1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe Trojan

Discussion in 'Virus & Other Malware Removal' started by GrundelSlayer, Mar 19, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    Good Evening. I have been experiencing this trojan for a couple of weeks now and MalwareBytes hasn't done any good in removing it, nor has Norton Security. I am hoping I can get some help getting it off of my computer because I've been experiencing frequent Blue Screens of Death.

    I am including my latest log from Malware Bytes and info about my computer below:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
    Processor Count: 2
    RAM: 3686 Mb
    Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
    Hard Drives: C: Total - 291227 MB, Free - 57040 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: Norton Security Suite, Updated and Enabled

    Malware Log:


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.15.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Greg :: GREG-PC [administrator]

    Protection: Enabled

    3/19/2012 10:17:05 PM
    mbam-log-2012-03-19 (22-23-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 189497
    Time elapsed: 5 minute(s), 44 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3292 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
     
  2. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Hi and welcome!

    Click here to download HijackThis.exe
    • Save it to your desktop.
    • Doubleclick on the HijackThis.exe icon on your desktop.
    • Click on Install.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:54:00 PM, on 3/21/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Greg\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk = Greg\AppData\Local\Temp\RunDll32.exe
    O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    O4 - Global Startup: vpngui.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10724 bytes
     
  4. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT! Save ComboFix.exe to your Desktop


    Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click on ComboFix.exe & follow the prompts.


    Click on Yes to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  5. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    This step gave me some trouble. First, MalwareBytes wouldn't let me shut it down and froze and I had to do a hard restart of the computer, and then when I was running Combofix, I got a BSD twice before running it in Safe Mode. Then after it restarted and created the log, I had to restart again because I didn't have access to any of my files on my computer including my internet browser. But the computer let me on now, so I am posting the log.

    Thanks a lot for your help. I am going to be sure to donate to the site.

    ComboFix 12-03-22.01 - Greg 03/23/2012 2:36.3.2 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2647 [GMT -4:00]
    Running from: c:\users\Greg\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-23 06:47 . 2012-03-23 06:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-20 11:32 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
    2012-03-20 02:09 . 2012-03-20 02:09 388096 ----a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-20 02:09 . 2012-03-20 02:09 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-03-19 03:22 . 2012-03-19 03:22 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-03-19 03:21 . 2012-03-19 03:21 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-03-15 17:49 . 2012-03-15 17:49 -------- d-----w- c:\windows\system32\Macromed
    2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- c:\users\Greg\AppData\Roaming\AccurateRip
    2012-03-15 15:07 . 2012-03-15 15:05 6908648 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- c:\program files (x86)\Illustrate
    2012-03-14 12:10 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 12:10 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 12:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 12:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 12:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 12:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 12:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 12:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 12:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 12:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 04:19 . 2012-03-13 04:19 0 ----a-w- c:\windows\SysWow64\shoD196.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-19 03:21 . 2011-07-22 01:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-15 17:49 . 2011-07-22 01:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-04 10:44 . 2012-02-14 18:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-14 18:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26 . 2012-02-14 18:30 515584 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-30 05:27 . 2012-02-14 18:30 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59 . 2012-02-14 18:30 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\users\Greg\AppData\Local\Temp\RunDll32.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-2-15 4720200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
    S1 GIDv2;GIDv2; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSvia64.sys [2012-03-06 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-02-15 65096]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623571670-927515603-3617350937-1000Core.job
    - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:52]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623571670-927515603-3617350937-1000UA.job
    - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:52]
    .
    2012-03-23 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-03 05:35]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A8106BFF-98E0-4862-8186-128ED4CD5C29}: NameServer = 134.126.13.11,134.126.64.11
    FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\eogm1csf.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-23 03:01:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-23 07:01
    .
    Pre-Run: 59,890,434,048 bytes free
    Post-Run: 60,872,806,400 bytes free
    .
    - - End Of File - - D3C50BAD6695A88893703222E507FC33
     
  6. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Please run the following:

    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  7. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    After a reboot, it didn't produce a log in the file under the C Drive, so I had to run another scan. While looking for the log, I got another message from MalwareBytes about detecting the file. Possibility of malwarebytes being infected?

