccess.exe):

http://www.symantec....-121607-4952-99

It's very easy to run, just download it, close all open window and run it, it will reboot the computer and perform a scan.

Let me know if it finds anything.

Please let me know how the computer is running also, MrC

[nevergohungry]

Hmm... it says "No infections were found"

[MrCharlie]

OK, how is it? MrC

[nevergohungry]

Ran a system scan with Norton and it still detected the virus

[MrCharlie]

Do you have idea where it detects it and can't it clean it?

Is the computer running OK?

MrC

[nevergohungry]

No, I don't know why it can't remove it... that's why I came here.

Feel free to close this thread, I'll try to get some help on another board. Thank you for your time though, it was very appreciated.

[MrCharlie]

That's not an answer, you telling me something is wrong and I'm asking what and you can't tell me.

Your logs are clean as far as I can see.

Good Luck.....MrC