1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

sirefef.an virus how to remove

Discussion in 'Virus & Other Malware Removal' started by rogerrab, Feb 15, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    hi i have no antivirus registered but i have the trial version or norton that came with this machine. there is a pop up from windows defender that shows i have some virus called sirfef.an. i select remove from the drop down menu and click remove and it shows that it does it. about 5-10 mins later the same thing comes up. my machine is not necessarily slow and the home page ... have not changed. however i do notice the analyze button on the hijackthis.de page does not show the analyze button and when i click on analyze from the client it says no internet connection available but here i am connected to your site. i had bittorent installed but as your instructions show it must be/reccomended to remove so i did it.

    Note that when i did the analyze hjt log it showed svchosts.exe is running from C:\windows\SysWOW64\svchost.exe.

    here is my HJT log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:21:46 AM, on 15/02/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
    C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\windows\SysWOW64\svchost.exe
    C:\Users\RJ\Desktop\HijackThis.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.bankofchina.com
    O15 - Trusted Zone: http://www.boc.cn
    O15 - Trusted Zone: http://www.swaggerlikeme.com
    O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=1007
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 15429 bytes

    Please help me.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post all the logs those programs make
     
  3. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    ok let me explain in full. Yesterday i started up the computer and a small pop up near the tray at the bottom right of the screen said i have been infected by sirefef.an. i immidiately posted for help. after that i went to my other computer and changed all my passwords for banks, email etc. i then read on and decided to try and do a system restore to an earlier point. i did the sys restore and ran norton fullscan which then said it found a zero.access.toolkit and it had been resolved. my real fear is this ******* could still be loitering around in my machine in stealth mode. and i need to use this computer for logging into banks etc.. for work. so i am worried that my passwords could be compromised. Can you please please check and see if there is anything you can find in my computer.

    i have done as you request and im not pasting the logs.

    HJT LOG:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:36:07 PM, on 16/02/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\RJ\Desktop\HijackThis.exe
    C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.bankofchina.com
    O15 - Trusted Zone: http://www.boc.cn
    O15 - Trusted Zone: http://www.swaggerlikeme.com
    O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=972
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 15134 bytes


    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

    DDS.txt log file.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by RJ at 13:37:32 on 2013-02-16
    Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4077.1424 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\GFNEXSrv.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uWindow Title = Presented by TOSHIBA Leading Innovation >>>
    uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [AdobeBridge] <no file>
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{809B637A-2618-41A7-AE9F-B218F2BF3436} : DHCPNameServer = 221.12.33.227
    TCP: Interfaces\{BA09206F-4F4F-4451-9696-A553513B2AD8} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.toshiba.ca/welcome
    x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130208.001_e4a\BHDrvx64.sys [2013-2-8 1388120]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130215.002\IDSviA64.sys [2013-2-15 513184]
    R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-10-11 162824]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
    R2 ProtectorA;ProtectorA;C:\windows\System32\drivers\ProtectorA.sys [2012-8-24 22672]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2010-10-18 42096]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-15 138912]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-11 38096]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-10-11 413800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
    S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-1 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-11 250984]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    .
    =============== Created Last 30 ================
    .
    2013-02-16 18:24:19 -------- d-----w- C:\Users\RJ\AppData\Local\{6FB0B65F-961B-4EA2-B672-E117BECAFDE4}
    2013-02-16 08:03:44 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-16 08:03:44 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-16 02:51:27 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-02-16 02:51:27 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2013-02-16 02:51:26 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2013-02-16 02:51:15 3153408 ----a-w- C:\windows\System32\win32k.sys
    2013-02-16 02:51:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2013-02-16 02:51:12 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2013-02-16 02:51:12 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2013-02-16 02:51:12 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2013-02-16 02:50:48 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-02-16 02:50:47 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
    2013-02-16 00:20:47 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7987130-C1FF-49B0-B69C-973ACB35EAF8}\mpengine.dll
    2013-02-16 00:19:03 -------- d-----w- C:\Users\RJ\AppData\Local\{A487E077-ED5D-4FEF-87D8-0E8790E06108}
    2013-02-15 16:27:47 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2013-02-15 15:28:59 -------- d-----w- C:\Users\RJ\AppData\Local\{2AF61E0F-E1C9-4D8F-A4E4-17AE6AF87722}
    2013-02-14 20:12:26 -------- d-----w- C:\Users\RJ\AppData\Local\{50ABF8FD-01A0-4F2F-AA64-25C87F3FBBD3}
    2013-02-14 08:11:56 -------- d-----w- C:\Users\RJ\AppData\Local\{1F9BD7A3-3D96-4997-A2E6-7D676B34D55B}
    2013-02-14 08:01:22 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-02-14 08:01:22 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2013-02-13 23:17:04 215040 ----a-w- C:\windows\System32\winsrv.dll
    2013-02-13 23:17:03 2048 ----a-w- C:\windows\SysWow64\user.exe
    2013-02-13 20:11:41 -------- d-----w- C:\Users\RJ\AppData\Local\{9502BFA2-57F1-49A6-B75B-0698A4E06F56}
    2013-02-13 08:11:28 -------- d-----w- C:\Users\RJ\AppData\Local\{38C6A557-0ACB-41C2-9D6F-A4548B69CEE8}
    2013-02-12 20:11:16 -------- d-----w- C:\Users\RJ\AppData\Local\{55A4D2BB-DAAF-4475-AFE6-69B036A7B0AD}
    2013-02-12 08:11:03 -------- d-----w- C:\Users\RJ\AppData\Local\{94FC9D61-7357-44B8-8B5C-CE3C567B467B}
    2013-02-11 20:10:51 -------- d-----w- C:\Users\RJ\AppData\Local\{42FC0734-5AB3-4C19-9563-C51D264D6108}
    2013-02-11 08:10:39 -------- d-----w- C:\Users\RJ\AppData\Local\{13656E96-23A2-4E1C-BF5B-C9713EE39949}
    2013-02-10 20:10:27 -------- d-----w- C:\Users\RJ\AppData\Local\{76A421EF-57BD-41A6-9EBB-841479C4658E}
    2013-02-10 08:10:15 -------- d-----w- C:\Users\RJ\AppData\Local\{203B5AC6-6CBD-4434-AD0B-9D02B3DBB14A}
    2013-02-09 20:10:03 -------- d-----w- C:\Users\RJ\AppData\Local\{6EAA8254-CCAA-45A1-876C-1F3AAFEF4C4D}
    2013-02-09 08:09:51 -------- d-----w- C:\Users\RJ\AppData\Local\{7E48B6D1-4436-497B-A0C9-E50D1BD7CEC0}
    2013-02-08 20:09:40 -------- d-----w- C:\Users\RJ\AppData\Local\{7649D23D-C9F0-4462-A9C0-479BF44B913C}
    2013-02-08 08:09:28 -------- d-----w- C:\Users\RJ\AppData\Local\{ED6E8CE3-1E59-4552-BDC0-F648EDE5B221}
    2013-02-07 20:09:16 -------- d-----w- C:\Users\RJ\AppData\Local\{3E53BB46-3BF6-409D-835B-71EF1D31BBB5}
    2013-02-07 08:09:04 -------- d-----w- C:\Users\RJ\AppData\Local\{0EC883F3-911E-4440-BF49-2C233E031E16}
    2013-02-06 20:08:52 -------- d-----w- C:\Users\RJ\AppData\Local\{23A8D0FC-2C7D-4609-9FA7-A7B6DDB8E2D0}
    2013-02-06 08:08:40 -------- d-----w- C:\Users\RJ\AppData\Local\{C814B12F-67F1-482E-BA2C-65C439A7D3C7}
    2013-02-05 20:08:28 -------- d-----w- C:\Users\RJ\AppData\Local\{F84D5219-DE57-475B-B7C8-83EA77CB086A}
    2013-02-05 08:08:16 -------- d-----w- C:\Users\RJ\AppData\Local\{A809A2A0-CAC1-43FD-899C-E1CEA3AA238F}
    2013-02-04 20:08:04 -------- d-----w- C:\Users\RJ\AppData\Local\{6A7DCF79-D00A-4EFE-B6BF-7C7130F30D99}
    2013-02-04 08:07:52 -------- d-----w- C:\Users\RJ\AppData\Local\{3DB31A43-4A04-4F68-82CC-404E5337229C}
    2013-02-03 20:07:40 -------- d-----w- C:\Users\RJ\AppData\Local\{13CDFA71-7C13-4C35-931A-DEA1967A3F78}
    2013-02-03 08:07:29 -------- d-----w- C:\Users\RJ\AppData\Local\{A4219E03-A62F-4B24-AB32-925FE040B284}
    2013-02-02 20:07:17 -------- d-----w- C:\Users\RJ\AppData\Local\{AE04D698-66F1-42BC-BA30-C84B4D344092}
    2013-02-02 08:07:03 -------- d-----w- C:\Users\RJ\AppData\Local\{E5A1742C-88F5-4EC8-82DF-1714EBBDAF74}
    2013-02-01 20:06:51 -------- d-----w- C:\Users\RJ\AppData\Local\{D5E0258B-10FA-4A4D-B506-6F9CE0F3A03A}
    2013-02-01 08:06:39 -------- d-----w- C:\Users\RJ\AppData\Local\{42558887-B430-4500-9F16-79E5C9169B0B}
    2013-01-31 20:06:27 -------- d-----w- C:\Users\RJ\AppData\Local\{97C4A170-ABCB-496D-BA29-473E1EACA1D4}
    2013-01-31 08:06:16 -------- d-----w- C:\Users\RJ\AppData\Local\{34093809-15B0-41E5-B81A-04CB9D464C99}
    2013-01-30 20:06:04 -------- d-----w- C:\Users\RJ\AppData\Local\{91D8E9B5-6A54-4BA5-B256-8D167BB50509}
    2013-01-30 08:05:52 -------- d-----w- C:\Users\RJ\AppData\Local\{BED6F0EA-FB27-4366-A0A8-C03066999921}
    2013-01-29 20:05:40 -------- d-----w- C:\Users\RJ\AppData\Local\{A755AE1F-BFDD-40A4-8D8D-ECF3D4BEE99F}
    2013-01-29 08:05:29 -------- d-----w- C:\Users\RJ\AppData\Local\{61156F10-1377-4A65-B14D-7C91A510129E}
    2013-01-28 20:05:17 -------- d-----w- C:\Users\RJ\AppData\Local\{5396D6E2-9C49-4F38-B99B-47D048C66C4F}
    2013-01-28 08:04:52 -------- d-----w- C:\Users\RJ\AppData\Local\{F426ABAD-A852-478B-A0EB-8952999AB111}
    2013-01-27 20:04:40 -------- d-----w- C:\Users\RJ\AppData\Local\{09BAD0FD-4191-4F30-B112-D0E1AB4B2B60}
    2013-01-27 08:04:29 -------- d-----w- C:\Users\RJ\AppData\Local\{DEEEE750-0EF1-44D8-AE1E-081E2DA4D54C}
    2013-01-26 20:04:17 -------- d-----w- C:\Users\RJ\AppData\Local\{C2B22054-A321-456C-B556-40B978B336FB}
    2013-01-26 08:04:05 -------- d-----w- C:\Users\RJ\AppData\Local\{9979E28B-CE8A-431B-8B51-B144451AE567}
    2013-01-25 20:03:54 -------- d-----w- C:\Users\RJ\AppData\Local\{AE6503D4-4B62-419A-AC6D-F5A84C1637FE}
    2013-01-25 08:03:42 -------- d-----w- C:\Users\RJ\AppData\Local\{7DEF794F-088D-4E8B-B94D-0B60C2239823}
    2013-01-24 20:05:05 -------- d-----w- C:\Users\RJ\AppData\Local\{E0EAD0FB-B466-4460-A2E8-9EE673C687A7}
    2013-01-24 08:04:52 -------- d-----w- C:\Users\RJ\AppData\Local\{2CE4F294-F129-442C-8AF8-F4268504BCA3}
    2013-01-23 20:04:41 -------- d-----w- C:\Users\RJ\AppData\Local\{301C308F-AA22-4BAC-997A-41B3A0F70760}
    2013-01-23 08:04:29 -------- d-----w- C:\Users\RJ\AppData\Local\{5B0D1219-7158-4DAF-B0BF-D9C33A5D5B77}
    2013-01-22 20:04:17 -------- d-----w- C:\Users\RJ\AppData\Local\{08B093F2-54B5-49F4-B987-C1717D1CDA24}
    2013-01-22 08:04:05 -------- d-----w- C:\Users\RJ\AppData\Local\{FAC0EB68-DEA3-45D5-A59F-D2A9F78E539B}
    2013-01-21 20:03:54 -------- d-----w- C:\Users\RJ\AppData\Local\{24218ACF-1257-45C6-90F4-4D250116BA22}
    2013-01-21 08:03:42 -------- d-----w- C:\Users\RJ\AppData\Local\{F29877A5-66D5-41AE-8262-78859A527F37}
    2013-01-20 20:03:18 -------- d-----w- C:\Users\RJ\AppData\Local\{2C4E022A-5F23-4EFB-BA57-865EA1C92C86}
    2013-01-20 08:03:06 -------- d-----w- C:\Users\RJ\AppData\Local\{46125D34-3FC6-4DBC-8BFA-5877380B4DDA}
    2013-01-19 20:02:52 -------- d-----w- C:\Users\RJ\AppData\Local\{96EAFFD3-E31B-4925-88FC-C872B3E87C37}
    2013-01-19 00:53:37 -------- d-----w- C:\Users\RJ\AppData\Local\{4A4A7C70-C552-4438-A482-2B18085FDD7D}
    2013-01-18 12:53:25 -------- d-----w- C:\Users\RJ\AppData\Local\{9C5FF593-60C4-48B9-918D-1941733EC469}
    2013-01-18 00:53:14 -------- d-----w- C:\Users\RJ\AppData\Local\{D14B2D86-4814-4EE3-AD67-4019B88A94AD}
    .
    ==================== Find3M ====================
    .
    2013-02-16 03:35:35 74096 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-16 03:35:35 697712 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    .
    ============= FINISH: 13:39:01.07 ===============
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