    11:36:06.0696 5028 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    11:36:07.0070 5028 ============================================================
    11:36:07.0070 5028 Current date / time: 2012/03/23 11:36:07.0070
    11:36:07.0070 5028 SystemInfo:
    11:36:07.0070 5028
    11:36:07.0070 5028 OS Version: 6.1.7601 ServicePack: 1.0
    11:36:07.0070 5028 Product type: Workstation
    11:36:07.0070 5028 ComputerName: GREG-PC
    11:36:07.0070 5028 UserName: Greg
    11:36:07.0070 5028 Windows directory: C:\windows
    11:36:07.0070 5028 System windows directory: C:\windows
    11:36:07.0070 5028 Running under WOW64
    11:36:07.0070 5028 Processor architecture: Intel x64
    11:36:07.0070 5028 Number of processors: 2
    11:36:07.0070 5028 Page size: 0x1000
    11:36:07.0070 5028 Boot type: Normal boot
    11:36:07.0070 5028 ============================================================
    11:36:09.0442 5028 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:36:09.0442 5028 \Device\Harddisk0\DR0:
    11:36:09.0442 5028 MBR used
    11:36:09.0442 5028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
    11:36:09.0504 5028 Initialize success
    11:36:09.0504 5028 ============================================================
    11:36:37.0553 4280 ============================================================
    11:36:37.0553 4280 Scan started
    11:36:37.0553 4280 Mode: Manual;
    11:36:37.0553 4280 ============================================================
    11:36:39.0175 4280 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    11:36:39.0191 4280 1394ohci - ok
    11:36:39.0409 4280 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    11:36:39.0425 4280 ACPI - ok
    11:36:39.0628 4280 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    11:36:39.0628 4280 AcpiPmi - ok
    11:36:39.0799 4280 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:36:39.0799 4280 AdobeARMservice - ok
    11:36:40.0080 4280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    11:36:40.0127 4280 adp94xx - ok
    11:36:40.0299 4280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    11:36:40.0299 4280 adpahci - ok
    11:36:40.0455 4280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    11:36:40.0455 4280 adpu320 - ok
    11:36:40.0751 4280 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    11:36:40.0751 4280 AeLookupSvc - ok
    11:36:40.0907 4280 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    11:36:40.0923 4280 AFD - ok
    11:36:41.0079 4280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    11:36:41.0079 4280 agp440 - ok
    11:36:41.0281 4280 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    11:36:41.0281 4280 ALG - ok
    11:36:41.0469 4280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    11:36:41.0484 4280 aliide - ok
    11:36:41.0625 4280 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
    11:36:41.0625 4280 AMD External Events Utility - ok
    11:36:41.0890 4280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    11:36:41.0890 4280 amdide - ok
    11:36:42.0077 4280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    11:36:42.0077 4280 AmdK8 - ok
    11:36:42.0873 4280 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
    11:36:43.0138 4280 amdkmdag - ok
    11:36:43.0309 4280 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
    11:36:43.0325 4280 amdkmdap - ok
    11:36:43.0450 4280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    11:36:43.0450 4280 AmdPPM - ok
    11:36:43.0543 4280 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    11:36:43.0559 4280 amdsata - ok
    11:36:43.0715 4280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    11:36:43.0715 4280 amdsbs - ok
    11:36:43.0918 4280 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    11:36:43.0918 4280 amdxata - ok
    11:36:44.0370 4280 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
    11:36:44.0386 4280 amd_sata - ok
    11:36:44.0604 4280 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
    11:36:44.0604 4280 amd_xata - ok
    11:36:44.0932 4280 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    11:36:44.0932 4280 AppID - ok
    11:36:45.0150 4280 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    11:36:45.0166 4280 AppIDSvc - ok
    11:36:45.0353 4280 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    11:36:45.0353 4280 Appinfo - ok
    11:36:45.0540 4280 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:36:45.0540 4280 Apple Mobile Device - ok
    11:36:45.0696 4280 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    11:36:45.0696 4280 arc - ok
    11:36:45.0805 4280 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    11:36:45.0805 4280 arcsas - ok
    11:36:45.0930 4280 aspnet_state - ok
    11:36:46.0086 4280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    11:36:46.0102 4280 AsyncMac - ok
    11:36:46.0211 4280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    11:36:46.0211 4280 atapi - ok
    11:36:46.0398 4280 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    11:36:46.0414 4280 AudioEndpointBuilder - ok
    11:36:46.0445 4280 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    11:36:46.0461 4280 AudioSrv - ok
    11:36:46.0601 4280 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    11:36:46.0601 4280 AxInstSV - ok
    11:36:46.0757 4280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    11:36:46.0866 4280 b06bdrv - ok
    11:36:47.0038 4280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    11:36:47.0053 4280 b57nd60a - ok
    11:36:47.0147 4280 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    11:36:47.0147 4280 BDESVC - ok
    11:36:47.0256 4280 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    11:36:47.0256 4280 Beep - ok
    11:36:47.0397 4280 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    11:36:47.0412 4280 BFE - ok
    11:36:47.0880 4280 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
    11:36:47.0896 4280 BHDrvx64 - ok
    11:36:48.0145 4280 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
    11:36:48.0161 4280 BITS - ok
    11:36:48.0270 4280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    11:36:48.0286 4280 blbdrive - ok
    11:36:48.0473 4280 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    11:36:48.0473 4280 Bonjour Service - ok
    11:36:48.0723 4280 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    11:36:48.0769 4280 bowser - ok
    11:36:49.0222 4280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    11:36:49.0237 4280 BrFiltLo - ok
    11:36:49.0643 4280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    11:36:49.0643 4280 BrFiltUp - ok
    11:36:49.0830 4280 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    11:36:49.0830 4280 BridgeMP - ok
    11:36:49.0893 4280 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    11:36:49.0893 4280 Browser - ok
    11:36:50.0080 4280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    11:36:50.0080 4280 Brserid - ok
    11:36:50.0267 4280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    11:36:50.0267 4280 BrSerWdm - ok
    11:36:50.0501 4280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    11:36:50.0501 4280 BrUsbMdm - ok
    11:36:50.0595 4280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    11:36:50.0595 4280 BrUsbSer - ok
    11:36:50.0704 4280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    11:36:50.0719 4280 BTHMODEM - ok
    11:36:50.0829 4280 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    11:36:50.0844 4280 bthserv - ok
    11:36:50.0875 4280 catchme - ok
    11:36:51.0172 4280 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    11:36:51.0203 4280 cdfs - ok
    11:36:51.0297 4280 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    11:36:51.0297 4280 cdrom - ok
    11:36:51.0421 4280 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    11:36:51.0421 4280 CertPropSvc - ok
    11:36:51.0531 4280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    11:36:51.0562 4280 circlass - ok
    11:36:51.0671 4280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    11:36:51.0687 4280 CLFS - ok
    11:36:51.0780 4280 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:36:51.0780 4280 clr_optimization_v2.0.50727_32 - ok
    11:36:51.0858 4280 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:36:51.0874 4280 clr_optimization_v2.0.50727_64 - ok
    11:36:52.0014 4280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:36:52.0045 4280 clr_optimization_v4.0.30319_32 - ok
    11:36:52.0186 4280 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:36:52.0186 4280 clr_optimization_v4.0.30319_64 - ok
    11:36:52.0357 4280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    11:36:52.0357 4280 CmBatt - ok
    11:36:52.0545 4280 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    11:36:52.0545 4280 cmdide - ok
    11:36:52.0701 4280 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
    11:36:52.0747 4280 CNG - ok
    11:36:53.0013 4280 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
    11:36:53.0028 4280 CnxtHdAudService - ok
    11:36:53.0184 4280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    11:36:53.0200 4280 Compbatt - ok
    11:36:53.0325 4280 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    11:36:53.0325 4280 CompositeBus - ok
    11:36:53.0387 4280 COMSysApp - ok
    11:36:53.0590 4280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    11:36:53.0605 4280 crcdisk - ok
    11:36:53.0730 4280 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
    11:36:53.0730 4280 CryptSvc - ok
    11:36:53.0980 4280 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    11:36:54.0011 4280 cvhsvc - ok
    11:36:54.0183 4280 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\windows\system32\DRIVERS\CVirtA64.sys
    11:36:54.0183 4280 CVirtA - ok
    11:36:54.0354 4280 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    11:36:54.0370 4280 CVPND - ok
    11:36:54.0510 4280 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\windows\system32\Drivers\CVPNDRVA.sys
    11:36:54.0526 4280 CVPNDRVA - ok
    11:36:54.0807 4280 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    11:36:54.0822 4280 DcomLaunch - ok
    11:36:54.0963 4280 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    11:36:54.0963 4280 defragsvc - ok
    11:36:55.0119 4280 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    11:36:55.0134 4280 DfsC - ok
    11:36:55.0337 4280 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    11:36:55.0353 4280 Dhcp - ok
    11:36:55.0462 4280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    11:36:55.0477 4280 discache - ok
    11:36:55.0602 4280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    11:36:55.0618 4280 Disk - ok
    11:36:55.0789 4280 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\windows\system32\DRIVERS\dne64x.sys
    11:36:55.0789 4280 DNE - ok
    11:36:55.0914 4280 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    11:36:55.0914 4280 Dnscache - ok
    11:36:56.0195 4280 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    11:36:56.0211 4280 dot3svc - ok
    11:36:56.0257 4280 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    11:36:56.0273 4280 DPS - ok
    11:36:56.0398 4280 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    11:36:56.0413 4280 drmkaud - ok
    11:36:56.0569 4280 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    11:36:56.0585 4280 DXGKrnl - ok
    11:36:56.0679 4280 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    11:36:56.0679 4280 EapHost - ok
    11:36:56.0866 4280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    11:36:56.0975 4280 ebdrv - ok
    11:36:57.0131 4280 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    11:36:57.0162 4280 eeCtrl - ok
    11:36:57.0240 4280 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    11:36:57.0256 4280 EFS - ok
    11:36:57.0318 4280 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    11:36:57.0334 4280 ehRecvr - ok
    11:36:57.0427 4280 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    11:36:57.0427 4280 ehSched - ok
    11:36:57.0552 4280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    11:36:57.0568 4280 elxstor - ok
    11:36:57.0724 4280 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:36:57.0739 4280 EraserUtilRebootDrv - ok
    11:36:57.0833 4280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    11:36:57.0833 4280 ErrDev - ok
    11:36:57.0973 4280 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
    11:36:57.0989 4280 ETD - ok
    11:36:58.0129 4280 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    11:36:58.0129 4280 EventSystem - ok
    11:36:58.0223 4280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    11:36:58.0223 4280 exfat - ok
    11:36:58.0332 4280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    11:36:58.0348 4280 fastfat - ok
    11:36:58.0441 4280 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    11:36:58.0457 4280 Fax - ok
    11:36:58.0582 4280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    11:36:58.0597 4280 fdc - ok
    11:36:58.0691 4280 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    11:36:58.0691 4280 fdPHost - ok
    11:36:58.0800 4280 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    11:36:58.0800 4280 FDResPub - ok
    11:36:58.0941 4280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    11:36:58.0941 4280 FileInfo - ok
    11:36:59.0050 4280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    11:36:59.0050 4280 Filetrace - ok
    11:36:59.0175 4280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    11:36:59.0175 4280 flpydisk - ok
    11:36:59.0284 4280 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    11:36:59.0299 4280 FltMgr - ok
    11:36:59.0424 4280 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    11:36:59.0455 4280 FontCache - ok
    11:36:59.0533 4280 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:36:59.0533 4280 FontCache3.0.0.0 - ok
    11:36:59.0658 4280 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    11:36:59.0674 4280 FsDepends - ok
    11:36:59.0767 4280 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
    11:36:59.0767 4280 Fs_Rec - ok
    11:36:59.0908 4280 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    11:36:59.0908 4280 fvevol - ok
    11:37:00.0033 4280 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    11:37:00.0048 4280 FwLnk - ok
    11:37:00.0157 4280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    11:37:00.0157 4280 gagp30kx - ok
    11:37:00.0251 4280 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    11:37:00.0282 4280 GamesAppService - ok
    11:37:00.0438 4280 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    11:37:00.0438 4280 GEARAspiWDM - ok
    11:37:00.0594 4280 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\windows\system32\drivers\GIDv2.sys
    11:37:00.0594 4280 GIDv2 - ok
    11:37:00.0766 4280 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    11:37:00.0828 4280 gpsvc - ok
    11:37:01.0047 4280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    11:37:01.0047 4280 hcw85cir - ok
    11:37:01.0265 4280 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    11:37:01.0296 4280 HdAudAddService - ok
    11:37:01.0546 4280 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    11:37:01.0561 4280 HDAudBus - ok
    11:37:01.0671 4280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    11:37:01.0671 4280 HidBatt - ok
    11:37:01.0811 4280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    11:37:01.0811 4280 HidBth - ok
    11:37:01.0936 4280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    11:37:01.0967 4280 HidIr - ok
    11:37:02.0092 4280 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    11:37:02.0092 4280 hidserv - ok
    11:37:02.0217 4280 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
    11:37:02.0217 4280 HidUsb - ok
    11:37:02.0310 4280 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    11:37:02.0310 4280 hkmsvc - ok
    11:37:02.0404 4280 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    11:37:02.0419 4280 HomeGroupListener - ok
    11:37:02.0529 4280 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    11:37:02.0529 4280 HomeGroupProvider - ok
    11:37:02.0669 4280 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    11:37:02.0685 4280 HpSAMD - ok
    11:37:02.0903 4280 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    11:37:02.0934 4280 HTTP - ok
    11:37:03.0075 4280 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    11:37:03.0090 4280 hwpolicy - ok
    11:37:03.0215 4280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    11:37:03.0215 4280 i8042prt - ok
    11:37:03.0355 4280 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    11:37:03.0355 4280 iaStorV - ok
    11:37:03.0465 4280 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:37:03.0480 4280 idsvc - ok
    11:37:03.0855 4280 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSvia64.sys
    11:37:03.0870 4280 IDSVia64 - ok
    11:37:04.0089 4280 IDVaultSvc (3220c0f706e917fd9b1a01c800130171) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    11:37:04.0104 4280 IDVaultSvc - ok
    11:37:04.0213 4280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    11:37:04.0213 4280 iirsp - ok
    11:37:04.0463 4280 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    11:37:04.0494 4280 IKEEXT - ok
    11:37:04.0619 4280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    11:37:04.0635 4280 intelide - ok
    11:37:04.0822 4280 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
    11:37:04.0837 4280 intelppm - ok
    11:37:04.0947 4280 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    11:37:04.0947 4280 IPBusEnum - ok
    11:37:05.0056 4280 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    11:37:05.0071 4280 IpFilterDriver - ok
    11:37:05.0196 4280 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    11:37:05.0212 4280 iphlpsvc - ok
    11:37:05.0321 4280 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    11:37:05.0321 4280 IPMIDRV - ok
    11:37:05.0461 4280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    11:37:05.0461 4280 IPNAT - ok
    11:37:05.0664 4280 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
    11:37:05.0680 4280 iPod Service - ok
    11:37:05.0789 4280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    11:37:05.0805 4280 IRENUM - ok
    11:37:05.0898 4280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    11:37:05.0898 4280 isapnp - ok
    11:37:06.0007 4280 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    11:37:06.0039 4280 iScsiPrt - ok
    11:37:06.0195 4280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    11:37:06.0195 4280 kbdclass - ok
    11:37:06.0335 4280 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    11:37:06.0335 4280 kbdhid - ok
    11:37:06.0429 4280 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:37:06.0444 4280 KeyIso - ok
    11:37:06.0600 4280 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
    11:37:06.0616 4280 KSecDD - ok
    11:37:06.0756 4280 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
    11:37:06.0772 4280 KSecPkg - ok
    11:37:06.0959 4280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    11:37:07.0006 4280 ksthunk - ok
    11:37:07.0224 4280 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    11:37:07.0240 4280 KtmRm - ok
    11:37:07.0349 4280 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
    11:37:07.0365 4280 L1C - ok
    11:37:07.0599 4280 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
    11:37:07.0599 4280 LanmanServer - ok
    11:37:07.0739 4280 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    11:37:07.0755 4280 LanmanWorkstation - ok
    11:37:07.0942 4280 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    11:37:07.0942 4280 lltdio - ok
    11:37:08.0145 4280 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    11:37:08.0160 4280 lltdsvc - ok
    11:37:08.0238 4280 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    11:37:08.0254 4280 lmhosts - ok
    11:37:08.0394 4280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    11:37:08.0410 4280 LSI_FC - ok
    11:37:08.0613 4280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    11:37:08.0613 4280 LSI_SAS - ok
    11:37:08.0784 4280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    11:37:08.0800 4280 LSI_SAS2 - ok
    11:37:08.0909 4280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    11:37:08.0925 4280 LSI_SCSI - ok
    11:37:09.0034 4280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    11:37:09.0034 4280 luafv - ok
    11:37:09.0237 4280 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
    11:37:09.0237 4280 MBAMProtector - ok
    11:37:09.0471 4280 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:37:09.0486 4280 MBAMService - ok
    11:37:09.0595 4280 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    11:37:09.0611 4280 Mcx2Svc - ok
    11:37:09.0751 4280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    11:37:09.0751 4280 megasas - ok
    11:37:09.0892 4280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    11:37:09.0892 4280 MegaSR - ok
    11:37:10.0032 4280 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    11:37:10.0048 4280 MMCSS - ok
    11:37:10.0173 4280 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    11:37:10.0173 4280 Modem - ok
    11:37:10.0297 4280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    11:37:10.0297 4280 monitor - ok
    11:37:10.0453 4280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    11:37:10.0469 4280 mouclass - ok
    11:37:10.0594 4280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    11:37:10.0594 4280 mouhid - ok
    11:37:10.0812 4280 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    11:37:10.0812 4280 mountmgr - ok
    11:37:10.0984 4280 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    11:37:10.0984 4280 mpio - ok
    11:37:11.0077 4280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    11:37:11.0077 4280 mpsdrv - ok
    11:37:11.0265 4280 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    11:37:11.0343 4280 MpsSvc - ok
    11:37:11.0483 4280 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    11:37:11.0483 4280 MRxDAV - ok
    11:37:11.0577 4280 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    11:37:11.0577 4280 mrxsmb - ok
    11:37:11.0733 4280 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    11:37:11.0764 4280 mrxsmb10 - ok
    11:37:11.0951 4280 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    11:37:11.0951 4280 mrxsmb20 - ok
    11:37:12.0060 4280 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
    11:37:12.0060 4280 msahci - ok
    11:37:12.0138 4280 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    11:37:12.0138 4280 msdsm - ok
    11:37:12.0247 4280 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    11:37:12.0247 4280 MSDTC - ok
    11:37:12.0372 4280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    11:37:12.0372 4280 Msfs - ok
    11:37:12.0481 4280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    11:37:12.0481 4280 mshidkmdf - ok
    11:37:12.0653 4280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    11:37:12.0653 4280 msisadrv - ok
    11:37:12.0778 4280 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    11:37:12.0809 4280 MSiSCSI - ok
    11:37:12.0903 4280 msiserver - ok
    11:37:13.0074 4280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    11:37:13.0090 4280 MSKSSRV - ok
    11:37:13.0199 4280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    11:37:13.0199 4280 MSPCLOCK - ok
    11:37:13.0339 4280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    11:37:13.0355 4280 MSPQM - ok
    11:37:13.0449 4280 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    11:37:13.0464 4280 MsRPC - ok
    11:37:13.0620 4280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    11:37:13.0620 4280 mssmbios - ok
    11:37:13.0729 4280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    11:37:13.0729 4280 MSTEE - ok
    11:37:13.0854 4280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    11:37:13.0854 4280 MTConfig - ok
    11:37:13.0979 4280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    11:37:13.0979 4280 Mup - ok
    11:37:14.0213 4280 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    11:37:14.0229 4280 N360 - ok
    11:37:14.0353 4280 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    11:37:14.0369 4280 napagent - ok
    11:37:14.0556 4280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    11:37:14.0572 4280 NativeWifiP - ok
    11:37:14.0868 4280 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120321.032\ENG64.SYS
    11:37:14.0868 4280 NAVENG - ok
    11:37:15.0352 4280 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120321.032\EX64.SYS
    11:37:15.0383 4280 NAVEX15 - ok
    11:37:15.0586 4280 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    11:37:15.0617 4280 NDIS - ok
    11:37:15.0711 4280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    11:37:15.0726 4280 NdisCap - ok
    11:37:15.0851 4280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    11:37:15.0882 4280 NdisTapi - ok
    11:37:16.0007 4280 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    11:37:16.0007 4280 Ndisuio - ok
    11:37:16.0147 4280 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    11:37:16.0163 4280 NdisWan - ok
    11:37:16.0241 4280 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    11:37:16.0241 4280 NDProxy - ok
    11:37:16.0350 4280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    11:37:16.0366 4280 NetBIOS - ok
    11:37:16.0522 4280 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    11:37:16.0537 4280 NetBT - ok
    11:37:16.0662 4280 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:37:16.0662 4280 Netlogon - ok
    11:37:16.0803 4280 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    11:37:16.0818 4280 Netman - ok
    11:37:16.0974 4280 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    11:37:16.0974 4280 netprofm - ok
    11:37:17.0099 4280 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:37:17.0115 4280 NetTcpPortSharing - ok
    11:37:17.0239 4280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    11:37:17.0255 4280 nfrd960 - ok
    11:37:17.0364 4280 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    11:37:17.0364 4280 NlaSvc - ok
    11:37:17.0489 4280 Norton PC Checkup Application Launcher - ok
    11:37:17.0598 4280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    11:37:17.0614 4280 Npfs - ok
    11:37:17.0676 4280 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    11:37:17.0676 4280 nsi - ok
    11:37:17.0785 4280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    11:37:17.0785 4280 nsiproxy - ok
    11:37:18.0082 4280 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    11:37:18.0144 4280 Ntfs - ok
    11:37:18.0222 4280 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    11:37:18.0222 4280 Null - ok
    11:37:18.0363 4280 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    11:37:18.0363 4280 nvraid - ok
    11:37:18.0550 4280 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    11:37:18.0565 4280 nvstor - ok
    11:37:18.0690 4280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    11:37:18.0690 4280 nv_agp - ok
    11:37:18.0846 4280 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:37:18.0877 4280 odserv - ok
    11:37:18.0987 4280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    11:37:18.0987 4280 ohci1394 - ok
    11:37:19.0143 4280 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:37:19.0158 4280 ose - ok
    11:37:19.0423 4280 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    11:37:19.0595 4280 osppsvc - ok
    11:37:19.0829 4280 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    11:37:19.0829 4280 p2pimsvc - ok
    11:37:19.0907 4280 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    11:37:19.0923 4280 p2psvc - ok
    11:37:20.0047 4280 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    11:37:20.0047 4280 Parport - ok
    11:37:20.0203 4280 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
    11:37:20.0219 4280 partmgr - ok
    11:37:20.0266 4280 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    11:37:20.0281 4280 PcaSvc - ok
    11:37:20.0391 4280 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    11:37:20.0391 4280 PCCUJobMgr - ok
    11:37:20.0484 4280 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    11:37:20.0500 4280 pci - ok
    11:37:20.0609 4280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    11:37:20.0609 4280 pciide - ok
    11:37:20.0781 4280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    11:37:20.0796 4280 pcmcia - ok
    11:37:20.0890 4280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    11:37:20.0890 4280 pcw - ok
    11:37:21.0046 4280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    11:37:21.0061 4280 PEAUTH - ok
    11:37:21.0139 4280 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    11:37:21.0155 4280 PerfHost - ok
    11:37:21.0327 4280 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    11:37:21.0342 4280 PGEffect - ok
    11:37:21.0498 4280 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    11:37:21.0514 4280 pla - ok
    11:37:21.0639 4280 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    11:37:21.0654 4280 PlugPlay - ok
    11:37:21.0763 4280 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    11:37:21.0779 4280 PNRPAutoReg - ok
    11:37:21.0857 4280 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    11:37:21.0857 4280 PNRPsvc - ok
    11:37:21.0997 4280 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    11:37:21.0997 4280 PolicyAgent - ok
    11:37:22.0122 4280 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    11:37:22.0138 4280 Power - ok
    11:37:22.0278 4280 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    11:37:22.0309 4280 PptpMiniport - ok
    11:37:22.0419 4280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    11:37:22.0419 4280 Processor - ok
    11:37:22.0559 4280 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
    11:37:22.0559 4280 ProfSvc - ok
    11:37:22.0653 4280 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:37:22.0653 4280 ProtectedStorage - ok
    11:37:22.0762 4280 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    11:37:22.0777 4280 Psched - ok
    11:37:22.0949 4280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    11:37:22.0980 4280 ql2300 - ok
    11:37:23.0121 4280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    11:37:23.0136 4280 ql40xx - ok
    11:37:23.0230 4280 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    11:37:23.0230 4280 QWAVE - ok
    11:37:23.0401 4280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    11:37:23.0401 4280 QWAVEdrv - ok
    11:37:23.0480 4280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    11:37:23.0496 4280 RasAcd - ok
    11:37:23.0574 4280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    11:37:23.0574 4280 RasAgileVpn - ok
    11:37:23.0714 4280 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    11:37:23.0714 4280 RasAuto - ok
    11:37:23.0808 4280 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    11:37:23.0808 4280 Rasl2tp - ok
    11:37:23.0948 4280 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    11:37:23.0964 4280 RasMan - ok
    11:37:24.0136 4280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    11:37:24.0136 4280 RasPppoe - ok
    11:37:24.0260 4280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    11:37:24.0260 4280 RasSstp - ok
    11:37:24.0448 4280 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    11:37:24.0463 4280 rdbss - ok
    11:37:24.0588 4280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    11:37:24.0588 4280 rdpbus - ok
    11:37:24.0697 4280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    11:37:24.0713 4280 RDPCDD - ok
    11:37:24.0838 4280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    11:37:24.0838 4280 RDPENCDD - ok
    11:37:24.0947 4280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    11:37:24.0962 4280 RDPREFMP - ok
    11:37:25.0087 4280 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
    11:37:25.0103 4280 RDPWD - ok
    11:37:25.0212 4280 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    11:37:25.0228 4280 rdyboost - ok
    11:37:25.0384 4280 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    11:37:25.0399 4280 RemoteAccess - ok
    11:37:25.0524 4280 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    11:37:25.0555 4280 RemoteRegistry - ok
    11:37:25.0727 4280 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    11:37:25.0727 4280 RpcEptMapper - ok
    11:37:25.0820 4280 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    11:37:25.0836 4280 RpcLocator - ok
    11:37:25.0976 4280 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    11:37:25.0992 4280 RpcSs - ok