    attach.txt log file:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/01/2012 11:14:59 AM
    System Uptime: 16/02/2013 3:51:50 AM (10 hours ago)
    .
    Motherboard: Intel Corporation | | Oneonta Falls
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 206.641 GiB free.
    D: is CDROM ()
    F: is FIXED (NTFS) - 30 GiB total, 3.206 GiB free.
    G: is FIXED (NTFS) - 63 GiB total, 5.009 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP84: 12/02/2013 4:36:43 AM - Windows Update
    RP86: 12/02/2013 7:33:44 PM - Windows Defender Checkpoint
    RP88: 13/02/2013 7:44:01 PM - Windows Defender Checkpoint
    RP89: 14/02/2013 3:00:34 AM - Windows Update
    RP91: 14/02/2013 7:49:19 PM - Windows Defender Checkpoint
    RP92: 15/02/2013 10:28:46 AM - Windows Update
    RP93: 15/02/2013 7:04:09 PM - Restore Operation
    RP94: 16/02/2013 3:00:14 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Illustrator CS5
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.5.3
    Atheros Bluetooth Filter Driver Package
    Atheros Driver Installation Program
    Bejeweled 2 Deluxe
    Bluetooth Stack for Windows by Toshiba
    BOCNET Security Applet 2.1
    Build-a-lot 2
    CCleaner
    Chuzzle Deluxe
    Citrix XenApp Web Plugin
    CuteFTP 8 Professional
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DHTML Editing Component
    FATE
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Quest - Heritage
    Junk Mail filter update
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MKV File Player
    MSVCRT
    MSVCRT_amd64
    Norton Internet Security
    NVIDIA 3D Vision Driver 266.69
    NVIDIA Control Panel 266.69
    NVIDIA Graphics Driver 266.69
    NVIDIA HD Audio Driver 1.1.9.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    PDF Settings CS5
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    Polar Bowler
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype Toolbars
    Skype¬ô 6.0
    Synaptics Pointing Device Driver
    Tencent QQ
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    Turbo Lister 2
    UltraEdit 16.30
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.11 (64-bit)
    Wisdom-soft ScreenHunter 6.0 Free
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/02/2013 7:17:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64
    15/02/2013 7:15:33 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    15/02/2013 10:29:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device.
    15/02/2013 10:28:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    15/02/2013 10:28:48 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
    14/02/2013 3:33:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.
    11/02/2013 1:01:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user RJ-PC\RJ SID (S-1-5-21-3255760185-3432361504-4281314635-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    11/02/2013 1:01:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user RJ-PC\RJ SID (S-1-5-21-3255760185-3432361504-4281314635-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
    //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

    ark.txt log file:

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-16 14:26:52
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
    Running: crwmoxxr.exe; Driver: C:\Users\RJ\AppData\Local\Temp\pgtdrpog.sys