    11:37:26.0086 4280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    11:37:26.0101 4280 rspndr - ok
    11:37:26.0242 4280 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
    11:37:26.0273 4280 RSUSBSTOR - ok
    11:37:26.0538 4280 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    11:37:26.0569 4280 RTL8192Ce - ok
    11:37:26.0663 4280 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:37:26.0663 4280 SamSs - ok
    11:37:26.0819 4280 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    11:37:26.0834 4280 sbp2port - ok
    11:37:26.0990 4280 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    11:37:26.0990 4280 SCardSvr - ok
    11:37:27.0100 4280 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    11:37:27.0100 4280 scfilter - ok
    11:37:27.0209 4280 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    11:37:27.0224 4280 Schedule - ok
    11:37:27.0287 4280 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    11:37:27.0302 4280 SCPolicySvc - ok
    11:37:27.0458 4280 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    11:37:27.0458 4280 SDRSVC - ok
    11:37:27.0552 4280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    11:37:27.0552 4280 secdrv - ok
    11:37:27.0614 4280 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    11:37:27.0630 4280 seclogon - ok
    11:37:27.0692 4280 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    11:37:27.0692 4280 SENS - ok
    11:37:27.0755 4280 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    11:37:27.0755 4280 SensrSvc - ok
    11:37:27.0848 4280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    11:37:27.0848 4280 Serenum - ok
    11:37:27.0942 4280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    11:37:27.0958 4280 Serial - ok
    11:37:28.0036 4280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    11:37:28.0067 4280 sermouse - ok
    11:37:28.0176 4280 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    11:37:28.0238 4280 SessionEnv - ok
    11:37:28.0332 4280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    11:37:28.0332 4280 sffdisk - ok
    11:37:28.0472 4280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    11:37:28.0472 4280 sffp_mmc - ok
    11:37:28.0550 4280 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    11:37:28.0566 4280 sffp_sd - ok
    11:37:28.0628 4280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    11:37:28.0644 4280 sfloppy - ok
    11:37:28.0862 4280 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
    11:37:28.0878 4280 Sftfs - ok
    11:37:29.0081 4280 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    11:37:29.0096 4280 sftlist - ok
    11:37:29.0299 4280 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
    11:37:29.0299 4280 Sftplay - ok
    11:37:29.0518 4280 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
    11:37:29.0533 4280 Sftredir - ok
    11:37:29.0658 4280 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
    11:37:29.0674 4280 Sftvol - ok
    11:37:29.0798 4280 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    11:37:29.0798 4280 sftvsa - ok
    11:37:29.0861 4280 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    11:37:29.0876 4280 SharedAccess - ok
    11:37:29.0954 4280 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    11:37:29.0986 4280 ShellHWDetection - ok
    11:37:30.0079 4280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    11:37:30.0079 4280 SiSRaid2 - ok
    11:37:30.0157 4280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    11:37:30.0173 4280 SiSRaid4 - ok
    11:37:30.0282 4280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    11:37:30.0282 4280 Smb - ok
    11:37:30.0391 4280 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    11:37:30.0407 4280 SNMPTRAP - ok
    11:37:30.0469 4280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    11:37:30.0485 4280 spldr - ok
    11:37:30.0594 4280 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    11:37:30.0610 4280 Spooler - ok
    11:37:30.0797 4280 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    11:37:30.0890 4280 sppsvc - ok
    11:37:30.0984 4280 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    11:37:31.0000 4280 sppuinotify - ok
    11:37:31.0202 4280 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
    11:37:31.0218 4280 SRTSP - ok
    11:37:31.0390 4280 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
    11:37:31.0390 4280 SRTSPX - ok
    11:37:31.0530 4280 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    11:37:31.0546 4280 srv - ok
    11:37:31.0639 4280 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    11:37:31.0655 4280 srv2 - ok
    11:37:31.0748 4280 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    11:37:31.0764 4280 srvnet - ok
    11:37:31.0858 4280 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    11:37:31.0858 4280 SSDPSRV - ok
    11:37:31.0951 4280 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    11:37:31.0951 4280 SstpSvc - ok
    11:37:32.0029 4280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    11:37:32.0045 4280 stexstor - ok
    11:37:32.0138 4280 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
    11:37:32.0154 4280 StillCam - ok
    11:37:32.0263 4280 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    11:37:32.0279 4280 stisvc - ok
    11:37:32.0372 4280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    11:37:32.0372 4280 swenum - ok
    11:37:32.0450 4280 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    11:37:32.0466 4280 swprv - ok
    11:37:32.0638 4280 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
    11:37:32.0653 4280 SymDS - ok
    11:37:32.0825 4280 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
    11:37:32.0872 4280 SymEFA - ok
    11:37:32.0996 4280 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    11:37:32.0996 4280 SymEvent - ok
    11:37:33.0152 4280 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
    11:37:33.0152 4280 SymIRON - ok
    11:37:33.0293 4280 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
    11:37:33.0293 4280 SymNetS - ok
    11:37:33.0418 4280 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    11:37:33.0449 4280 SysMain - ok
    11:37:33.0511 4280 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    11:37:33.0527 4280 TabletInputService - ok
    11:37:33.0574 4280 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    11:37:33.0589 4280 TapiSrv - ok
    11:37:33.0652 4280 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    11:37:33.0652 4280 TBS - ok
    11:37:33.0792 4280 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
    11:37:33.0870 4280 Tcpip - ok
    11:37:34.0026 4280 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
    11:37:34.0042 4280 TCPIP6 - ok
    11:37:34.0135 4280 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    11:37:34.0151 4280 tcpipreg - ok
    11:37:34.0244 4280 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    11:37:34.0244 4280 tdcmdpst - ok
    11:37:34.0322 4280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    11:37:34.0338 4280 TDPIPE - ok
    11:37:34.0432 4280 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    11:37:34.0463 4280 TDTCP - ok
    11:37:34.0572 4280 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    11:37:34.0588 4280 tdx - ok
    11:37:34.0666 4280 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    11:37:34.0666 4280 TermDD - ok
    11:37:34.0853 4280 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    11:37:34.0868 4280 TermService - ok
    11:37:34.0978 4280 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    11:37:34.0993 4280 Themes - ok
    11:37:35.0087 4280 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    11:37:35.0087 4280 THREADORDER - ok
    11:37:35.0227 4280 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    11:37:35.0258 4280 TMachInfo - ok
    11:37:35.0368 4280 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    11:37:35.0383 4280 TODDSrv - ok
    11:37:35.0477 4280 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    11:37:35.0492 4280 TosCoSrv - ok
    11:37:35.0618 4280 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    11:37:35.0634 4280 TOSHIBA HDD SSD Alert Service - ok
    11:37:35.0743 4280 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    11:37:35.0743 4280 TrkWks - ok
    11:37:35.0852 4280 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    11:37:35.0868 4280 TrustedInstaller - ok
    11:37:36.0024 4280 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    11:37:36.0024 4280 tssecsrv - ok
    11:37:36.0149 4280 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    11:37:36.0149 4280 TsUsbFlt - ok
    11:37:36.0258 4280 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    11:37:36.0273 4280 TsUsbGD - ok
    11:37:36.0383 4280 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    11:37:36.0383 4280 tunnel - ok
    11:37:36.0492 4280 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    11:37:36.0492 4280 TVALZ - ok
    11:37:36.0617 4280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    11:37:36.0648 4280 uagp35 - ok
    11:37:36.0788 4280 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    11:37:36.0804 4280 udfs - ok
    11:37:36.0913 4280 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    11:37:36.0913 4280 UI0Detect - ok
    11:37:37.0007 4280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    11:37:37.0022 4280 uliagpkx - ok
    11:37:37.0131 4280 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    11:37:37.0147 4280 umbus - ok
    11:37:37.0272 4280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    11:37:37.0272 4280 UmPass - ok
    11:37:37.0381 4280 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    11:37:37.0397 4280 upnphost - ok
    11:37:37.0506 4280 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    11:37:37.0506 4280 usbccgp - ok
    11:37:37.0615 4280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    11:37:37.0631 4280 usbcir - ok
    11:37:37.0755 4280 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    11:37:37.0755 4280 usbehci - ok
    11:37:37.0896 4280 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    11:37:37.0943 4280 usbhub - ok
    11:37:38.0036 4280 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
    11:37:38.0036 4280 usbohci - ok
    11:37:38.0145 4280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    11:37:38.0161 4280 usbprint - ok
    11:37:38.0270 4280 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    11:37:38.0270 4280 USBSTOR - ok
    11:37:38.0379 4280 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    11:37:38.0379 4280 usbuhci - ok
    11:37:38.0520 4280 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    11:37:38.0520 4280 usbvideo - ok
    11:37:38.0598 4280 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    11:37:38.0598 4280 UxSms - ok
    11:37:38.0707 4280 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:37:38.0723 4280 VaultSvc - ok
    11:37:38.0816 4280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    11:37:38.0832 4280 vdrvroot - ok
    11:37:38.0972 4280 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    11:37:38.0988 4280 vds - ok
    11:37:39.0097 4280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    11:37:39.0097 4280 vga - ok
    11:37:39.0206 4280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    11:37:39.0206 4280 VgaSave - ok
    11:37:39.0347 4280 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    11:37:39.0393 4280 vhdmp - ok
    11:37:39.0487 4280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    11:37:39.0503 4280 viaide - ok
    11:37:39.0612 4280 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    11:37:39.0627 4280 volmgr - ok
    11:37:39.0768 4280 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    11:37:39.0783 4280 volmgrx - ok
    11:37:39.0908 4280 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    11:37:39.0908 4280 volsnap - ok
    11:37:40.0064 4280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    11:37:40.0080 4280 vsmraid - ok
    11:37:40.0251 4280 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    11:37:40.0314 4280 VSS - ok
    11:37:40.0454 4280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    11:37:40.0454 4280 vwifibus - ok
    11:37:40.0563 4280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    11:37:40.0579 4280 vwififlt - ok
    11:37:40.0719 4280 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    11:37:40.0735 4280 W32Time - ok
    11:37:40.0891 4280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    11:37:40.0891 4280 WacomPen - ok
    11:37:41.0031 4280 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    11:37:41.0031 4280 WANARP - ok
    11:37:41.0063 4280 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    11:37:41.0063 4280 Wanarpv6 - ok
    11:37:41.0265 4280 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    11:37:41.0328 4280 WatAdminSvc - ok
    11:37:41.0499 4280 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    11:37:41.0546 4280 wbengine - ok
    11:37:41.0624 4280 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    11:37:41.0640 4280 WbioSrvc - ok
    11:37:41.0749 4280 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    11:37:41.0765 4280 wcncsvc - ok
    11:37:41.0843 4280 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    11:37:41.0843 4280 WcsPlugInService - ok
    11:37:41.0967 4280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    11:37:41.0967 4280 Wd - ok
    11:37:42.0123 4280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    11:37:42.0155 4280 Wdf01000 - ok
    11:37:42.0279 4280 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    11:37:42.0279 4280 WdiServiceHost - ok
    11:37:42.0311 4280 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    11:37:42.0311 4280 WdiSystemHost - ok
    11:37:42.0420 4280 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    11:37:42.0435 4280 WebClient - ok
    11:37:42.0513 4280 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    11:37:42.0529 4280 Wecsvc - ok
    11:37:42.0669 4280 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    11:37:42.0669 4280 wercplsupport - ok
    11:37:42.0794 4280 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    11:37:42.0794 4280 WerSvc - ok
    11:37:42.0903 4280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    11:37:42.0903 4280 WfpLwf - ok
    11:37:43.0075 4280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    11:37:43.0075 4280 WIMMount - ok
    11:37:43.0153 4280 WinDefend - ok
    11:37:43.0169 4280 WinHttpAutoProxySvc - ok
    11:37:43.0309 4280 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    11:37:43.0325 4280 Winmgmt - ok
    11:37:43.0434 4280 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    11:37:43.0465 4280 WinRM - ok
    11:37:43.0605 4280 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    11:37:43.0621 4280 Wlansvc - ok
    11:37:43.0730 4280 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    11:37:43.0761 4280 wlcrasvc - ok
    11:37:43.0995 4280 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:37:44.0089 4280 wlidsvc - ok
    11:37:44.0183 4280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    11:37:44.0183 4280 WmiAcpi - ok
    11:37:44.0261 4280 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    11:37:44.0276 4280 wmiApSrv - ok
    11:37:44.0354 4280 WMPNetworkSvc - ok
    11:37:44.0463 4280 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    11:37:44.0479 4280 WPCSvc - ok
    11:37:44.0557 4280 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    11:37:44.0573 4280 WPDBusEnum - ok
    11:37:44.0729 4280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    11:37:44.0729 4280 ws2ifsl - ok
    11:37:44.0807 4280 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
    11:37:44.0822 4280 wscsvc - ok
    11:37:44.0947 4280 WSearch - ok
    11:37:45.0181 4280 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
    11:37:45.0275 4280 wuauserv - ok
    11:37:45.0446 4280 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    11:37:45.0446 4280 WudfPf - ok
    11:37:45.0696 4280 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    11:37:45.0711 4280 WUDFRd - ok
    11:37:45.0789 4280 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    11:37:45.0805 4280 wudfsvc - ok
    11:37:45.0930 4280 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    11:37:45.0945 4280 WwanSvc - ok
    11:37:45.0992 4280 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    11:37:46.0101 4280 \Device\Harddisk0\DR0 - ok
    11:37:46.0133 4280 Boot (0x1200) (de8590baa713dfec22a1b646ac041426) \Device\Harddisk0\DR0\Partition0
    11:37:46.0133 4280 \Device\Harddisk0\DR0\Partition0 - ok
    11:37:46.0133 4280 ============================================================
    11:37:46.0133 4280 Scan finished
    11:37:46.0133 4280 ============================================================
    11:37:46.0164 3788 Detected object count: 0
    11:37:46.0164 3788 Actual detected object count: 0
    11:38:08.0581 4516 ============================================================
    11:38:08.0581 4516 Scan started
    11:38:08.0581 4516 Mode: Manual;
    11:38:08.0581 4516 ============================================================
    11:38:09.0423 4516 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    11:38:09.0423 4516 1394ohci - ok
    11:38:09.0579 4516 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    11:38:09.0579 4516 ACPI - ok
    11:38:09.0704 4516 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    11:38:09.0704 4516 AcpiPmi - ok
    11:38:09.0907 4516 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:38:09.0923 4516 AdobeARMservice - ok
    11:38:10.0079 4516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    11:38:10.0079 4516 adp94xx - ok
    11:38:10.0219 4516 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    11:38:10.0219 4516 adpahci - ok
    11:38:10.0375 4516 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    11:38:10.0391 4516 adpu320 - ok
    11:38:10.0515 4516 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    11:38:10.0515 4516 AeLookupSvc - ok
    11:38:10.0703 4516 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    11:38:10.0703 4516 AFD - ok
    11:38:10.0921 4516 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    11:38:10.0921 4516 agp440 - ok
    11:38:11.0061 4516 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    11:38:11.0077 4516 ALG - ok
    11:38:11.0217 4516 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    11:38:11.0233 4516 aliide - ok
    11:38:11.0295 4516 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
    11:38:11.0295 4516 AMD External Events Utility - ok
    11:38:11.0420 4516 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    11:38:11.0420 4516 amdide - ok
    11:38:11.0576 4516 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    11:38:11.0576 4516 AmdK8 - ok
    11:38:12.0091 4516 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
    11:38:12.0200 4516 amdkmdag - ok
    11:38:12.0294 4516 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
    11:38:12.0294 4516 amdkmdap - ok
    11:38:12.0450 4516 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    11:38:12.0450 4516 AmdPPM - ok
    11:38:12.0746 4516 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    11:38:12.0762 4516 amdsata - ok
    11:38:12.0871 4516 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    11:38:12.0871 4516 amdsbs - ok
    11:38:12.0965 4516 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    11:38:12.0965 4516 amdxata - ok
    11:38:13.0058 4516 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
    11:38:13.0058 4516 amd_sata - ok
    11:38:13.0152 4516 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
    11:38:13.0152 4516 amd_xata - ok
    11:38:13.0230 4516 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    11:38:13.0245 4516 AppID - ok
    11:38:13.0308 4516 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    11:38:13.0308 4516 AppIDSvc - ok
    11:38:13.0386 4516 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    11:38:13.0386 4516 Appinfo - ok
    11:38:13.0589 4516 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:38:13.0589 4516 Apple Mobile Device - ok
    11:38:13.0698 4516 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    11:38:13.0698 4516 arc - ok
    11:38:13.0791 4516 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    11:38:13.0807 4516 arcsas - ok
    11:38:13.0869 4516 aspnet_state - ok
    11:38:13.0932 4516 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    11:38:13.0947 4516 AsyncMac - ok
    11:38:14.0025 4516 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    11:38:14.0025 4516 atapi - ok
    11:38:14.0135 4516 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    11:38:14.0150 4516 AudioEndpointBuilder - ok
    11:38:14.0166 4516 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    11:38:14.0181 4516 AudioSrv - ok
    11:38:14.0259 4516 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    11:38:14.0259 4516 AxInstSV - ok
    11:38:14.0353 4516 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    11:38:14.0369 4516 b06bdrv - ok
    11:38:14.0447 4516 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    11:38:14.0447 4516 b57nd60a - ok
    11:38:14.0525 4516 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    11:38:14.0525 4516 BDESVC - ok
    11:38:14.0649 4516 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    11:38:14.0649 4516 Beep - ok
    11:38:14.0743 4516 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    11:38:14.0759 4516 BFE - ok
    11:38:15.0008 4516 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
    11:38:15.0024 4516 BHDrvx64 - ok
    11:38:15.0133 4516 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
    11:38:15.0149 4516 BITS - ok
    11:38:15.0227 4516 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    11:38:15.0227 4516 blbdrive - ok
    11:38:15.0305 4516 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    11:38:15.0305 4516 Bonjour Service - ok
    11:38:15.0398 4516 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    11:38:15.0398 4516 bowser - ok
    11:38:15.0461 4516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    11:38:15.0461 4516 BrFiltLo - ok
    11:38:15.0539 4516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    11:38:15.0539 4516 BrFiltUp - ok
    11:38:15.0617 4516 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    11:38:15.0632 4516 BridgeMP - ok
    11:38:15.0695 4516 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    11:38:15.0710 4516 Browser - ok
    11:38:15.0804 4516 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    11:38:15.0804 4516 Brserid - ok
    11:38:15.0897 4516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    11:38:15.0897 4516 BrSerWdm - ok
    11:38:15.0991 4516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    11:38:16.0007 4516 BrUsbMdm - ok
    11:38:16.0085 4516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    11:38:16.0085 4516 BrUsbSer - ok
    11:38:16.0163 4516 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    11:38:16.0178 4516 BTHMODEM - ok
    11:38:16.0256 4516 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    11:38:16.0256 4516 bthserv - ok
    11:38:16.0272 4516 catchme - ok
    11:38:16.0381 4516 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    11:38:16.0381 4516 cdfs - ok
    11:38:16.0475 4516 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    11:38:16.0475 4516 cdrom - ok
    11:38:16.0568 4516 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    11:38:16.0568 4516 CertPropSvc - ok
    11:38:16.0677 4516 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    11:38:16.0677 4516 circlass - ok
    11:38:16.0755 4516 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    11:38:16.0771 4516 CLFS - ok
    11:38:16.0849 4516 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:38:16.0849 4516 clr_optimization_v2.0.50727_32 - ok
    11:38:16.0943 4516 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:38:16.0943 4516 clr_optimization_v2.0.50727_64 - ok
    11:38:17.0036 4516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:38:17.0036 4516 clr_optimization_v4.0.30319_32 - ok
    11:38:17.0145 4516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:38:17.0145 4516 clr_optimization_v4.0.30319_64 - ok
    11:38:17.0286 4516 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    11:38:17.0286 4516 CmBatt - ok
    11:38:17.0379 4516 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    11:38:17.0379 4516 cmdide - ok
    11:38:17.0473 4516 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
    11:38:17.0489 4516 CNG - ok
    11:38:17.0613 4516 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
    11:38:17.0629 4516 CnxtHdAudService - ok
    11:38:17.0707 4516 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    11:38:17.0707 4516 Compbatt - ok
    11:38:17.0801 4516 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    11:38:17.0801 4516 CompositeBus - ok
    11:38:17.0832 4516 COMSysApp - ok
    11:38:17.0879 4516 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    11:38:17.0879 4516 crcdisk - ok
    11:38:17.0972 4516 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
    11:38:17.0972 4516 CryptSvc - ok
    11:38:18.0144 4516 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    11:38:18.0144 4516 cvhsvc - ok
    11:38:18.0237 4516 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\windows\system32\DRIVERS\CVirtA64.sys
    11:38:18.0237 4516 CVirtA - ok
    11:38:18.0347 4516 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    11:38:18.0378 4516 CVPND - ok
    11:38:18.0456 4516 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\windows\system32\Drivers\CVPNDRVA.sys
    11:38:18.0456 4516 CVPNDRVA - ok
    11:38:18.0534 4516 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    11:38:18.0549 4516 DcomLaunch - ok
    11:38:18.0674 4516 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    11:38:18.0674 4516 defragsvc - ok
    11:38:18.0861 4516 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    11:38:18.0861 4516 DfsC - ok
    11:38:19.0049 4516 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    11:38:19.0049 4516 Dhcp - ok
    11:38:19.0236 4516 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    11:38:19.0236 4516 discache - ok
    11:38:19.0485 4516 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    11:38:19.0485 4516 Disk - ok
    11:38:19.0673 4516 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\windows\system32\DRIVERS\dne64x.sys
    11:38:19.0688 4516 DNE - ok
    11:38:19.0891 4516 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    11:38:19.0891 4516 Dnscache - ok
    11:38:20.0109 4516 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    11:38:20.0109 4516 dot3svc - ok
    11:38:20.0343 4516 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    11:38:20.0343 4516 DPS - ok
    11:38:20.0437 4516 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    11:38:20.0437 4516 drmkaud - ok
    11:38:20.0624 4516 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    11:38:20.0640 4516 DXGKrnl - ok
    11:38:20.0765 4516 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    11:38:20.0765 4516 EapHost - ok
    11:38:21.0108 4516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    11:38:21.0139 4516 ebdrv - ok
    11:38:21.0342 4516 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    11:38:21.0342 4516 eeCtrl - ok
    11:38:21.0420 4516 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    11:38:21.0420 4516 EFS - ok
    11:38:21.0545 4516 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    11:38:21.0560 4516 ehRecvr - ok
    11:38:21.0623 4516 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    11:38:21.0623 4516 ehSched - ok
    11:38:21.0794 4516 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    11:38:21.0810 4516 elxstor - ok
    11:38:21.0997 4516 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:38:21.0997 4516 EraserUtilRebootDrv - ok
    11:38:22.0106 4516 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    11:38:22.0106 4516 ErrDev - ok
    11:38:22.0247 4516 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
    11:38:22.0247 4516 ETD - ok
    11:38:22.0371 4516 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    11:38:22.0387 4516 EventSystem - ok
    11:38:22.0590 4516 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    11:38:22.0590 4516 exfat - ok
    11:38:22.0808 4516 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    11:38:22.0808 4516 fastfat - ok
    11:38:23.0073 4516 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    11:38:23.0089 4516 Fax - ok
    11:38:23.0183 4516 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    11:38:23.0183 4516 fdc - ok
    11:38:23.0339 4516 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    11:38:23.0339 4516 fdPHost - ok
    11:38:23.0448 4516 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    11:38:23.0448 4516 FDResPub - ok
    11:38:23.0573 4516 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    11:38:23.0588 4516 FileInfo - ok
    11:38:23.0729 4516 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    11:38:23.0729 4516 Filetrace - ok
    11:38:23.0838 4516 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    11:38:23.0838 4516 flpydisk - ok
    11:38:23.0931 4516 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    11:38:23.0947 4516 FltMgr - ok
    11:38:24.0243 4516 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    11:38:24.0259 4516 FontCache - ok
    11:38:24.0399 4516 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:38:24.0399 4516 FontCache3.0.0.0 - ok
    11:38:24.0540 4516 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    11:38:24.0540 4516 FsDepends - ok
    11:38:24.0696 4516 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
    11:38:24.0696 4516 Fs_Rec - ok
    11:38:24.0836 4516 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    11:38:24.0836 4516 fvevol - ok
    11:38:25.0023 4516 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    11:38:25.0023 4516 FwLnk - ok
    11:38:25.0195 4516 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    11:38:25.0195 4516 gagp30kx - ok
    11:38:25.0335 4516 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    11:38:25.0335 4516 GamesAppService - ok
    11:38:25.0492 4516 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    11:38:25.0492 4516 GEARAspiWDM - ok
    11:38:25.0616 4516 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\windows\system32\drivers\GIDv2.sys
    11:38:25.0616 4516 GIDv2 - ok
    11:38:25.0710 4516 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    11:38:25.0710 4516 gpsvc - ok
    11:38:25.0882 4516 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    11:38:25.0882 4516 hcw85cir - ok
    11:38:25.0975 4516 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    11:38:25.0991 4516 HdAudAddService - ok
    11:38:26.0084 4516 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    11:38:26.0084 4516 HDAudBus - ok
    11:38:26.0209 4516 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    11:38:26.0209 4516 HidBatt - ok
    11:38:26.0443 4516 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    11:38:26.0443 4516 HidBth - ok
    11:38:26.0708 4516 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    11:38:26.0708 4516 HidIr - ok
    11:38:26.0896 4516 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    11:38:26.0896 4516 hidserv - ok
    11:38:26.0958 4516 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
    11:38:26.0974 4516 HidUsb - ok
    11:38:27.0239 4516 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    11:38:27.0239 4516 hkmsvc - ok
    11:38:27.0332 4516 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    11:38:27.0332 4516 HomeGroupListener - ok
    11:38:27.0426 4516 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    11:38:27.0426 4516 HomeGroupProvider - ok
    11:38:27.0582 4516 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    11:38:27.0582 4516 HpSAMD - ok
    11:38:27.0738 4516 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    11:38:27.0738 4516 HTTP - ok
    11:38:27.0878 4516 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    11:38:27.0878 4516 hwpolicy - ok
    11:38:28.0034 4516 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    11:38:28.0034 4516 i8042prt - ok
    11:38:28.0237 4516 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    11:38:28.0253 4516 iaStorV - ok
    11:38:28.0471 4516 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:38:28.0487 4516 idsvc - ok
    11:38:28.0783 4516 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSvia64.sys
    11:38:28.0783 4516 IDSVia64 - ok
    11:38:28.0924 4516 IDVaultSvc (3220c0f706e917fd9b1a01c800130171) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    11:38:28.0924 4516 IDVaultSvc - ok