    ---- Kernel code sections - GMER 2.1 ----
    .text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000143c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
    .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000143c08 3 bytes [C0, 06, 02]
    ---- User code sections - GMER 2.1 ----
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4372] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000705111a8 2 bytes [51, 70]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4372] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000705113a8 2 bytes [51, 70]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4372] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070511422 2 bytes [51, 70]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4372] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070511498 2 bytes [51, 70]
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774cc45a 5 bytes JMP 00000001100d0cc2
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000760987b1 5 bytes [33, C0, C2, 04, 00]
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\GDI32.dll!CreateFontIndirectW 0000000076485c19 5 bytes JMP 00000001009c5e00
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\GDI32.dll!CreateFontW 000000007648b600 5 bytes JMP 00000001009c5de7
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!GetMessageW 0000000076aa78e2 5 bytes JMP 0000000133d0c200
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076aa7bd3 5 bytes JMP 0000000133d0c390
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000076aa8332 5 bytes JMP 0000000100a52901
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076aa8a29 5 bytes JMP 0000000100a52954
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!SetWindowPos 0000000076aa8e4e 5 bytes JMP 0000000100a528a2
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!DestroyWindow 0000000076aa9a55 5 bytes JMP 0000000100a537e0
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!PeekMessageW 0000000076ab05ba 5 bytes JMP 0000000133d0bec0
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!ShowWindow 0000000076ab0dfb 5 bytes JMP 0000000100a52852
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!BeginPaint 0000000076ab1361 5 bytes JMP 0000000100a53784
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!InvalidateRect 0000000076ab1381 5 bytes JMP 0000000100a539fe
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!SetParent 0000000076ab2d64 5 bytes JMP 0000000100a5299d
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!MoveWindow 0000000076ab3698 5 bytes JMP 0000000164bae920
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!SetWindowPlacement 0000000076ab4ab6 5 bytes JMP 0000000164bae9c0
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076ab5f74 5 bytes JMP 0000000133d0c060
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!InvalidateRgn 0000000076ab6604 5 bytes JMP 0000000100a53a2d
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!ValidateRect 0000000076ab7849 5 bytes JMP 0000000100a52bc0
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!ValidateRgn 0000000076ab8e72 5 bytes JMP 0000000100a52bc9
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\USER32.dll!GetUpdateRect 0000000076acd41f 5 bytes JMP 0000000100a53739
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExW 000000007656468d 5 bytes JMP 0000000100a0ccf2
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA 0000000076564907 5 bytes JMP 0000000100a0cc87
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\WINTRUST.dll!WinVerifyTrust 0000000074bd2674 5 bytes JMP 0000000133d0d5c0
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe[4500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076ab2da4 5 bytes JMP 000000016aca9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076accbf3 5 bytes JMP 000000016adf8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 000000016ac01893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076aecb0c 5 bytes JMP 000000016adf8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076aece64 5 bytes JMP 000000016adf8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076affbd1 5 bytes JMP 000000016adf8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076affc9d 5 bytes JMP 000000016adf8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076affcd6 5 bytes JMP 000000016adf8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076affcfa 5 bytes JMP 000000016adf8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763b93ec 5 bytes JMP 000000016adf9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e3388e 5 bytes JMP 000000016adf9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073ed7922 5 bytes JMP 000000016adf90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4864] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074c72694 5 bytes JMP 000000016adf9348
    ? C:\windows\system32\mssprxy.dll [4864] entry point in ".rdata" section 000000006c5b71e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774afb08 5 bytes JMP 00000001046b091c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774c25fd 6 bytes JMP 000000016acc8054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774d2a63 6 bytes JMP 000000016ac6980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\kernel32.dll!CreateEventW + 19 0000000076091851 7 bytes JMP 00000001046b02ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\kernel32.dll!CreateThread 00000000760934b5 5 bytes JMP 000000016ac675e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000076094342 7 bytes JMP 00000001046b03d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\kernel32.dll!LoadLibraryA + 81 0000000076094a10 7 bytes JMP 00000001046b04b2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\kernel32.dll!VirtualFreeEx + 19 00000000760ad9c3 7 bytes JMP 00000001046b012a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 00000000760aeb7d 7 bytes JMP 00000001046b020c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000076513e6b 5 bytes JMP 00000001046b0594
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076aa8a29 5 bytes JMP 000000016acd03df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000076aad22e 5 bytes JMP 000000016ac73643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!GetKeyState 0000000076ab291f 5 bytes JMP 000000016ac4ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076ab2da4 5 bytes JMP 000000016aca9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000076ab6285 5 bytes JMP 000000016acc7ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 000000016aca25b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076abb029 5 bytes JMP 000000016adf92d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076abc63e 5 bytes JMP 000000016adf9310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000076ac50ed 5 bytes JMP 000000016adf99d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076ac5246 5 bytes JMP 000000016adf9268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!EndDialog 0000000076acb99c 5 bytes JMP 000000016adf9ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000076acc701 5 bytes JMP 000000016adf99fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076accbf3 5 bytes JMP 000000016adf8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 000000016ac01893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076aceb96 5 bytes JMP 000000016ac4dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 000000016aceed14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!SendInput 0000000076acff4a 5 bytes JMP 000000016adfa269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000076ad10dc 5 bytes JMP 000000016adf92a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000076ad14b2 5 bytes JMP 000000016adfa2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076ae9cfd 5 bytes JMP 000000016adfa342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076aecb0c 5 bytes JMP 000000016adf8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076aece64 5 bytes JMP 000000016adf8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076affbd1 5 bytes JMP 000000016adf8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076affc9d 5 bytes JMP 000000016adf8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076affcd6 5 bytes JMP 000000016adf8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076affcfa 5 bytes JMP 000000016adf8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\USER32.dll!keybd_event 0000000076b002bf 5 bytes JMP 000000016adfa226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\ole32.dll!OleLoadFromStream 00000000761f6143 5 bytes JMP 000000016adf9704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\ole32.dll!CoCreateInstance + 62 0000000076239d49 7 bytes JMP 00000001046b0ae0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\urlmon.dll!URLOpenPullStreamA + 158 0000000076680caf 7 bytes JMP 0000000104e4012a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\urlmon.dll!URLDownloadToFileA + 266 0000000076680dbe 7 bytes JMP 00000001046b0f4a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076353e59 5 bytes JMP 000000016adf97fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000076353eae 5 bytes JMP 000000016adf987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076354731 5 bytes JMP 000000016adf976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076355dee 5 bytes JMP 000000016adf981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763b93ec 5 bytes JMP 000000016adf9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e3388e 5 bytes JMP 000000016adf9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073ed7922 5 bytes JMP 000000016adf90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\comdlg32.dll!PrintDlgW 0000000074c633a3 5 bytes JMP 000000016adf93ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074c72694 5 bytes JMP 000000016adf9348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\windows\syswow64\comdlg32.dll!PrintDlgA 0000000074c7e8ff 5 bytes JMP 000000016adf94b8
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[3544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[3544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774afb08 5 bytes JMP 000000010a330ae0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774c25fd 6 bytes JMP 000000016acc8054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774d2a63 6 bytes JMP 000000016ac6980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\kernel32.dll!CreateEventW + 19 0000000076091851 7 bytes JMP 000000010a3304b2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\kernel32.dll!CreateThread 00000000760934b5 5 bytes JMP 000000016ac675e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000076094342 7 bytes JMP 000000010a330594
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\kernel32.dll!LoadLibraryA + 81 0000000076094a10 7 bytes JMP 000000010a330676
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\kernel32.dll!VirtualFreeEx + 19 00000000760ad9c3 7 bytes JMP 000000010a3302ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 00000000760aeb7d 7 bytes JMP 000000010a3303d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000076513e6b 5 bytes JMP 000000010a330758
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076aa8a29 5 bytes JMP 000000016acd03df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000076aad22e 5 bytes JMP 000000016ac73643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!GetKeyState 0000000076ab291f 5 bytes JMP 000000016ac4ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!EnableWindow 0000000076ab2da4 5 bytes JMP 000000016aca9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000076ab6285 5 bytes JMP 000000016acc7ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ab7603 5 bytes JMP 000000016aca25b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076abb029 5 bytes JMP 000000016adf92d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076abc63e 5 bytes JMP 000000016adf9310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000076ac50ed 5 bytes JMP 000000016adf99d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076ac5246 5 bytes JMP 000000016adf9268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!EndDialog 0000000076acb99c 5 bytes JMP 000000016adf9ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000076acc701 5 bytes JMP 000000016adf99fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076accbf3 5 bytes JMP 000000016adf8f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 000000016ac01893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076aceb96 5 bytes JMP 000000016ac4dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076acf52b 5 bytes JMP 000000016aceed14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!SendInput 0000000076acff4a 5 bytes JMP 000000016adfa269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000076ad10dc 5 bytes JMP 000000016adf92a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000076ad14b2 5 bytes JMP 000000016adfa2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076ae9cfd 5 bytes JMP 000000016adfa342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000076aecb0c 5 bytes JMP 000000016adf8ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076aece64 5 bytes JMP 000000016adf8f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076affbd1 5 bytes JMP 000000016adf8e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076affc9d 5 bytes JMP 000000016adf8ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000076affcd6 5 bytes JMP 000000016adf8d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000076affcfa 5 bytes JMP 000000016adf8d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\USER32.dll!keybd_event 0000000076b002bf 5 bytes JMP 000000016adfa226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\ole32.dll!OleLoadFromStream 00000000761f6143 5 bytes JMP 000000016adf9704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\ole32.dll!CoCreateInstance + 62 0000000076239d49 7 bytes JMP 000000010a330ca4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\urlmon.dll!URLOpenPullStreamA + 158 0000000076680caf 7 bytes JMP 000000010a4402ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\urlmon.dll!URLDownloadToFileA + 266 0000000076680dbe 7 bytes JMP 000000010a44012a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076353e59 5 bytes JMP 000000016adf97fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000076353eae 5 bytes JMP 000000016adf987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076354731 5 bytes JMP 000000016adf976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076355dee 5 bytes JMP 000000016adf981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763b93ec 5 bytes JMP 000000016adf9150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073e3388e 5 bytes JMP 000000016adf9000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073ed7922 5 bytes JMP 000000016adf90a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\comdlg32.dll!PrintDlgW 0000000074c633a3 5 bytes JMP 000000016adf93ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074c72694 5 bytes JMP 000000016adf9348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4004] C:\windows\syswow64\comdlg32.dll!PrintDlgA 0000000074c7e8ff 5 bytes JMP 000000016adf94b8
    ---- Threads - GMER 2.1 ----
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:1168] 00000000774e2e25
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:1872] 000000007621d864
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:5448] 00000000774e3e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:5504] 000000006aa48f48
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:5752] 000000007621d864
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:5760] 000000007431345e
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:5804] 00000000731462ee
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:6056] 000000006b860c8d
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:6060] 00000000774e3e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:6076] 0000000061b08408
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:6080] 00000000768accae
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:6084] 00000000774e3e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:6088] 0000000073d232fb
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:5016] 00000000774e3e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:4536] 00000000774e3e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [3436:4200] 00000000774e3e45
    ---- Registry - GMER 2.1 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca946e0daf
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca946e0daf (not active ControlSet)
    Reg HKCU\Software\Microsoft\Windows Live\Companion\[email protected]@3fb701fa82bd043b2cb630404b31625a\r\n 0xD9 0x6C 0xAB 0x94 ...
    ---- EOF - GMER 2.1 ----
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

    im running windows 7 and have removed bittorrent as of yesterday.
     