    11:38:29.0048 4516 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    11:38:29.0048 4516 iirsp - ok
    11:38:29.0158 4516 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    11:38:29.0173 4516 IKEEXT - ok
    11:38:29.0314 4516 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    11:38:29.0314 4516 intelide - ok
    11:38:29.0470 4516 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
    11:38:29.0470 4516 intelppm - ok
    11:38:29.0626 4516 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    11:38:29.0626 4516 IPBusEnum - ok
    11:38:29.0750 4516 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    11:38:29.0750 4516 IpFilterDriver - ok
    11:38:29.0906 4516 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    11:38:29.0906 4516 iphlpsvc - ok
    11:38:30.0031 4516 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    11:38:30.0031 4516 IPMIDRV - ok
    11:38:30.0156 4516 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    11:38:30.0172 4516 IPNAT - ok
    11:38:30.0312 4516 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
    11:38:30.0328 4516 iPod Service - ok
    11:38:30.0499 4516 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    11:38:30.0499 4516 IRENUM - ok
    11:38:30.0640 4516 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    11:38:30.0640 4516 isapnp - ok
    11:38:30.0827 4516 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    11:38:30.0827 4516 iScsiPrt - ok
    11:38:31.0014 4516 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    11:38:31.0014 4516 kbdclass - ok
    11:38:31.0248 4516 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    11:38:31.0248 4516 kbdhid - ok
    11:38:31.0357 4516 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:38:31.0357 4516 KeyIso - ok
    11:38:31.0513 4516 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
    11:38:31.0513 4516 KSecDD - ok
    11:38:31.0747 4516 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
    11:38:31.0763 4516 KSecPkg - ok
    11:38:31.0934 4516 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    11:38:31.0934 4516 ksthunk - ok
    11:38:32.0012 4516 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    11:38:32.0028 4516 KtmRm - ok
    11:38:32.0215 4516 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
    11:38:32.0215 4516 L1C - ok
    11:38:32.0324 4516 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
    11:38:32.0324 4516 LanmanServer - ok
    11:38:32.0402 4516 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    11:38:32.0402 4516 LanmanWorkstation - ok
    11:38:32.0558 4516 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    11:38:32.0558 4516 lltdio - ok
    11:38:32.0668 4516 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    11:38:32.0668 4516 lltdsvc - ok
    11:38:32.0792 4516 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    11:38:32.0792 4516 lmhosts - ok
    11:38:33.0042 4516 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    11:38:33.0042 4516 LSI_FC - ok
    11:38:33.0541 4516 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    11:38:33.0557 4516 LSI_SAS - ok
    11:38:33.0635 4516 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    11:38:33.0635 4516 LSI_SAS2 - ok
    11:38:33.0728 4516 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    11:38:33.0728 4516 LSI_SCSI - ok
    11:38:33.0822 4516 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    11:38:33.0822 4516 luafv - ok
    11:38:33.0900 4516 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
    11:38:33.0900 4516 MBAMProtector - ok
    11:38:34.0009 4516 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:38:34.0009 4516 MBAMService - ok
    11:38:34.0087 4516 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    11:38:34.0087 4516 Mcx2Svc - ok
    11:38:34.0181 4516 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    11:38:34.0196 4516 megasas - ok
    11:38:34.0290 4516 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    11:38:34.0290 4516 MegaSR - ok
    11:38:34.0384 4516 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    11:38:34.0384 4516 MMCSS - ok
    11:38:34.0477 4516 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    11:38:34.0477 4516 Modem - ok
    11:38:34.0602 4516 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    11:38:34.0602 4516 monitor - ok
    11:38:34.0711 4516 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    11:38:34.0711 4516 mouclass - ok
    11:38:34.0805 4516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    11:38:34.0805 4516 mouhid - ok
    11:38:34.0898 4516 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    11:38:34.0898 4516 mountmgr - ok
    11:38:34.0976 4516 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    11:38:34.0992 4516 mpio - ok
    11:38:35.0054 4516 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    11:38:35.0054 4516 mpsdrv - ok
    11:38:35.0164 4516 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    11:38:35.0179 4516 MpsSvc - ok
    11:38:35.0288 4516 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    11:38:35.0288 4516 MRxDAV - ok
    11:38:35.0460 4516 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    11:38:35.0460 4516 mrxsmb - ok
    11:38:35.0944 4516 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    11:38:35.0959 4516 mrxsmb10 - ok
    11:38:36.0412 4516 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    11:38:36.0427 4516 mrxsmb20 - ok
    11:38:36.0505 4516 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
    11:38:36.0505 4516 msahci - ok
    11:38:36.0755 4516 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    11:38:36.0755 4516 msdsm - ok
    11:38:36.0833 4516 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    11:38:36.0833 4516 MSDTC - ok
    11:38:36.0973 4516 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    11:38:36.0973 4516 Msfs - ok
    11:38:37.0098 4516 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    11:38:37.0098 4516 mshidkmdf - ok
    11:38:37.0238 4516 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    11:38:37.0238 4516 msisadrv - ok
    11:38:37.0316 4516 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    11:38:37.0316 4516 MSiSCSI - ok
    11:38:37.0426 4516 msiserver - ok
    11:38:37.0644 4516 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    11:38:37.0644 4516 MSKSSRV - ok
    11:38:37.0831 4516 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    11:38:37.0847 4516 MSPCLOCK - ok
    11:38:38.0018 4516 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    11:38:38.0018 4516 MSPQM - ok
    11:38:38.0143 4516 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    11:38:38.0143 4516 MsRPC - ok
    11:38:38.0330 4516 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    11:38:38.0330 4516 mssmbios - ok
    11:38:38.0455 4516 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    11:38:38.0455 4516 MSTEE - ok
    11:38:38.0596 4516 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    11:38:38.0596 4516 MTConfig - ok
    11:38:38.0674 4516 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    11:38:38.0689 4516 Mup - ok
    11:38:38.0861 4516 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    11:38:38.0861 4516 N360 - ok
    11:38:39.0220 4516 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    11:38:39.0235 4516 napagent - ok
    11:38:39.0313 4516 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    11:38:39.0329 4516 NativeWifiP - ok
    11:38:39.0766 4516 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120321.032\ENG64.SYS
    11:38:39.0766 4516 NAVENG - ok
    11:38:40.0343 4516 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120321.032\EX64.SYS
    11:38:40.0358 4516 NAVEX15 - ok
    11:38:40.0639 4516 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    11:38:40.0655 4516 NDIS - ok
    11:38:41.0170 4516 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    11:38:41.0170 4516 NdisCap - ok
    11:38:41.0528 4516 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    11:38:41.0528 4516 NdisTapi - ok
    11:38:41.0622 4516 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    11:38:41.0622 4516 Ndisuio - ok
    11:38:41.0762 4516 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    11:38:41.0762 4516 NdisWan - ok
    11:38:41.0950 4516 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    11:38:41.0950 4516 NDProxy - ok
    11:38:42.0090 4516 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    11:38:42.0090 4516 NetBIOS - ok
    11:38:42.0215 4516 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    11:38:42.0230 4516 NetBT - ok
    11:38:42.0340 4516 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:38:42.0340 4516 Netlogon - ok
    11:38:42.0480 4516 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    11:38:42.0496 4516 Netman - ok
    11:38:42.0574 4516 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    11:38:42.0574 4516 netprofm - ok
    11:38:42.0714 4516 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:38:42.0714 4516 NetTcpPortSharing - ok
    11:38:42.0886 4516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    11:38:42.0901 4516 nfrd960 - ok
    11:38:42.0995 4516 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    11:38:43.0010 4516 NlaSvc - ok
    11:38:43.0135 4516 Norton PC Checkup Application Launcher - ok
    11:38:43.0322 4516 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    11:38:43.0338 4516 Npfs - ok
    11:38:43.0541 4516 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    11:38:43.0541 4516 nsi - ok
    11:38:43.0666 4516 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    11:38:43.0666 4516 nsiproxy - ok
    11:38:43.0837 4516 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    11:38:43.0868 4516 Ntfs - ok
    11:38:44.0446 4516 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    11:38:44.0446 4516 Null - ok
    11:38:44.0820 4516 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    11:38:44.0820 4516 nvraid - ok
    11:38:45.0116 4516 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    11:38:45.0132 4516 nvstor - ok
    11:38:45.0272 4516 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    11:38:45.0272 4516 nv_agp - ok
    11:38:45.0522 4516 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:38:45.0538 4516 odserv - ok
    11:38:46.0084 4516 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    11:38:46.0084 4516 ohci1394 - ok
    11:38:46.0552 4516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:38:46.0567 4516 ose - ok
    11:38:46.0988 4516 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    11:38:47.0051 4516 osppsvc - ok
    11:38:47.0129 4516 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    11:38:47.0144 4516 p2pimsvc - ok
    11:38:47.0410 4516 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    11:38:47.0410 4516 p2psvc - ok
    11:38:47.0519 4516 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    11:38:47.0519 4516 Parport - ok
    11:38:47.0706 4516 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
    11:38:47.0706 4516 partmgr - ok
    11:38:47.0862 4516 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    11:38:47.0878 4516 PcaSvc - ok
    11:38:48.0002 4516 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    11:38:48.0018 4516 PCCUJobMgr - ok
    11:38:48.0112 4516 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    11:38:48.0112 4516 pci - ok
    11:38:48.0283 4516 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    11:38:48.0283 4516 pciide - ok
    11:38:48.0408 4516 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    11:38:48.0408 4516 pcmcia - ok
    11:38:48.0580 4516 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    11:38:48.0580 4516 pcw - ok
    11:38:48.0814 4516 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    11:38:48.0814 4516 PEAUTH - ok
    11:38:48.0923 4516 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    11:38:48.0938 4516 PerfHost - ok
    11:38:49.0063 4516 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    11:38:49.0063 4516 PGEffect - ok
    11:38:49.0266 4516 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    11:38:49.0282 4516 pla - ok
    11:38:49.0438 4516 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    11:38:49.0453 4516 PlugPlay - ok
    11:38:49.0578 4516 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    11:38:49.0594 4516 PNRPAutoReg - ok
    11:38:49.0734 4516 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    11:38:49.0734 4516 PNRPsvc - ok
    11:38:49.0859 4516 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    11:38:49.0859 4516 PolicyAgent - ok
    11:38:50.0030 4516 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    11:38:50.0046 4516 Power - ok
    11:38:50.0124 4516 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    11:38:50.0124 4516 PptpMiniport - ok
    11:38:50.0311 4516 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    11:38:50.0311 4516 Processor - ok
    11:38:50.0452 4516 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
    11:38:50.0467 4516 ProfSvc - ok
    11:38:50.0686 4516 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:38:50.0686 4516 ProtectedStorage - ok
    11:38:50.0920 4516 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    11:38:50.0920 4516 Psched - ok
    11:38:51.0466 4516 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    11:38:51.0497 4516 ql2300 - ok
    11:38:51.0793 4516 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    11:38:51.0809 4516 ql40xx - ok
    11:38:52.0152 4516 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    11:38:52.0168 4516 QWAVE - ok
    11:38:52.0246 4516 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    11:38:52.0246 4516 QWAVEdrv - ok
    11:38:52.0448 4516 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    11:38:52.0448 4516 RasAcd - ok
    11:38:52.0589 4516 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    11:38:52.0589 4516 RasAgileVpn - ok
    11:38:52.0807 4516 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    11:38:52.0807 4516 RasAuto - ok
    11:38:52.0932 4516 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    11:38:52.0948 4516 Rasl2tp - ok
    11:38:53.0026 4516 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    11:38:53.0026 4516 RasMan - ok
    11:38:53.0197 4516 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    11:38:53.0197 4516 RasPppoe - ok
    11:38:53.0306 4516 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    11:38:53.0322 4516 RasSstp - ok
    11:38:53.0494 4516 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    11:38:53.0509 4516 rdbss - ok
    11:38:53.0603 4516 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    11:38:53.0603 4516 rdpbus - ok
    11:38:53.0696 4516 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    11:38:53.0696 4516 RDPCDD - ok
    11:38:53.0806 4516 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    11:38:53.0806 4516 RDPENCDD - ok
    11:38:53.0884 4516 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    11:38:53.0899 4516 RDPREFMP - ok
    11:38:53.0993 4516 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
    11:38:53.0993 4516 RDPWD - ok
    11:38:54.0102 4516 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    11:38:54.0102 4516 rdyboost - ok
    11:38:54.0180 4516 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    11:38:54.0180 4516 RemoteAccess - ok
    11:38:54.0258 4516 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    11:38:54.0274 4516 RemoteRegistry - ok
    11:38:54.0352 4516 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    11:38:54.0352 4516 RpcEptMapper - ok
    11:38:54.0430 4516 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    11:38:54.0430 4516 RpcLocator - ok
    11:38:54.0508 4516 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    11:38:54.0523 4516 RpcSs - ok
    11:38:54.0632 4516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    11:38:54.0632 4516 rspndr - ok
    11:38:54.0726 4516 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
    11:38:54.0742 4516 RSUSBSTOR - ok
    11:38:54.0851 4516 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    11:38:54.0866 4516 RTL8192Ce - ok
    11:38:54.0944 4516 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:38:54.0944 4516 SamSs - ok
    11:38:55.0038 4516 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    11:38:55.0038 4516 sbp2port - ok
    11:38:55.0116 4516 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    11:38:55.0116 4516 SCardSvr - ok