  4. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    i meant to say "i have done as you request and i am NOW pasting the logs" but i typed i am not pasting the logs. lol sorry.
     
  5. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    and also thank you very much derek, i hope im not too frustrating with my lack of computer knowledge.
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I have not previously known Norton to be successful in fixing Zero access, but none of the usual entries are appearing in any of the logs

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  7. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    hi derek,

    thanks. here is the scan result.

    23:38:05.0720 6048 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    23:38:06.0063 6048 ============================================================
    23:38:06.0063 6048 Current date / time: 2013/02/16 23:38:06.0063
    23:38:06.0063 6048 SystemInfo:
    23:38:06.0063 6048
    23:38:06.0063 6048 OS Version: 6.1.7601 ServicePack: 1.0
    23:38:06.0063 6048 Product type: Workstation
    23:38:06.0063 6048 ComputerName: RJ-PC
    23:38:06.0063 6048 UserName: RJ
    23:38:06.0063 6048 Windows directory: C:\windows
    23:38:06.0063 6048 System windows directory: C:\windows
    23:38:06.0063 6048 Running under WOW64
    23:38:06.0063 6048 Processor architecture: Intel x64
    23:38:06.0063 6048 Number of processors: 4
    23:38:06.0063 6048 Page size: 0x1000
    23:38:06.0063 6048 Boot type: Normal boot
    23:38:06.0063 6048 ============================================================
    23:38:07.0077 6048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:38:07.0093 6048 Drive \Device\Harddisk1\DR1 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:38:07.0467 6048 ============================================================
    23:38:07.0467 6048 \Device\Harddisk0\DR0:
    23:38:07.0467 6048 MBR partitions:
    23:38:07.0467 6048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23715800
    23:38:07.0467 6048 \Device\Harddisk1\DR1:
    23:38:07.0467 6048 MBR partitions:
    23:38:07.0467 6048 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3C02ECE
    23:38:07.0467 6048 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3C02F0D, BlocksNum 0x7DD0714
    23:38:07.0467 6048 ============================================================
    23:38:07.0499 6048 C: <-> \Device\Harddisk0\DR0\Partition1
    23:38:07.0524 6048 F: <-> \Device\Harddisk1\DR1\Partition1
    23:38:07.0564 6048 G: <-> \Device\Harddisk1\DR1\Partition2
    23:38:07.0564 6048 ============================================================
    23:38:07.0564 6048 Initialize success
    23:38:07.0564 6048 ============================================================
    23:38:12.0829 2948 ============================================================
    23:38:12.0829 2948 Scan started
    23:38:12.0829 2948 Mode: Manual;
    23:38:12.0829 2948 ============================================================
    23:38:13.0125 2948 ================ Scan system memory ========================
    23:38:13.0125 2948 System memory - ok
    23:38:13.0125 2948 ================ Scan services =============================
    23:38:13.0344 2948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    23:38:13.0359 2948 1394ohci - ok
    23:38:13.0437 2948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    23:38:13.0437 2948 ACPI - ok
    23:38:13.0484 2948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    23:38:13.0484 2948 AcpiPmi - ok
    23:38:13.0734 2948 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    23:38:13.0734 2948 AdobeFlashPlayerUpdateSvc - ok
    23:38:13.0827 2948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    23:38:13.0843 2948 adp94xx - ok
    23:38:13.0890 2948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
    23:38:13.0890 2948 adpahci - ok
    23:38:13.0937 2948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    23:38:13.0937 2948 adpu320 - ok
    23:38:13.0983 2948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    23:38:13.0983 2948 AeLookupSvc - ok
    23:38:14.0015 2948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    23:38:14.0030 2948 AFD - ok
    23:38:14.0061 2948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    23:38:14.0077 2948 agp440 - ok
    23:38:14.0108 2948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    23:38:14.0108 2948 ALG - ok
    23:38:14.0139 2948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    23:38:14.0139 2948 aliide - ok
    23:38:14.0155 2948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    23:38:14.0155 2948 amdide - ok
    23:38:14.0186 2948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    23:38:14.0202 2948 AmdK8 - ok
    23:38:14.0202 2948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
    23:38:14.0202 2948 AmdPPM - ok
    23:38:14.0249 2948 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    23:38:14.0249 2948 amdsata - ok
    23:38:14.0280 2948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    23:38:14.0295 2948 amdsbs - ok
    23:38:14.0311 2948 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    23:38:14.0327 2948 amdxata - ok
    23:38:14.0358 2948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    23:38:14.0358 2948 AppID - ok
    23:38:14.0389 2948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    23:38:14.0405 2948 AppIDSvc - ok
    23:38:14.0420 2948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    23:38:14.0420 2948 Appinfo - ok
    23:38:14.0467 2948 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
    23:38:14.0467 2948 AppMgmt - ok
    23:38:14.0498 2948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
    23:38:14.0498 2948 arc - ok
    23:38:14.0514 2948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
    23:38:14.0514 2948 arcsas - ok
    23:38:14.0545 2948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    23:38:14.0545 2948 AsyncMac - ok
    23:38:14.0576 2948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    23:38:14.0576 2948 atapi - ok
    23:38:14.0670 2948 [ B2931C83CFB12A3223A47B180473AE1A ] athr C:\windows\system32\DRIVERS\athrx.sys
    23:38:14.0701 2948 athr - ok
    23:38:14.0763 2948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    23:38:14.0763 2948 AudioEndpointBuilder - ok
    23:38:14.0779 2948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    23:38:14.0795 2948 AudioSrv - ok
    23:38:14.0826 2948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    23:38:14.0826 2948 AxInstSV - ok
    23:38:14.0873 2948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    23:38:14.0873 2948 b06bdrv - ok
    23:38:14.0904 2948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    23:38:14.0919 2948 b57nd60a - ok
    23:38:14.0982 2948 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\windows\system32\DRIVERS\bcmwlhigh664.sys
    23:38:15.0013 2948 BCMH43XX - ok
    23:38:15.0053 2948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    23:38:15.0053 2948 BDESVC - ok
    23:38:15.0083 2948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    23:38:15.0083 2948 Beep - ok
    23:38:15.0133 2948 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    23:38:15.0153 2948 BFE - ok
    23:38:15.0313 2948 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130208.001_e4a\BHDrvx64.sys
    23:38:15.0323 2948 BHDrvx64 - ok
    23:38:15.0373 2948 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
    23:38:15.0393 2948 BITS - ok
    23:38:15.0413 2948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    23:38:15.0413 2948 blbdrive - ok
    23:38:15.0453 2948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    23:38:15.0453 2948 bowser - ok
    23:38:15.0463 2948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    23:38:15.0463 2948 BrFiltLo - ok
    23:38:15.0493 2948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    23:38:15.0503 2948 BrFiltUp - ok
    23:38:15.0543 2948 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    23:38:15.0543 2948 Browser - ok
    23:38:15.0573 2948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    23:38:15.0583 2948 Brserid - ok
    23:38:15.0623 2948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    23:38:15.0623 2948 BrSerWdm - ok
    23:38:15.0633 2948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    23:38:15.0633 2948 BrUsbMdm - ok
    23:38:15.0643 2948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    23:38:15.0643 2948 BrUsbSer - ok
    23:38:15.0693 2948 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
    23:38:15.0693 2948 BtFilter - ok
    23:38:15.0733 2948 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
    23:38:15.0733 2948 BthEnum - ok
    23:38:15.0753 2948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    23:38:15.0753 2948 BTHMODEM - ok
    23:38:15.0783 2948 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
    23:38:15.0783 2948 BthPan - ok
    23:38:15.0843 2948 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
    23:38:15.0853 2948 BTHPORT - ok
    23:38:15.0903 2948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    23:38:15.0903 2948 bthserv - ok
    23:38:15.0933 2948 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
    23:38:15.0933 2948 BTHUSB - ok
    23:38:16.0013 2948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    23:38:16.0013 2948 cdfs - ok
    23:38:16.0083 2948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    23:38:16.0093 2948 cdrom - ok
    23:38:16.0123 2948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    23:38:16.0123 2948 CertPropSvc - ok
    23:38:16.0243 2948 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    23:38:16.0253 2948 cfWiMAXService - ok
    23:38:16.0293 2948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
    23:38:16.0293 2948 circlass - ok
    23:38:16.0383 2948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    23:38:16.0393 2948 CLFS - ok
    23:38:16.0463 2948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:38:16.0463 2948 clr_optimization_v2.0.50727_32 - ok
    23:38:16.0493 2948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:38:16.0503 2948 clr_optimization_v2.0.50727_64 - ok
    23:38:16.0553 2948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:38:16.0553 2948 clr_optimization_v4.0.30319_32 - ok
    23:38:16.0593 2948 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:38:16.0593 2948 clr_optimization_v4.0.30319_64 - ok
    23:38:16.0623 2948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    23:38:16.0623 2948 CmBatt - ok
    23:38:16.0643 2948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    23:38:16.0643 2948 cmdide - ok
    23:38:16.0693 2948 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    23:38:16.0703 2948 CNG - ok
    23:38:16.0743 2948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    23:38:16.0743 2948 Compbatt - ok
    23:38:16.0773 2948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    23:38:16.0773 2948 CompositeBus - ok
    23:38:16.0783 2948 COMSysApp - ok
    23:38:16.0813 2948 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    23:38:16.0813 2948 ConfigFree Service - ok
    23:38:16.0833 2948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    23:38:16.0833 2948 crcdisk - ok
    23:38:16.0883 2948 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    23:38:16.0883 2948 CryptSvc - ok
    23:38:16.0923 2948 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
    23:38:16.0933 2948 CSC - ok
    23:38:16.0973 2948 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
    23:38:16.0983 2948 CscService - ok
    23:38:17.0023 2948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    23:38:17.0033 2948 DcomLaunch - ok
    23:38:17.0063 2948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    23:38:17.0063 2948 defragsvc - ok
    23:38:17.0083 2948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    23:38:17.0083 2948 DfsC - ok
    23:38:17.0123 2948 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
    23:38:17.0123 2948 dg_ssudbus - ok
    23:38:17.0173 2948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    23:38:17.0183 2948 Dhcp - ok
    23:38:17.0213 2948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    23:38:17.0213 2948 discache - ok
    23:38:17.0253 2948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
    23:38:17.0253 2948 Disk - ok
    23:38:17.0283 2948 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\windows\system32\drivers\dmvsc.sys
    23:38:17.0293 2948 dmvsc - ok
    23:38:17.0323 2948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    23:38:17.0323 2948 Dnscache - ok
    23:38:17.0353 2948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    23:38:17.0353 2948 dot3svc - ok
    23:38:17.0373 2948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    23:38:17.0383 2948 DPS - ok
    23:38:17.0413 2948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    23:38:17.0413 2948 drmkaud - ok
    23:38:17.0453 2948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    23:38:17.0473 2948 DXGKrnl - ok
    23:38:17.0493 2948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    23:38:17.0493 2948 EapHost - ok
    23:38:17.0603 2948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
    23:38:17.0643 2948 ebdrv - ok
    23:38:17.0723 2948 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    23:38:17.0733 2948 eeCtrl - ok
    23:38:17.0763 2948 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    23:38:17.0763 2948 EFS - ok
    23:38:17.0843 2948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    23:38:17.0853 2948 ehRecvr - ok
    23:38:17.0873 2948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    23:38:17.0873 2948 ehSched - ok
    23:38:17.0913 2948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
    23:38:17.0923 2948 elxstor - ok
    23:38:18.0003 2948 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    23:38:18.0013 2948 EraserUtilRebootDrv - ok
    23:38:18.0033 2948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    23:38:18.0033 2948 ErrDev - ok
    23:38:18.0083 2948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    23:38:18.0083 2948 EventSystem - ok
    23:38:18.0103 2948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    23:38:18.0113 2948 exfat - ok
    23:38:18.0143 2948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    23:38:18.0143 2948 fastfat - ok
    23:38:18.0183 2948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    23:38:18.0203 2948 Fax - ok
    23:38:18.0223 2948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
    23:38:18.0223 2948 fdc - ok
    23:38:18.0253 2948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    23:38:18.0253 2948 fdPHost - ok
    23:38:18.0273 2948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    23:38:18.0273 2948 FDResPub - ok
    23:38:18.0303 2948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    23:38:18.0303 2948 FileInfo - ok
    23:38:18.0323 2948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    23:38:18.0323 2948 Filetrace - ok
    23:38:18.0343 2948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    23:38:18.0343 2948 flpydisk - ok
    23:38:18.0363 2948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    23:38:18.0373 2948 FltMgr - ok
    23:38:18.0423 2948 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    23:38:18.0443 2948 FontCache - ok
    23:38:18.0493 2948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:38:18.0493 2948 FontCache3.0.0.0 - ok
    23:38:18.0523 2948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    23:38:18.0523 2948 FsDepends - ok
    23:38:18.0543 2948 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
    23:38:18.0543 2948 fssfltr - ok
    23:38:18.0623 2948 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    23:38:18.0643 2948 fsssvc - ok
    23:38:18.0673 2948 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    23:38:18.0673 2948 Fs_Rec - ok
    23:38:18.0693 2948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    23:38:18.0703 2948 fvevol - ok
    23:38:18.0733 2948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    23:38:18.0733 2948 gagp30kx - ok
    23:38:18.0793 2948 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    23:38:18.0803 2948 GameConsoleService - ok
    23:38:18.0853 2948 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
    23:38:18.0853 2948 GFNEXSrv - ok
    23:38:18.0893 2948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    23:38:18.0903 2948 gpsvc - ok
    23:38:18.0983 2948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:38:18.0983 2948 gupdate - ok
    23:38:18.0993 2948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:38:18.0993 2948 gupdatem - ok
    23:38:19.0043 2948 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:38:19.0053 2948 gusvc - ok
    23:38:19.0083 2948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    23:38:19.0083 2948 hcw85cir - ok
    23:38:19.0103 2948 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    23:38:19.0113 2948 HdAudAddService - ok
    23:38:19.0143 2948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    23:38:19.0143 2948 HDAudBus - ok
    23:38:19.0153 2948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    23:38:19.0153 2948 HidBatt - ok
    23:38:19.0163 2948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
    23:38:19.0173 2948 HidBth - ok
    23:38:19.0183 2948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
    23:38:19.0183 2948 HidIr - ok
    23:38:19.0203 2948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    23:38:19.0203 2948 hidserv - ok
    23:38:19.0253 2948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    23:38:19.0253 2948 HidUsb - ok
    23:38:19.0283 2948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    23:38:19.0283 2948 hkmsvc - ok
    23:38:19.0303 2948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    23:38:19.0313 2948 HomeGroupListener - ok
    23:38:19.0333 2948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    23:38:19.0343 2948 HomeGroupProvider - ok
    23:38:19.0363 2948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    23:38:19.0363 2948 HpSAMD - ok
    23:38:19.0423 2948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    23:38:19.0443 2948 HTTP - ok
    23:38:19.0463 2948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    23:38:19.0463 2948 hwpolicy - ok
    23:38:19.0503 2948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    23:38:19.0503 2948 i8042prt - ok
    23:38:19.0543 2948 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    23:38:19.0553 2948 iaStor - ok
    23:38:19.0603 2948 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    23:38:19.0613 2948 iaStorV - ok
    23:38:19.0663 2948 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    23:38:19.0663 2948 IDriverT - ok
    23:38:19.0723 2948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:38:19.0743 2948 idsvc - ok
    23:38:19.0823 2948 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130215.002\IDSvia64.sys
    23:38:19.0843 2948 IDSVia64 - ok
    23:38:19.0873 2948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
    23:38:19.0883 2948 iirsp - ok
    23:38:19.0933 2948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    23:38:19.0953 2948 IKEEXT - ok
    23:38:20.0083 2948 [ 16C324E22208E6E8336C3F2DA14CFE2D ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    23:38:20.0113 2948 IntcAzAudAddService - ok
    23:38:20.0123 2948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    23:38:20.0123 2948 intelide - ok
    23:38:20.0153 2948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    23:38:20.0153 2948 intelppm - ok
    23:38:20.0193 2948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    23:38:20.0193 2948 IPBusEnum - ok
    23:38:20.0223 2948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    23:38:20.0223 2948 IpFilterDriver - ok
    23:38:20.0273 2948 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    23:38:20.0293 2948 iphlpsvc - ok
    23:38:20.0313 2948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    23:38:20.0313 2948 IPMIDRV - ok
    23:38:20.0343 2948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    23:38:20.0343 2948 IPNAT - ok
    23:38:20.0363 2948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    23:38:20.0363 2948 IRENUM - ok
    23:38:20.0383 2948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    23:38:20.0383 2948 isapnp - ok
    23:38:20.0393 2948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    23:38:20.0403 2948 iScsiPrt - ok
    23:38:20.0423 2948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    23:38:20.0423 2948 kbdclass - ok
    23:38:20.0453 2948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    23:38:20.0453 2948 kbdhid - ok
    23:38:20.0473 2948 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    23:38:20.0473 2948 KeyIso - ok
    23:38:20.0503 2948 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    23:38:20.0503 2948 KSecDD - ok
    23:38:20.0513 2948 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    23:38:20.0513 2948 KSecPkg - ok
    23:38:20.0553 2948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    23:38:20.0553 2948 ksthunk - ok
    23:38:20.0593 2948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    23:38:20.0593 2948 KtmRm - ok
    23:38:20.0633 2948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    23:38:20.0643 2948 LanmanServer - ok
    23:38:20.0663 2948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    23:38:20.0663 2948 LanmanWorkstation - ok
    23:38:20.0693 2948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    23:38:20.0693 2948 lltdio - ok
    23:38:20.0713 2948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    23:38:20.0723 2948 lltdsvc - ok
    23:38:20.0743 2948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    23:38:20.0743 2948 lmhosts - ok
    23:38:20.0813 2948 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    23:38:20.0823 2948 LMS - ok
    23:38:20.0843 2948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    23:38:20.0853 2948 LSI_FC - ok
    23:38:20.0883 2948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    23:38:20.0883 2948 LSI_SAS - ok
    23:38:20.0903 2948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    23:38:20.0903 2948 LSI_SAS2 - ok
    23:38:20.0943 2948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    23:38:20.0943 2948 LSI_SCSI - ok
    23:38:20.0963 2948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    23:38:20.0963 2948 luafv - ok
    23:38:20.0993 2948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    23:38:21.0003 2948 Mcx2Svc - ok
    23:38:21.0033 2948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
    23:38:21.0033 2948 megasas - ok
    23:38:21.0073 2948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    23:38:21.0083 2948 MegaSR - ok
    23:38:21.0123 2948 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    23:38:21.0123 2948 MEIx64 - ok
    23:38:21.0183 2948 Microsoft SharePoint Workspace Audit Service - ok
    23:38:21.0213 2948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    23:38:21.0223 2948 MMCSS - ok