    11:38:55.0210 4516 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    11:38:55.0210 4516 scfilter - ok
    11:38:55.0319 4516 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    11:38:55.0334 4516 Schedule - ok
    11:38:55.0428 4516 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    11:38:55.0428 4516 SCPolicySvc - ok
    11:38:55.0490 4516 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    11:38:55.0506 4516 SDRSVC - ok
    11:38:55.0600 4516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    11:38:55.0600 4516 secdrv - ok
    11:38:55.0662 4516 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    11:38:55.0678 4516 seclogon - ok
    11:38:55.0740 4516 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    11:38:55.0740 4516 SENS - ok
    11:38:55.0818 4516 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    11:38:55.0818 4516 SensrSvc - ok
    11:38:55.0912 4516 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    11:38:55.0912 4516 Serenum - ok
    11:38:56.0005 4516 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    11:38:56.0005 4516 Serial - ok
    11:38:56.0114 4516 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    11:38:56.0114 4516 sermouse - ok
    11:38:56.0192 4516 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    11:38:56.0208 4516 SessionEnv - ok
    11:38:56.0302 4516 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    11:38:56.0302 4516 sffdisk - ok
    11:38:56.0380 4516 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    11:38:56.0380 4516 sffp_mmc - ok
    11:38:56.0489 4516 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    11:38:56.0489 4516 sffp_sd - ok
    11:38:56.0567 4516 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    11:38:56.0567 4516 sfloppy - ok
    11:38:56.0692 4516 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
    11:38:56.0692 4516 Sftfs - ok
    11:38:56.0816 4516 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    11:38:56.0832 4516 sftlist - ok
    11:38:56.0941 4516 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
    11:38:56.0941 4516 Sftplay - ok
    11:38:57.0066 4516 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
    11:38:57.0066 4516 Sftredir - ok
    11:38:57.0144 4516 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
    11:38:57.0160 4516 Sftvol - ok
    11:38:57.0269 4516 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    11:38:57.0269 4516 sftvsa - ok
    11:38:57.0347 4516 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    11:38:57.0347 4516 SharedAccess - ok
    11:38:57.0425 4516 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    11:38:57.0440 4516 ShellHWDetection - ok
    11:38:57.0534 4516 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    11:38:57.0534 4516 SiSRaid2 - ok
    11:38:57.0674 4516 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    11:38:57.0674 4516 SiSRaid4 - ok
    11:38:57.0768 4516 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    11:38:57.0768 4516 Smb - ok
    11:38:57.0862 4516 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    11:38:57.0877 4516 SNMPTRAP - ok
    11:38:57.0940 4516 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    11:38:57.0940 4516 spldr - ok
    11:38:58.0033 4516 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    11:38:58.0033 4516 Spooler - ok
    11:38:58.0205 4516 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    11:38:58.0252 4516 sppsvc - ok
    11:38:58.0314 4516 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    11:38:58.0330 4516 sppuinotify - ok
    11:38:58.0501 4516 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
    11:38:58.0501 4516 SRTSP - ok
    11:38:58.0704 4516 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
    11:38:58.0704 4516 SRTSPX - ok
    11:38:58.0844 4516 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    11:38:58.0844 4516 srv - ok
    11:38:58.0954 4516 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    11:38:58.0954 4516 srv2 - ok
    11:38:59.0047 4516 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    11:38:59.0047 4516 srvnet - ok
    11:38:59.0141 4516 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    11:38:59.0141 4516 SSDPSRV - ok
    11:38:59.0219 4516 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    11:38:59.0219 4516 SstpSvc - ok
    11:38:59.0297 4516 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    11:38:59.0297 4516 stexstor - ok
    11:38:59.0375 4516 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
    11:38:59.0390 4516 StillCam - ok
    11:38:59.0468 4516 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    11:38:59.0484 4516 stisvc - ok
    11:38:59.0546 4516 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    11:38:59.0546 4516 swenum - ok
    11:38:59.0624 4516 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    11:38:59.0640 4516 swprv - ok
    11:38:59.0780 4516 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
    11:38:59.0796 4516 SymDS - ok
    11:38:59.0968 4516 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
    11:38:59.0983 4516 SymEFA - ok
    11:39:00.0092 4516 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    11:39:00.0092 4516 SymEvent - ok
    11:39:00.0248 4516 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
    11:39:00.0248 4516 SymIRON - ok
    11:39:00.0373 4516 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
    11:39:00.0389 4516 SymNetS - ok
    11:39:00.0529 4516 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    11:39:00.0545 4516 SysMain - ok
    11:39:01.0028 4516 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    11:39:01.0044 4516 TabletInputService - ok
    11:39:01.0356 4516 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    11:39:01.0372 4516 TapiSrv - ok
    11:39:01.0590 4516 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    11:39:01.0590 4516 TBS - ok
    11:39:02.0058 4516 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
    11:39:02.0074 4516 Tcpip - ok
    11:39:02.0588 4516 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
    11:39:02.0604 4516 TCPIP6 - ok
    11:39:02.0760 4516 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    11:39:02.0776 4516 tcpipreg - ok
    11:39:02.0947 4516 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    11:39:02.0947 4516 tdcmdpst - ok
    11:39:03.0088 4516 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    11:39:03.0088 4516 TDPIPE - ok
    11:39:03.0228 4516 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    11:39:03.0228 4516 TDTCP - ok
    11:39:03.0634 4516 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    11:39:03.0634 4516 tdx - ok
    11:39:03.0899 4516 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    11:39:03.0899 4516 TermDD - ok
    11:39:04.0039 4516 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    11:39:04.0055 4516 TermService - ok
    11:39:04.0133 4516 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    11:39:04.0133 4516 Themes - ok
    11:39:04.0304 4516 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    11:39:04.0320 4516 THREADORDER - ok
    11:39:04.0429 4516 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    11:39:04.0445 4516 TMachInfo - ok
    11:39:05.0173 4516 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    11:39:05.0179 4516 TODDSrv - ok
    11:39:05.0459 4516 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    11:39:05.0467 4516 TosCoSrv - ok
    11:39:05.0587 4516 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    11:39:05.0589 4516 TOSHIBA HDD SSD Alert Service - ok
    11:39:05.0727 4516 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    11:39:05.0734 4516 TrkWks - ok
    11:39:05.0819 4516 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    11:39:05.0822 4516 TrustedInstaller - ok
    11:39:05.0977 4516 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    11:39:05.0979 4516 tssecsrv - ok
    11:39:06.0162 4516 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    11:39:06.0164 4516 TsUsbFlt - ok
    11:39:06.0368 4516 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    11:39:06.0370 4516 TsUsbGD - ok
    11:39:06.0568 4516 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    11:39:06.0576 4516 tunnel - ok
    11:39:06.0988 4516 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    11:39:06.0990 4516 TVALZ - ok
    11:39:07.0135 4516 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    11:39:07.0137 4516 uagp35 - ok
    11:39:07.0289 4516 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    11:39:07.0294 4516 udfs - ok
    11:39:07.0380 4516 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    11:39:07.0385 4516 UI0Detect - ok
    11:39:07.0500 4516 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    11:39:07.0503 4516 uliagpkx - ok
    11:39:07.0583 4516 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    11:39:07.0585 4516 umbus - ok
    11:39:07.0650 4516 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    11:39:07.0650 4516 UmPass - ok
    11:39:07.0728 4516 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    11:39:07.0728 4516 upnphost - ok
    11:39:07.0821 4516 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    11:39:07.0821 4516 usbccgp - ok
    11:39:07.0988 4516 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    11:39:07.0991 4516 usbcir - ok
    11:39:08.0110 4516 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    11:39:08.0112 4516 usbehci - ok
    11:39:08.0311 4516 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    11:39:08.0317 4516 usbhub - ok
    11:39:08.0398 4516 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
    11:39:08.0400 4516 usbohci - ok
    11:39:08.0552 4516 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    11:39:08.0554 4516 usbprint - ok
    11:39:08.0676 4516 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    11:39:08.0679 4516 USBSTOR - ok
    11:39:08.0800 4516 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    11:39:08.0802 4516 usbuhci - ok
    11:39:08.0913 4516 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    11:39:08.0917 4516 usbvideo - ok
    11:39:09.0185 4516 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    11:39:09.0192 4516 UxSms - ok
    11:39:09.0293 4516 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    11:39:09.0297 4516 VaultSvc - ok
    11:39:09.0387 4516 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    11:39:09.0394 4516 vdrvroot - ok
    11:39:09.0485 4516 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    11:39:09.0500 4516 vds - ok
    11:39:09.0643 4516 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    11:39:09.0645 4516 vga - ok
    11:39:09.0761 4516 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    11:39:09.0763 4516 VgaSave - ok
    11:39:09.0847 4516 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    11:39:09.0851 4516 vhdmp - ok
    11:39:10.0014 4516 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    11:39:10.0015 4516 viaide - ok
    11:39:10.0093 4516 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    11:39:10.0096 4516 volmgr - ok
    11:39:10.0236 4516 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    11:39:10.0243 4516 volmgrx - ok
    11:39:10.0347 4516 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    11:39:10.0353 4516 volsnap - ok
    11:39:10.0450 4516 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    11:39:10.0454 4516 vsmraid - ok
    11:39:10.0592 4516 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    11:39:10.0620 4516 VSS - ok
    11:39:10.0704 4516 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    11:39:10.0706 4516 vwifibus - ok
    11:39:10.0778 4516 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    11:39:10.0781 4516 vwififlt - ok
    11:39:10.0870 4516 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    11:39:10.0880 4516 W32Time - ok
    11:39:11.0009 4516 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    11:39:11.0011 4516 WacomPen - ok
    11:39:11.0136 4516 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    11:39:11.0139 4516 WANARP - ok
    11:39:11.0173 4516 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    11:39:11.0178 4516 Wanarpv6 - ok
    11:39:11.0327 4516 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    11:39:11.0365 4516 WatAdminSvc - ok
    11:39:11.0496 4516 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    11:39:11.0519 4516 wbengine - ok
    11:39:11.0575 4516 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    11:39:11.0581 4516 WbioSrvc - ok
    11:39:11.0653 4516 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    11:39:11.0662 4516 wcncsvc - ok
    11:39:11.0744 4516 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    11:39:11.0751 4516 WcsPlugInService - ok
    11:39:11.0861 4516 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    11:39:11.0863 4516 Wd - ok
    11:39:12.0288 4516 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    11:39:12.0301 4516 Wdf01000 - ok
    11:39:12.0399 4516 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    11:39:12.0411 4516 WdiServiceHost - ok
    11:39:12.0444 4516 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    11:39:12.0450 4516 WdiSystemHost - ok
    11:39:12.0673 4516 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    11:39:12.0701 4516 WebClient - ok
    11:39:13.0055 4516 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    11:39:13.0078 4516 Wecsvc - ok
    11:39:13.0252 4516 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    11:39:13.0260 4516 wercplsupport - ok
    11:39:13.0383 4516 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    11:39:13.0389 4516 WerSvc - ok
    11:39:13.0744 4516 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    11:39:13.0746 4516 WfpLwf - ok
    11:39:14.0065 4516 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    11:39:14.0067 4516 WIMMount - ok
    11:39:14.0147 4516 WinDefend - ok
    11:39:14.0176 4516 WinHttpAutoProxySvc - ok
    11:39:14.0473 4516 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    11:39:14.0480 4516 Winmgmt - ok
    11:39:15.0329 4516 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    11:39:15.0359 4516 WinRM - ok
    11:39:15.0522 4516 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    11:39:15.0538 4516 Wlansvc - ok
    11:39:15.0604 4516 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    11:39:15.0606 4516 wlcrasvc - ok
    11:39:15.0722 4516 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:39:15.0751 4516 wlidsvc - ok
    11:39:15.0843 4516 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    11:39:15.0845 4516 WmiAcpi - ok
    11:39:15.0923 4516 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    11:39:15.0928 4516 wmiApSrv - ok
    11:39:15.0981 4516 WMPNetworkSvc - ok
    11:39:16.0059 4516 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    11:39:16.0064 4516 WPCSvc - ok
    11:39:16.0140 4516 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    11:39:16.0146 4516 WPDBusEnum - ok
    11:39:16.0235 4516 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    11:39:16.0237 4516 ws2ifsl - ok
    11:39:16.0312 4516 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
    11:39:16.0317 4516 wscsvc - ok
    11:39:16.0362 4516 WSearch - ok
    11:39:16.0469 4516 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
    11:39:16.0499 4516 wuauserv - ok
    11:39:16.0623 4516 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    11:39:16.0627 4516 WudfPf - ok
    11:39:16.0800 4516 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    11:39:16.0804 4516 WUDFRd - ok
    11:39:16.0918 4516 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    11:39:16.0923 4516 wudfsvc - ok
    11:39:17.0142 4516 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    11:39:17.0150 4516 WwanSvc - ok
    11:39:17.0197 4516 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    11:39:17.0258 4516 \Device\Harddisk0\DR0 - ok
    11:39:17.0288 4516 Boot (0x1200) (de8590baa713dfec22a1b646ac041426) \Device\Harddisk0\DR0\Partition0
    11:39:17.0290 4516 \Device\Harddisk0\DR0\Partition0 - ok
    11:39:17.0298 4516 ============================================================
    11:39:17.0298 4516 Scan finished
    11:39:17.0298 4516 ============================================================
    11:39:17.0328 2624 Detected object count: 0
    11:39:17.0328 2624 Actual detected object count: 0
     