    23:38:21.0243 2948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    23:38:21.0243 2948 Modem - ok
    23:38:21.0283 2948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    23:38:21.0283 2948 monitor - ok
    23:38:21.0323 2948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    23:38:21.0323 2948 mouclass - ok
    23:38:21.0343 2948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    23:38:21.0343 2948 mouhid - ok
    23:38:21.0363 2948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    23:38:21.0363 2948 mountmgr - ok
    23:38:21.0383 2948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    23:38:21.0383 2948 mpio - ok
    23:38:21.0403 2948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    23:38:21.0403 2948 mpsdrv - ok
    23:38:21.0453 2948 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    23:38:21.0463 2948 MpsSvc - ok
    23:38:21.0483 2948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    23:38:21.0483 2948 MRxDAV - ok
    23:38:21.0513 2948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    23:38:21.0513 2948 mrxsmb - ok
    23:38:21.0533 2948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    23:38:21.0533 2948 mrxsmb10 - ok
    23:38:21.0553 2948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    23:38:21.0553 2948 mrxsmb20 - ok
    23:38:21.0583 2948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
    23:38:21.0583 2948 msahci - ok
    23:38:21.0603 2948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    23:38:21.0603 2948 msdsm - ok
    23:38:21.0623 2948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    23:38:21.0633 2948 MSDTC - ok
    23:38:21.0673 2948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    23:38:21.0673 2948 Msfs - ok
    23:38:21.0703 2948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    23:38:21.0703 2948 mshidkmdf - ok
    23:38:21.0703 2948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    23:38:21.0703 2948 msisadrv - ok
    23:38:21.0743 2948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    23:38:21.0743 2948 MSiSCSI - ok
    23:38:21.0743 2948 msiserver - ok
    23:38:21.0783 2948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    23:38:21.0783 2948 MSKSSRV - ok
    23:38:21.0793 2948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    23:38:21.0803 2948 MSPCLOCK - ok
    23:38:21.0803 2948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    23:38:21.0803 2948 MSPQM - ok
    23:38:21.0833 2948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    23:38:21.0833 2948 MsRPC - ok
    23:38:21.0843 2948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    23:38:21.0843 2948 mssmbios - ok
    23:38:21.0883 2948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    23:38:21.0883 2948 MSTEE - ok
    23:38:21.0913 2948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    23:38:21.0913 2948 MTConfig - ok
    23:38:21.0933 2948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    23:38:21.0933 2948 Mup - ok
    23:38:21.0983 2948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    23:38:21.0993 2948 napagent - ok
    23:38:22.0053 2948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    23:38:22.0063 2948 NativeWifiP - ok
    23:38:22.0113 2948 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130216.009\ENG64.SYS
    23:38:22.0113 2948 NAVENG - ok
    23:38:22.0183 2948 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130216.009\EX64.SYS
    23:38:22.0193 2948 NAVEX15 - ok
    23:38:22.0253 2948 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    23:38:22.0273 2948 NDIS - ok
    23:38:22.0313 2948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    23:38:22.0313 2948 NdisCap - ok
    23:38:22.0343 2948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    23:38:22.0353 2948 NdisTapi - ok
    23:38:22.0363 2948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    23:38:22.0373 2948 Ndisuio - ok
    23:38:22.0393 2948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    23:38:22.0393 2948 NdisWan - ok
    23:38:22.0433 2948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    23:38:22.0433 2948 NDProxy - ok
    23:38:22.0463 2948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    23:38:22.0463 2948 NetBIOS - ok
    23:38:22.0483 2948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    23:38:22.0493 2948 NetBT - ok
    23:38:22.0503 2948 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    23:38:22.0503 2948 Netlogon - ok
    23:38:22.0573 2948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    23:38:22.0583 2948 Netman - ok
    23:38:22.0603 2948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    23:38:22.0603 2948 netprofm - ok
    23:38:22.0633 2948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:38:22.0633 2948 NetTcpPortSharing - ok
    23:38:22.0663 2948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    23:38:22.0663 2948 nfrd960 - ok
    23:38:22.0733 2948 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    23:38:22.0733 2948 NIS - ok
    23:38:22.0783 2948 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
    23:38:22.0793 2948 NlaSvc - ok
    23:38:22.0813 2948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    23:38:22.0813 2948 Npfs - ok
    23:38:22.0833 2948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    23:38:22.0843 2948 nsi - ok
    23:38:22.0863 2948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    23:38:22.0863 2948 nsiproxy - ok
    23:38:22.0953 2948 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    23:38:22.0973 2948 Ntfs - ok
    23:38:22.0993 2948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    23:38:23.0003 2948 Null - ok
    23:38:23.0023 2948 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
    23:38:23.0033 2948 nusb3hub - ok
    23:38:23.0043 2948 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
    23:38:23.0053 2948 nusb3xhc - ok
    23:38:23.0093 2948 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
    23:38:23.0093 2948 NVHDA - ok
    23:38:23.0393 2948 [ 830886C8D7C17710F615C5705C41C9EA ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
    23:38:23.0643 2948 nvlddmkm - ok
    23:38:23.0673 2948 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    23:38:23.0673 2948 nvraid - ok
    23:38:23.0703 2948 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    23:38:23.0703 2948 nvstor - ok
    23:38:23.0773 2948 [ 8A8A19E613B3684F4F42E65038F6F338 ] NVSvc C:\windows\system32\nvvsvc.exe
    23:38:23.0793 2948 NVSvc - ok
    23:38:23.0803 2948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    23:38:23.0813 2948 nv_agp - ok
    23:38:23.0833 2948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    23:38:23.0833 2948 ohci1394 - ok
    23:38:23.0883 2948 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:38:23.0883 2948 ose - ok
    23:38:24.0133 2948 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:38:24.0263 2948 osppsvc - ok
    23:38:24.0293 2948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    23:38:24.0303 2948 p2pimsvc - ok
    23:38:24.0313 2948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    23:38:24.0323 2948 p2psvc - ok
    23:38:24.0343 2948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
    23:38:24.0343 2948 Parport - ok
    23:38:24.0363 2948 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    23:38:24.0363 2948 partmgr - ok
    23:38:24.0393 2948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    23:38:24.0393 2948 PcaSvc - ok
    23:38:24.0433 2948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    23:38:24.0433 2948 pci - ok
    23:38:24.0453 2948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
    23:38:24.0453 2948 pciide - ok
    23:38:24.0473 2948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    23:38:24.0483 2948 pcmcia - ok
    23:38:24.0513 2948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    23:38:24.0513 2948 pcw - ok
    23:38:24.0543 2948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    23:38:24.0553 2948 PEAUTH - ok
    23:38:24.0603 2948 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
    23:38:24.0623 2948 PeerDistSvc - ok
    23:38:24.0713 2948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    23:38:24.0713 2948 PerfHost - ok
    23:38:24.0743 2948 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    23:38:24.0753 2948 PGEffect - ok
    23:38:24.0803 2948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    23:38:24.0833 2948 pla - ok
    23:38:24.0873 2948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    23:38:24.0873 2948 PlugPlay - ok
    23:38:24.0893 2948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    23:38:24.0893 2948 PNRPAutoReg - ok
    23:38:24.0923 2948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    23:38:24.0923 2948 PNRPsvc - ok
    23:38:24.0953 2948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    23:38:24.0963 2948 PolicyAgent - ok
    23:38:25.0003 2948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    23:38:25.0003 2948 Power - ok
    23:38:25.0043 2948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    23:38:25.0053 2948 PptpMiniport - ok
    23:38:25.0073 2948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
    23:38:25.0073 2948 Processor - ok
    23:38:25.0103 2948 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    23:38:25.0113 2948 ProfSvc - ok
    23:38:25.0123 2948 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    23:38:25.0133 2948 ProtectedStorage - ok
    23:38:25.0173 2948 [ 10F8696A2FF000E93C86C3155912B619 ] ProtectorA C:\windows\system32\drivers\ProtectorA.sys
    23:38:25.0173 2948 ProtectorA - ok
    23:38:25.0203 2948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    23:38:25.0203 2948 Psched - ok
    23:38:25.0293 2948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    23:38:25.0323 2948 ql2300 - ok
    23:38:25.0343 2948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    23:38:25.0343 2948 ql40xx - ok
    23:38:25.0383 2948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    23:38:25.0393 2948 QWAVE - ok
    23:38:25.0403 2948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    23:38:25.0403 2948 QWAVEdrv - ok
    23:38:25.0433 2948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    23:38:25.0433 2948 RasAcd - ok
    23:38:25.0473 2948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    23:38:25.0483 2948 RasAgileVpn - ok
    23:38:25.0513 2948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    23:38:25.0523 2948 RasAuto - ok
    23:38:25.0553 2948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    23:38:25.0563 2948 Rasl2tp - ok
    23:38:25.0593 2948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    23:38:25.0603 2948 RasMan - ok
    23:38:25.0633 2948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    23:38:25.0633 2948 RasPppoe - ok
    23:38:25.0673 2948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    23:38:25.0673 2948 RasSstp - ok
    23:38:25.0693 2948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    23:38:25.0703 2948 rdbss - ok
    23:38:25.0713 2948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    23:38:25.0713 2948 rdpbus - ok
    23:38:25.0733 2948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    23:38:25.0733 2948 RDPCDD - ok
    23:38:25.0753 2948 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
    23:38:25.0763 2948 RDPDR - ok
    23:38:25.0783 2948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    23:38:25.0783 2948 RDPENCDD - ok
    23:38:25.0813 2948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    23:38:25.0813 2948 RDPREFMP - ok