  8. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    We should make sure the rootkit was removed first. It probably would have showed in the first log, but we don't have that.

    Please download DDS by sUBs to your desktop from one of the following locations:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:

    DDS.txt
    Attach.txt


    Save them both to your desktop and then proceed on to the next step.

    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the PC during the scan as it may cause it to freeze.

    Please post the requested logs/reports, as follows:

    Copy and paste the contents of the DDS.txt file.
    Upload as an attachment the Attach.txt file.
    Copy and paste the contents of the ark.txt file.


    Note: We may have to rerun ComboFix again.
     
  9. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Greg at 18:36:15 on 2012-03-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1896 [GMT -4:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Users\Greg\AppData\Local\Temp\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2B97669A-8AC0-4641-9655-A15CEDE640C6} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2B97669A-8AC0-4641-9655-A15CEDE640C6}\355707562783 : DhcpNameServer = 66.184.128.38 207.230.75.50
    TCP: Interfaces\{2B97669A-8AC0-4641-9655-A15CEDE640C6}\379627F6E6 : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2B97669A-8AC0-4641-9655-A15CEDE640C6}\C416155796E6471613 : DhcpNameServer = 64.89.70.2 64.89.74.2
    TCP: Interfaces\{2B97669A-8AC0-4641-9655-A15CEDE640C6}\C416155796E6471623 : DhcpNameServer = 64.89.70.2 64.89.74.2
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
    BHO-X64: Constant Guard Protection Suite (COM) - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\eogm1csf.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
    R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]
    R1 GIDv2;GIDv2;C:\windows\system32\drivers\GIDv2.sys --> C:\windows\system32\drivers\GIDv2.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSviA64.sys [2012-3-21 488568]
    R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-3-20 66632]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-22 652360]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-8-22 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-8-22 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-8-22 57216]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-23 17:36:32 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-03-23 17:36:30 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-03-23 17:36:29 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-03-23 15:27:13 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-23 07:07:14 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-03-22 12:55:37 98816 ----a-w- C:\windows\sed.exe
    2012-03-22 12:55:37 518144 ----a-w- C:\windows\SWREG.exe
    2012-03-22 12:55:37 256000 ----a-w- C:\windows\PEV.exe
    2012-03-22 12:55:37 208896 ----a-w- C:\windows\MBR.exe
    2012-03-20 02:09:03 388096 ----a-r- C:\Users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-20 02:09:03 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-03-19 03:21:35 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-03-15 15:07:48 -------- d-----w- C:\Users\Greg\AppData\Roaming\AccurateRip
    2012-03-15 15:07:41 6908648 ----a-w- C:\windows\SysWow64\SpoonUninstall.exe
    2012-03-15 15:07:19 -------- d-----w- C:\Program Files (x86)\Illustrate
    2012-03-14 12:10:02 1544192 ----a-w- C:\windows\System32\DWrite.dll
    2012-03-14 12:10:01 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
    2012-03-14 12:09:59 3145728 ----a-w- C:\windows\System32\win32k.sys
    2012-03-14 12:09:29 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-03-14 12:09:29 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-03-14 12:09:29 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-03-14 12:09:10 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
    2012-03-14 12:09:10 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
    2012-03-14 12:09:10 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-03-14 12:09:10 1031680 ----a-w- C:\windows\System32\rdpcore.dll
    2012-03-13 04:19:44 0 ----a-w- C:\windows\SysWow64\shoD196.tmp
    .
    ==================== Find3M ====================
    .
    2012-03-19 03:21:07 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-03-15 17:49:59 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
    .
    ============= FINISH: 18:39:32.48 ===============




    GMER didn't find any system changes so the ark file was empty.
     

    Attached Files:

  10. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Okay, thanks. Would you mind running ComboFix again now?
     
  11. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    ComboFix 12-03-22.01 - Greg 03/24/2012 0:36.4.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1935 [GMT -4:00]
    Running from: c:\users\Greg\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-24 10:08 . 2012-03-24 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-23 17:36 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-23 17:36 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-23 17:36 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-23 15:27 . 2012-03-23 15:27 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-20 02:09 . 2012-03-20 02:09 388096 ----a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-20 02:09 . 2012-03-20 02:09 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-03-19 03:22 . 2012-03-19 03:22 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-03-19 03:21 . 2012-03-19 03:21 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-03-15 17:49 . 2012-03-15 17:49 -------- d-----w- c:\windows\system32\Macromed
    2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- c:\users\Greg\AppData\Roaming\AccurateRip
    2012-03-15 15:07 . 2012-03-15 15:05 6908648 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- c:\program files (x86)\Illustrate
    2012-03-14 12:10 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 12:10 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 12:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 12:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 12:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 12:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 12:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 12:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 12:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 12:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 04:19 . 2012-03-13 04:19 0 ----a-w- c:\windows\SysWow64\shoD196.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-19 03:21 . 2011-07-22 01:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-15 17:49 . 2011-07-22 01:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-04 10:44 . 2012-02-14 18:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-14 18:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26 . 2012-02-14 18:30 515584 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-30 05:27 . 2012-02-14 18:30 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59 . 2012-02-14 18:30 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-23_06.49.25 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-24 10:08 . 2012-03-24 10:08 24179 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-03-22 13:47 . 2012-03-22 13:47 24179 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2012-03-23 06:33 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-03-23 13:16 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-11-21 03:09 . 2012-03-23 13:18 51548 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-23 22:25 50996 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-11-12 21:48 . 2012-03-23 22:25 16012 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2623571670-927515603-3617350937-1000_UserData.bin
    + 2009-07-14 04:46 . 2012-03-24 10:17 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-01-15 19:26 . 2012-03-23 06:49 98304 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-23 06:52 . 2012-03-23 06:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032320120324\index.dat
    + 2012-03-23 06:52 . 2012-03-23 06:52 49120 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2012-03-23 06:52 . 2012-03-23 06:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-24 10:10 . 2012-03-24 10:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-23 06:48 . 2012-03-23 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-24 10:10 . 2012-03-24 10:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-23 06:48 . 2012-03-23 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-10 23:16 . 2012-03-23 06:25 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-10 23:16 . 2012-03-23 13:16 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2012-03-23 06:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-23 13:16 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 02:36 . 2012-03-23 16:48 637774 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-21 22:49 637774 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-21 22:49 112920 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-03-23 16:48 112920 c:\windows\system32\perfc009.dat
    - 2012-01-16 13:51 . 2012-01-16 13:46 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-16 13:51 . 2012-03-23 06:49 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-15 19:26 . 2012-03-23 06:49 622592 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 05:01 . 2012-03-22 13:47 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-24 10:08 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-23 07:05 . 2012-03-23 07:05 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-19-16384.dat
    + 2009-07-14 04:54 . 2012-03-23 13:16 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-23 06:33 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:45 . 2012-03-23 22:22 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-03-14 22:51 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-08-22 22:11 . 2012-03-24 10:08 1713568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-08-22 22:11 . 2012-03-22 13:47 1713568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 02:34 . 2012-03-23 22:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2012-03-14 22:47 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2011-11-12 22:31 . 2012-03-22 06:50 14088657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2623571670-927515603-3617350937-1000-8192.dat
    + 2011-11-12 22:31 . 2012-03-24 10:08 14088657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2623571670-927515603-3617350937-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\users\Greg\AppData\Local\Temp\RunDll32.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-20 6658120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
    S1 GIDv2;GIDv2; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSvia64.sys [2012-03-06 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-20 66632]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623571670-927515603-3617350937-1000Core.job
    - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:52]
    .
    2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623571670-927515603-3617350937-1000UA.job
    - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:52]
    .
    2012-03-24 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-03 05:35]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\eogm1csf.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-24 08:31:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-24 12:31
    ComboFix2.txt 2012-03-23 07:01
    .
    Pre-Run: 58,312,024,064 bytes free
    Post-Run: 58,029,207,552 bytes free
    .
    - - End Of File - - 5539E48CF41C965174C8BFC998D7ADB2
     
  12. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Is the svchost still being detected by MalwareBytes?
     
  13. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    Nope, malware didn't detect it on a quick scan. Should I do a complete scan for completion sake?
     
  14. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Yes.

    And let's do this just in case....

    Open Notepad and copy and paste the text in the quote box below into it:





    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  15. GrundelSlayer

    GrundelSlayer Thread Starter

    Joined:
    Mar 19, 2012
    Messages:
    9
    Malwarebytes:


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.23.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Greg :: GREG-PC [administrator]

    Protection: Enabled

    3/25/2012 12:47:12 AM
    mbam-log-2012-03-25 (00-47-12).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 355923
    Time elapsed: 1 hour(s), 43 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Combofix:



    ComboFix 12-03-22.01 - Greg 03/26/2012 1:02.5.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2311 [GMT -4:00]
    Running from: c:\users\Greg\Desktop\ComboFix.exe
    Command switches used :: c:\users\Greg\Desktop\CFScript.txt
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\svchost.exe"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-26 05:14 . 2012-03-26 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-23 17:36 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-23 17:36 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-23 17:36 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-23 15:27 . 2012-03-23 15:27 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-20 02:09 . 2012-03-20 02:09 388096 ----a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-20 02:09 . 2012-03-20 02:09 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-03-19 03:22 . 2012-03-19 03:22 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-03-19 03:21 . 2012-03-19 03:21 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-03-15 17:49 . 2012-03-15 17:49 -------- d-----w- c:\windows\system32\Macromed
    2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- c:\users\Greg\AppData\Roaming\AccurateRip
    2012-03-15 15:07 . 2012-03-15 15:05 6908648 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
    2012-03-15 15:07 . 2012-03-15 15:07 -------- d-----w- c:\program files (x86)\Illustrate
    2012-03-14 12:10 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 12:10 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 12:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 12:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 12:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 12:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 12:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 12:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 12:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 12:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 04:19 . 2012-03-13 04:19 0 ----a-w- c:\windows\SysWow64\shoD196.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-19 03:21 . 2011-07-22 01:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-15 17:49 . 2011-07-22 01:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-04 10:44 . 2012-02-14 18:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-14 18:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2011-12-30 06:26 . 2012-02-14 18:30 515584 ----a-w- c:\windows\system32\timedate.cpl
    2011-12-30 05:27 . 2012-02-14 18:30 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59 . 2012-02-14 18:30 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-23_06.49.25 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-26 05:15 . 2012-03-26 05:15 24179 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-03-22 13:47 . 2012-03-22 13:47 24179 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2012-03-23 06:33 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-03-25 03:54 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-11-21 03:09 . 2012-03-25 03:56 51620 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-25 23:15 51012 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-11-12 21:48 . 2012-03-25 23:15 16012 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2623571670-927515603-3617350937-1000_UserData.bin
    + 2009-07-14 04:46 . 2012-03-24 10:17 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-01-15 19:26 . 2012-03-23 06:49 98304 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-23 06:52 . 2012-03-23 06:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032320120324\index.dat
    + 2012-03-23 06:52 . 2012-03-23 06:52 49120 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2012-03-23 06:52 . 2012-03-23 06:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-26 05:15 . 2012-03-26 05:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-23 06:48 . 2012-03-23 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-26 05:15 . 2012-03-26 05:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-23 06:48 . 2012-03-23 06:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-10 23:16 . 2012-03-23 06:25 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-10 23:16 . 2012-03-23 13:16 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2012-03-23 06:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-03-25 03:54 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 02:36 . 2012-03-23 16:48 637774 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-21 22:49 637774 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-21 22:49 112920 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-03-23 16:48 112920 c:\windows\system32\perfc009.dat
    - 2012-01-16 13:51 . 2012-01-16 13:46 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-16 13:51 . 2012-03-23 06:49 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-15 19:26 . 2012-03-23 06:49 622592 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 05:01 . 2012-03-22 13:47 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-26 05:15 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-23 07:05 . 2012-03-23 07:05 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-19-16384.dat
    + 2009-07-14 04:54 . 2012-03-25 03:54 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-23 06:33 1310720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:45 . 2012-03-23 22:22 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-03-14 22:51 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-08-22 22:11 . 2012-03-26 05:15 1713568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-08-22 22:11 . 2012-03-22 13:47 1713568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 02:34 . 2012-03-23 22:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2012-03-14 22:47 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2011-11-12 22:31 . 2012-03-22 06:50 14088657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2623571670-927515603-3617350937-1000-8192.dat
    + 2011-11-12 22:31 . 2012-03-24 10:08 14088657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2623571670-927515603-3617350937-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\users\Greg\AppData\Local\Temp\RunDll32.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-20 6658120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
    S1 GIDv2;GIDv2; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSvia64.sys [2012-03-06 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-20 66632]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623571670-927515603-3617350937-1000Core.job
    - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:52]
    .
    2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623571670-927515603-3617350937-1000UA.job
    - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:52]
    .
    2012-03-26 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-03 05:35]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\eogm1csf.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-26 01:23:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-26 05:23
    ComboFix2.txt 2012-03-24 12:31
    ComboFix3.txt 2012-03-23 07:01
    .
    Pre-Run: 57,070,493,696 bytes free
    Post-Run: 56,867,688,448 bytes free
    .
    - - End Of File - - 710581FE77BF28A241B5273A318A20D8





    Hijackthis didn't give me a log file.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1045854