    23:38:25.0843 2948 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    23:38:25.0853 2948 RDPWD - ok
    23:38:25.0863 2948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    23:38:25.0873 2948 rdyboost - ok
    23:38:25.0883 2948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    23:38:25.0893 2948 RemoteAccess - ok
    23:38:25.0913 2948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    23:38:25.0923 2948 RemoteRegistry - ok
    23:38:25.0953 2948 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
    23:38:25.0953 2948 RFCOMM - ok
    23:38:25.0983 2948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    23:38:25.0983 2948 RpcEptMapper - ok
    23:38:26.0013 2948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    23:38:26.0023 2948 RpcLocator - ok
    23:38:26.0063 2948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    23:38:26.0073 2948 RpcSs - ok
    23:38:26.0113 2948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    23:38:26.0123 2948 rspndr - ok
    23:38:26.0173 2948 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    23:38:26.0183 2948 RSUSBSTOR - ok
    23:38:26.0213 2948 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    23:38:26.0213 2948 RTL8167 - ok
    23:38:26.0243 2948 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
    23:38:26.0243 2948 s3cap - ok
    23:38:26.0263 2948 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    23:38:26.0263 2948 SamSs - ok
    23:38:26.0283 2948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    23:38:26.0283 2948 sbp2port - ok
    23:38:26.0313 2948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    23:38:26.0313 2948 SCardSvr - ok
    23:38:26.0343 2948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    23:38:26.0343 2948 scfilter - ok
    23:38:26.0403 2948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    23:38:26.0423 2948 Schedule - ok
    23:38:26.0443 2948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    23:38:26.0443 2948 SCPolicySvc - ok
    23:38:26.0473 2948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    23:38:26.0473 2948 SDRSVC - ok
    23:38:26.0513 2948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    23:38:26.0513 2948 secdrv - ok
    23:38:26.0543 2948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    23:38:26.0543 2948 seclogon - ok
    23:38:26.0573 2948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    23:38:26.0583 2948 SENS - ok
    23:38:26.0583 2948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    23:38:26.0593 2948 SensrSvc - ok
    23:38:26.0603 2948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
    23:38:26.0613 2948 Serenum - ok
    23:38:26.0643 2948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
    23:38:26.0643 2948 Serial - ok
    23:38:26.0663 2948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
    23:38:26.0663 2948 sermouse - ok
    23:38:26.0703 2948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    23:38:26.0713 2948 SessionEnv - ok
    23:38:26.0733 2948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    23:38:26.0733 2948 sffdisk - ok
    23:38:26.0753 2948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    23:38:26.0753 2948 sffp_mmc - ok
    23:38:26.0753 2948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    23:38:26.0753 2948 sffp_sd - ok
    23:38:26.0763 2948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    23:38:26.0763 2948 sfloppy - ok
    23:38:26.0793 2948 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    23:38:26.0793 2948 SharedAccess - ok
    23:38:26.0813 2948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    23:38:26.0823 2948 ShellHWDetection - ok
    23:38:26.0863 2948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    23:38:26.0863 2948 SiSRaid2 - ok
    23:38:26.0883 2948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    23:38:26.0893 2948 SiSRaid4 - ok
    23:38:26.0953 2948 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    23:38:26.0963 2948 SkypeUpdate - ok
    23:38:26.0993 2948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    23:38:27.0003 2948 Smb - ok
    23:38:27.0043 2948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    23:38:27.0053 2948 SNMPTRAP - ok
    23:38:27.0063 2948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    23:38:27.0063 2948 spldr - ok
    23:38:27.0113 2948 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    23:38:27.0123 2948 Spooler - ok
    23:38:27.0233 2948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    23:38:27.0323 2948 sppsvc - ok
    23:38:27.0353 2948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    23:38:27.0353 2948 sppuinotify - ok
    23:38:27.0423 2948 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
    23:38:27.0433 2948 SRTSP - ok
    23:38:27.0463 2948 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
    23:38:27.0463 2948 SRTSPX - ok
    23:38:27.0493 2948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    23:38:27.0493 2948 srv - ok
    23:38:27.0513 2948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    23:38:27.0523 2948 srv2 - ok
    23:38:27.0533 2948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    23:38:27.0533 2948 srvnet - ok
    23:38:27.0573 2948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    23:38:27.0573 2948 SSDPSRV - ok
    23:38:27.0583 2948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    23:38:27.0583 2948 SstpSvc - ok
    23:38:27.0623 2948 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
    23:38:27.0633 2948 ssudmdm - ok
    23:38:27.0683 2948 [ 2E6A405505BBEF41998F0241D83B0CCE ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    23:38:27.0693 2948 Stereo Service - ok
    23:38:27.0723 2948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
    23:38:27.0723 2948 stexstor - ok
    23:38:27.0773 2948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    23:38:27.0783 2948 stisvc - ok
    23:38:27.0803 2948 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
    23:38:27.0803 2948 storflt - ok
    23:38:27.0823 2948 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
    23:38:27.0823 2948 StorSvc - ok
    23:38:27.0843 2948 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
    23:38:27.0853 2948 storvsc - ok
    23:38:27.0863 2948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    23:38:27.0863 2948 swenum - ok
    23:38:27.0933 2948 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    23:38:27.0943 2948 SwitchBoard - ok
    23:38:28.0013 2948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    23:38:28.0023 2948 swprv - ok
    23:38:28.0063 2948 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
    23:38:28.0073 2948 SymDS - ok
    23:38:28.0123 2948 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
    23:38:28.0133 2948 SymEFA - ok
    23:38:28.0163 2948 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    23:38:28.0173 2948 SymEvent - ok
    23:38:28.0203 2948 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
    23:38:28.0203 2948 SymIRON - ok
    23:38:28.0243 2948 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
    23:38:28.0253 2948 SymNetS - ok
    23:38:28.0323 2948 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    23:38:28.0343 2948 SynTP - ok
    23:38:28.0423 2948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    23:38:28.0443 2948 SysMain - ok
    23:38:28.0463 2948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    23:38:28.0463 2948 TabletInputService - ok
    23:38:28.0503 2948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    23:38:28.0503 2948 TapiSrv - ok
    23:38:28.0523 2948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    23:38:28.0533 2948 TBS - ok
    23:38:28.0603 2948 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    23:38:28.0643 2948 Tcpip - ok
    23:38:28.0693 2948 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    23:38:28.0713 2948 TCPIP6 - ok
    23:38:28.0743 2948 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    23:38:28.0743 2948 tcpipreg - ok
    23:38:28.0783 2948 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    23:38:28.0783 2948 tdcmdpst - ok
    23:38:28.0803 2948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    23:38:28.0813 2948 TDPIPE - ok
    23:38:28.0833 2948 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    23:38:28.0843 2948 TDTCP - ok
    23:38:28.0863 2948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    23:38:28.0873 2948 tdx - ok
    23:38:28.0903 2948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    23:38:28.0903 2948 TermDD - ok
    23:38:28.0953 2948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    23:38:28.0973 2948 TermService - ok
    23:38:28.0993 2948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    23:38:28.0993 2948 Themes - ok
    23:38:29.0033 2948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    23:38:29.0033 2948 THREADORDER - ok
    23:38:29.0103 2948 [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    23:38:29.0113 2948 TMachInfo - ok
    23:38:29.0143 2948 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
    23:38:29.0153 2948 TODDSrv - ok
    23:38:29.0213 2948 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    23:38:29.0223 2948 TosCoSrv - ok
    23:38:29.0283 2948 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    23:38:29.0283 2948 TOSHIBA Bluetooth Service - ok
    23:38:29.0333 2948 [ D33D5588576B04FC489DCCC66E98F546 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    23:38:29.0343 2948 TOSHIBA eco Utility Service - ok
    23:38:29.0383 2948 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    23:38:29.0393 2948 TOSHIBA HDD SSD Alert Service - ok
    23:38:29.0443 2948 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
    23:38:29.0443 2948 tosporte - ok
    23:38:29.0493 2948 [ 09CF82C0068C7CFF7E2B3797BE7F5CC2 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
    23:38:29.0493 2948 tosrfbd - ok
    23:38:29.0543 2948 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
    23:38:29.0543 2948 tosrfbnp - ok
    23:38:29.0573 2948 [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
    23:38:29.0583 2948 Tosrfcom - ok
    23:38:29.0623 2948 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
    23:38:29.0623 2948 tosrfec - ok
    23:38:29.0643 2948 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
    23:38:29.0643 2948 Tosrfhid - ok
    23:38:29.0683 2948 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
    23:38:29.0683 2948 tosrfnds - ok
    23:38:29.0703 2948 [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
    23:38:29.0703 2948 TosRfSnd - ok
    23:38:29.0723 2948 [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
    23:38:29.0723 2948 Tosrfusb - ok
    23:38:29.0783 2948 [ D65C6B0C070534336B72005391B6168A ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    23:38:29.0793 2948 TPCHSrv - ok
    23:38:29.0813 2948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    23:38:29.0823 2948 TrkWks - ok
    23:38:29.0873 2948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    23:38:29.0873 2948 TrustedInstaller - ok
    23:38:29.0893 2948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    23:38:29.0903 2948 tssecsrv - ok
    23:38:29.0923 2948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    23:38:29.0933 2948 TsUsbFlt - ok
    23:38:29.0943 2948 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    23:38:29.0943 2948 TsUsbGD - ok
    23:38:29.0993 2948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    23:38:29.0993 2948 tunnel - ok
    23:38:30.0023 2948 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    23:38:30.0023 2948 TVALZ - ok
    23:38:30.0043 2948 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    23:38:30.0043 2948 TVALZFL - ok
    23:38:30.0063 2948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    23:38:30.0063 2948 uagp35 - ok
    23:38:30.0093 2948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    23:38:30.0103 2948 udfs - ok
    23:38:30.0133 2948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    23:38:30.0133 2948 UI0Detect - ok
    23:38:30.0143 2948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    23:38:30.0153 2948 uliagpkx - ok
    23:38:30.0173 2948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
    23:38:30.0173 2948 umbus - ok
    23:38:30.0193 2948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
    23:38:30.0193 2948 UmPass - ok
    23:38:30.0203 2948 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
    23:38:30.0213 2948 UmRdpService - ok
    23:38:30.0343 2948 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    23:38:30.0383 2948 UNS - ok
    23:38:30.0413 2948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    23:38:30.0423 2948 upnphost - ok
    23:38:30.0453 2948 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    23:38:30.0453 2948 usbccgp - ok
    23:38:30.0483 2948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    23:38:30.0493 2948 usbcir - ok
    23:38:30.0513 2948 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    23:38:30.0513 2948 usbehci - ok
    23:38:30.0553 2948 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    23:38:30.0563 2948 usbhub - ok
    23:38:30.0583 2948 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    23:38:30.0583 2948 usbohci - ok
    23:38:30.0613 2948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
    23:38:30.0623 2948 usbprint - ok
    23:38:30.0643 2948 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    23:38:30.0653 2948 USBSTOR - ok
    23:38:30.0673 2948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    23:38:30.0683 2948 usbuhci - ok
    23:38:30.0713 2948 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    23:38:30.0723 2948 usbvideo - ok
    23:38:30.0753 2948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    23:38:30.0753 2948 UxSms - ok
    23:38:30.0773 2948 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    23:38:30.0773 2948 VaultSvc - ok
    23:38:30.0783 2948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    23:38:30.0783 2948 vdrvroot - ok
    23:38:30.0813 2948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    23:38:30.0813 2948 vds - ok
    23:38:30.0843 2948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    23:38:30.0843 2948 vga - ok
    23:38:30.0863 2948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    23:38:30.0863 2948 VgaSave - ok
    23:38:30.0883 2948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    23:38:30.0893 2948 vhdmp - ok
    23:38:30.0903 2948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    23:38:30.0903 2948 viaide - ok
    23:38:30.0943 2948 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
    23:38:30.0953 2948 vmbus - ok
    23:38:30.0973 2948 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
    23:38:30.0973 2948 VMBusHID - ok
    23:38:30.0983 2948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    23:38:30.0983 2948 volmgr - ok
    23:38:31.0023 2948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    23:38:31.0033 2948 volmgrx - ok
    23:38:31.0053 2948 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    23:38:31.0053 2948 volsnap - ok
    23:38:31.0093 2948 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
    23:38:31.0103 2948 vpcbus - ok
    23:38:31.0133 2948 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
    23:38:31.0143 2948 vpcnfltr - ok
    23:38:31.0163 2948 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
    23:38:31.0173 2948 vpcusb - ok
    23:38:31.0213 2948 [ 510D250A08C09850F5C78CA2011B3B62 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
    23:38:31.0233 2948 vpcvmm - ok
    23:38:31.0263 2948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    23:38:31.0273 2948 vsmraid - ok
    23:38:31.0363 2948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    23:38:31.0403 2948 VSS - ok
    23:38:31.0423 2948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    23:38:31.0423 2948 vwifibus - ok
    23:38:31.0463 2948 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    23:38:31.0463 2948 vwififlt - ok
    23:38:31.0493 2948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    23:38:31.0503 2948 W32Time - ok
    23:38:31.0513 2948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    23:38:31.0523 2948 WacomPen - ok
    23:38:31.0573 2948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    23:38:31.0573 2948 WANARP - ok
    23:38:31.0583 2948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    23:38:31.0583 2948 Wanarpv6 - ok
    23:38:31.0663 2948 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    23:38:31.0683 2948 WatAdminSvc - ok
    23:38:31.0753 2948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    23:38:31.0773 2948 wbengine - ok
    23:38:31.0783 2948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    23:38:31.0793 2948 WbioSrvc - ok
    23:38:31.0823 2948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    23:38:31.0833 2948 wcncsvc - ok
    23:38:31.0843 2948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    23:38:31.0853 2948 WcsPlugInService - ok
    23:38:31.0873 2948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    23:38:31.0873 2948 Wd - ok
    23:38:31.0913 2948 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    23:38:31.0923 2948 Wdf01000 - ok
    23:38:31.0943 2948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    23:38:31.0953 2948 WdiServiceHost - ok
    23:38:31.0953 2948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    23:38:31.0953 2948 WdiSystemHost - ok
    23:38:31.0993 2948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    23:38:32.0003 2948 WebClient - ok
    23:38:32.0013 2948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    23:38:32.0023 2948 Wecsvc - ok
    23:38:32.0043 2948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    23:38:32.0043 2948 wercplsupport - ok
    23:38:32.0073 2948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    23:38:32.0083 2948 WerSvc - ok
    23:38:32.0103 2948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    23:38:32.0113 2948 WfpLwf - ok
    23:38:32.0133 2948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    23:38:32.0133 2948 WIMMount - ok
    23:38:32.0153 2948 WinDefend - ok
    23:38:32.0163 2948 WinHttpAutoProxySvc - ok
    23:38:32.0213 2948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    23:38:32.0223 2948 Winmgmt - ok
    23:38:32.0293 2948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    23:38:32.0333 2948 WinRM - ok
    23:38:32.0373 2948 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    23:38:32.0383 2948 WinUsb - ok
    23:38:32.0433 2948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    23:38:32.0443 2948 Wlansvc - ok
    23:38:32.0473 2948 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    23:38:32.0483 2948 wlcrasvc - ok
    23:38:32.0593 2948 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:38:32.0623 2948 wlidsvc - ok
    23:38:32.0653 2948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
    23:38:32.0653 2948 WmiAcpi - ok
    23:38:32.0693 2948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    23:38:32.0693 2948 wmiApSrv - ok
    23:38:32.0723 2948 WMPNetworkSvc - ok
    23:38:32.0743 2948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    23:38:32.0743 2948 WPCSvc - ok
    23:38:32.0763 2948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    23:38:32.0773 2948 WPDBusEnum - ok
    23:38:32.0803 2948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    23:38:32.0803 2948 ws2ifsl - ok
    23:38:32.0823 2948 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    23:38:32.0823 2948 wscsvc - ok
    23:38:32.0823 2948 WSearch - ok
    23:38:32.0903 2948 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    23:38:32.0923 2948 wuauserv - ok
    23:38:32.0963 2948 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    23:38:32.0963 2948 WudfPf - ok
    23:38:32.0993 2948 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    23:38:32.0993 2948 WUDFRd - ok
    23:38:33.0023 2948 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    23:38:33.0023 2948 wudfsvc - ok
    23:38:33.0053 2948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    23:38:33.0063 2948 WwanSvc - ok
    23:38:33.0093 2948 ================ Scan global ===============================
    23:38:33.0113 2948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    23:38:33.0153 2948 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
    23:38:33.0163 2948 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
    23:38:33.0193 2948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    23:38:33.0213 2948 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    23:38:33.0223 2948 [Global] - ok
    23:38:33.0223 2948 ================ Scan MBR ==================================
    23:38:33.0233 2948 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    23:38:33.0423 2948 \Device\Harddisk0\DR0 - ok
    23:38:33.0433 2948 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk1\DR1
    23:38:33.0953 2948 \Device\Harddisk1\DR1 - ok
    23:38:33.0953 2948 ================ Scan VBR ==================================
    23:38:33.0983 2948 [ BB21B3489D944DA86A9E93EC869076FA ] \Device\Harddisk0\DR0\Partition1
    23:38:33.0983 2948 \Device\Harddisk0\DR0\Partition1 - ok
    23:38:33.0993 2948 [ 12EEAD5AE3FFE973C18032A46D5607A6 ] \Device\Harddisk1\DR1\Partition1
    23:38:33.0993 2948 \Device\Harddisk1\DR1\Partition1 - ok
    23:38:33.0993 2948 [ 903B0202A30307C0CF76927595C05C07 ] \Device\Harddisk1\DR1\Partition2
    23:38:34.0003 2948 \Device\Harddisk1\DR1\Partition2 - ok
    23:38:34.0003 2948 ============================================================
    23:38:34.0003 2948 Scan finished
    23:38:34.0003 2948 ============================================================
    23:38:34.0013 2472 Detected object count: 0
    23:38:34.0013 2472 Actual detected object count: 0
    23:38:43.0257 4640 Deinitialize success
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    nothing showing there at all. Are you still getting virus alert warnings or any strange behaviour?
     
  9. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    no i havent received any warnings and there is no real weird behaviour the only thing is havent used this comp much because in order to start using ill need to put passwords in it. im running another norton scan again.
     
  10. rogerrab

    rogerrab Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    7
    i ran the norton scan and it said

    there was trojan.gen.2 that it has fully resolved. no mention of zero.access.toolkit.

    it says items were fully resolved and that i should restart.

    i will do another scan just to see if it finds it again.

    if it is not found again, do you think it is safe to start using this machine again ?

    thanks for all your help.
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    if you think it is all OK & scans come back clean, then that is OK
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089647

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice