Pop of from "ar.voicesurveys" and bunches of cookies

[InMyMind]

I have a feeling that the culprit is the program Oovoo, but I dont click any of their ads.

lot of the cookies are from rubicon project (pixel, tap, and others). The ar.voicesurveys comes up in firefox (even when Im not using firefox but using chrome) I tried scanning with windows defender, norton and malwarebytes along with other tools I have had on my computer from trying to fix it before. I scanned with Norton Power Tool remover it found 3 items in windows folder but it said status was unknown and i was unsure if I should remove it or not. I suspect this is adware but may be more to it, knowing these cookies like to show up mostly when using oovoo which Im on everyday I do quick scans more often to remove them, but please help if you can. Also today which is what made me run here for help, I got a pop up from tap.rubiconproject.js and javascriptw as trying to attack my computer this time on chrome.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32

Run by Elyse at 2:39:32 on 2012-06-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1916.976 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Users\Elyse\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\SFT\GuardedID\GIDD.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Elyse\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Users\Elyse\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Elyse\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Users\Elyse\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.toshiba.com/g/

uDefault_Page_URL = hxxp://start.toshiba.com/g/

uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Google Update] "C:\Users\Elyse\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Elyse\AppData\Local\Akamai\netsession_win.exe"

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzYtOTQxMjkxMDgwLVNUMTJGT0krMS1ERFQrMC1TVDEyQVBQKzEtRVVMQSsx"&"prod=94"&"ver=2012.0.1831"&"mid=86ef1b55244c47d1826d147051f085d3-6e22f5d63c56d589da72ca653a04c7ccfd2dbc31

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{469557A4-DAB8-4F4B-9507-9A53D62A86E2} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{B0CF229C-158A-4044-BCC7-4433A16FF421} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{B0CF229C-158A-4044-BCC7-4433A16FF421}\2456C6B696E6F5E4F575962756C6563737F5331383733324 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B0CF229C-158A-4044-BCC7-4433A16FF421}\45D2D4F62696C656022427F616462616E6466383 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B0CF229C-158A-4044-BCC7-4433A16FF421}\642756562612274637 : DhcpNameServer = 64.105.97.90 64.105.113.138 4.2.2.1

TCP: Interfaces\{B0CF229C-158A-4044-BCC7-4433A16FF421}\863636 : DhcpNameServer = 10.3.2.4 198.64.7.3

TCP: Interfaces\{B0CF229C-158A-4044-BCC7-4433A16FF421}\D414340264F6270275F6D656E6 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzYtOTQxMjkxMDgwLVNUMTJGT0krMS1ERFQrMC1TVDEyQVBQKzEtRVVMQSsx"&"prod=94"&"ver=2012.0.1831"&"mid=86ef1b55244c47d1826d147051f085d3-6e22f5d63c56d589da72ca653a04c7ccfd2dbc31

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\4h79tzjr.default\

FF - prefs.js: browser.search.selectedEngine - Search & Win

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Elyse\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-06-14 09:45:52 96376 ----a-w- C:\windows\System32\drivers\SMR300.SYS

2012-06-14 09:43:53 -------- d-----w- C:\Users\Elyse\AppData\Local\NPE

2012-06-13 00:38:59 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2012-06-13 00:20:42 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2012-06-13 00:05:50 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-06-13 00:05:50 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-06-13 00:05:50 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-06-13 00:05:29 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-06-13 00:05:24 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-06-13 00:05:14 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-06-13 00:04:58 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 00:04:40 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-06-13 00:04:33 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-06-13 00:04:12 3216384 ----a-w- C:\windows\System32\msi.dll

2012-06-13 00:04:09 2342400 ----a-w- C:\windows\SysWow64\msi.dll

2012-06-13 00:03:34 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-06-13 00:03:33 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-06-13 00:03:33 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-06-13 00:03:33 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-06-13 00:03:32 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-06-13 00:03:32 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-06-12 06:10:32 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2082224D-5F5F-42A4-9386-A55402B5E25F}\mpengine.dll

2012-06-09 06:59:59 -------- d-----w- C:\Users\Elyse\AppData\Local\Macromedia

2012-05-30 23:12:47 476960 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2012-05-24 05:16:57 -------- d-----w- C:\Users\Elyse\AppData\Local\{FD9194A0-0417-4F19-B4E6-7F5CF98BB046}

.

==================== Find3M ====================

.

2012-06-09 06:59:21 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-09 06:59:21 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-30 23:12:25 472864 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-12 07:12:36 0 ----a-w- C:\windows\SysWow64\sho940E.tmp

2012-05-10 08:19:02 0 ----a-w- C:\windows\SysWow64\sho7254.tmp

2012-05-04 19:28:05 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-19 01:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

2012-04-04 20:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys

.

============= FINISH: 2:42:03.75 ===============

[InMyMind]

Sorrry neededcorrect this... its ar.voicefive or something like that

[MrCharlie]

Can you post the Attach.txt

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[InMyMind]

Sometimes I get flash crashes, and few times now today my browser has frozen up and asked if I wanted to wait for it to respond (chrome did this today sometimes firefox does too and usually Im not running much)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/29/2011 3:18:57 PM

System Uptime: 6/14/2012 10:35:41 PM (4 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Celeron® CPU 925 @ 2.30GHz | CPU | 2294/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 155.535 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP204: 6/3/2012 10:04:45 PM - Windows Backup

RP205: 6/4/2012 9:17:35 PM - Windows Update

RP206: 6/8/2012 6:13:05 AM - Windows Update

RP207: 6/10/2012 11:58:29 PM - Windows Backup

RP208: 6/12/2012 1:09:13 AM - Windows Update

RP209: 6/12/2012 7:36:25 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Akamai NetSession Interface

Amazon Links

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Audacity 1.2.6

Bicycle Canasta

BlackBerry Desktop Software 6.1

Constant Guard Protection Suite

Cooking Academy 2 - World Cuisine

D3DX10

Google Chrome

GuardedID

Hot Dish 2

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 32

Junk Mail filter update

Label@Once 1.0

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Nertz Solitaire

Norton Security Suite

Octoshape add-in for Adobe Flash Player

ooVoo

PhotoScape

PlayReady PC Runtime x86

PMB

Polar Bowler

QuickTime

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Shrek 2: Ogre Bowler

Skip-Bo - Castaway Caper

Stand O'Food

Stand O'Food 3

Tic-A-Tac Royale

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Tradewinds 2

Tradewinds Legends

Tradewinds Odyssey

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Wedding Dash ® 4-Ever

WildTangent Games

WildTangent Games App

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zombie Bowl-o-Rama

.

==== Event Viewer Messages From Past Week ========

.

6/13/2012 2:05:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

6/13/2012 2:05:01 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/13/2012 2:05:01 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

6/13/2012 10:09:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

6/12/2012 12:57:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

6/12/2012 12:57:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IDVaultSvc service.

6/10/2012 11:56:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

6/10/2012 11:55:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

.

==== End Of File ===========================

nothin to remove

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Elyse :: ELYSE-VRUS [administrator]

Protection: Enabled

6/15/2012 2:05:14 PM

mbam-log-2012-06-15 (14-05-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 225048

Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

OK, lets do some scans......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[InMyMind]

01:21:31.0112 7544 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

01:21:32.0217 7544 ============================================================

01:21:32.0217 7544 Current date / time: 2012/06/16 01:21:32.0217

01:21:32.0217 7544 SystemInfo:

01:21:32.0217 7544

01:21:32.0218 7544 OS Version: 6.1.7601 ServicePack: 1.0

01:21:32.0218 7544 Product type: Workstation

01:21:32.0218 7544 ComputerName: ELYSE-VRUS

01:21:32.0218 7544 UserName: Elyse

01:21:32.0218 7544 Windows directory: C:\windows

01:21:32.0218 7544 System windows directory: C:\windows

01:21:32.0218 7544 Running under WOW64

01:21:32.0218 7544 Processor architecture: Intel x64

01:21:32.0218 7544 Number of processors: 1

01:21:32.0218 7544 Page size: 0x1000

01:21:32.0218 7544 Boot type: Normal boot

01:21:32.0218 7544 ============================================================

01:21:33.0907 7544 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

01:21:33.0930 7544 ============================================================

01:21:33.0930 7544 \Device\Harddisk0\DR0:

01:21:33.0930 7544 MBR partitions:

01:21:33.0930 7544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BA79000

01:21:33.0930 7544 ============================================================

01:21:33.0956 7544 C: <-> \Device\Harddisk0\DR0\Partition0

01:21:33.0976 7544 ============================================================

01:21:33.0976 7544 Initialize success

01:21:33.0976 7544 ============================================================

01:21:55.0199 1452 ============================================================

01:21:55.0199 1452 Scan started

01:21:55.0199 1452 Mode: Manual; SigCheck; TDLFS;

01:21:55.0199 1452 ============================================================

01:21:56.0181 1452 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

01:21:56.0491 1452 1394ohci - ok

01:21:56.0561 1452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

01:21:56.0602 1452 ACPI - ok

01:21:56.0647 1452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

01:21:56.0752 1452 AcpiPmi - ok

01:21:56.0882 1452 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

01:21:56.0899 1452 AdobeARMservice - ok

01:21:57.0143 1452 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

01:21:57.0186 1452 AdobeFlashPlayerUpdateSvc - ok

01:21:57.0339 1452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

01:21:57.0365 1452 adp94xx - ok

01:21:57.0407 1452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

01:21:57.0428 1452 adpahci - ok

01:21:57.0480 1452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

01:21:57.0519 1452 adpu320 - ok

01:21:57.0564 1452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

01:21:57.0713 1452 AeLookupSvc - ok

01:21:57.0771 1452 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

01:21:57.0867 1452 AFD - ok

01:21:57.0910 1452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

01:21:57.0927 1452 agp440 - ok

01:21:57.0978 1452 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

01:21:58.0045 1452 ALG - ok

01:21:58.0084 1452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

01:21:58.0099 1452 aliide - ok

01:21:58.0131 1452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

01:21:58.0167 1452 amdide - ok

01:21:58.0221 1452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

01:21:58.0295 1452 AmdK8 - ok

01:21:58.0320 1452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

01:21:58.0363 1452 AmdPPM - ok

01:21:58.0414 1452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

01:21:58.0447 1452 amdsata - ok

01:21:58.0495 1452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

01:21:58.0518 1452 amdsbs - ok

01:21:58.0541 1452 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

01:21:58.0558 1452 amdxata - ok

01:21:58.0619 1452 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

01:21:58.0839 1452 AppID - ok

01:21:58.0875 1452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

01:21:58.0959 1452 AppIDSvc - ok

01:21:59.0021 1452 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

01:21:59.0081 1452 Appinfo - ok

01:21:59.0199 1452 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

01:21:59.0232 1452 Apple Mobile Device - ok

01:21:59.0284 1452 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

01:21:59.0301 1452 arc - ok

01:21:59.0326 1452 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

01:21:59.0343 1452 arcsas - ok

01:21:59.0390 1452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

01:21:59.0456 1452 AsyncMac - ok

01:21:59.0485 1452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

01:21:59.0524 1452 atapi - ok

01:21:59.0611 1452 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys

01:21:59.0730 1452 athr - ok

01:21:59.0840 1452 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

01:21:59.0906 1452 AudioEndpointBuilder - ok

01:21:59.0919 1452 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

01:21:59.0967 1452 AudioSrv - ok

01:22:00.0028 1452 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

01:22:00.0144 1452 AxInstSV - ok

01:22:00.0215 1452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

01:22:00.0290 1452 b06bdrv - ok

01:22:00.0340 1452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

01:22:00.0374 1452 b57nd60a - ok

01:22:00.0434 1452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

01:22:00.0509 1452 BDESVC - ok

01:22:00.0551 1452 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

01:22:00.0627 1452 Beep - ok

01:22:00.0695 1452 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

01:22:00.0754 1452 BFE - ok

01:22:00.0937 1452 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120531.001\BHDrvx64.sys

01:22:01.0117 1452 BHDrvx64 - ok

01:22:01.0264 1452 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

01:22:01.0345 1452 BITS - ok

01:22:01.0400 1452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

01:22:01.0429 1452 blbdrive - ok

01:22:01.0521 1452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

01:22:01.0541 1452 Bonjour Service - ok

01:22:01.0570 1452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

01:22:01.0624 1452 bowser - ok

01:22:01.0664 1452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

01:22:01.0753 1452 BrFiltLo - ok

01:22:01.0811 1452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

01:22:01.0831 1452 BrFiltUp - ok

01:22:01.0871 1452 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

01:22:01.0936 1452 Browser - ok

01:22:01.0975 1452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

01:22:02.0038 1452 Brserid - ok

01:22:02.0072 1452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

01:22:02.0105 1452 BrSerWdm - ok

01:22:02.0128 1452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

01:22:02.0156 1452 BrUsbMdm - ok

01:22:02.0197 1452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

01:22:02.0223 1452 BrUsbSer - ok

01:22:02.0245 1452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

01:22:02.0273 1452 BTHMODEM - ok

01:22:02.0326 1452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

01:22:02.0397 1452 bthserv - ok

01:22:02.0429 1452 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

01:22:02.0490 1452 cdfs - ok

01:22:02.0519 1452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

01:22:02.0580 1452 cdrom - ok

01:22:02.0630 1452 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

01:22:02.0686 1452 CertPropSvc - ok

01:22:02.0722 1452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

01:22:02.0742 1452 circlass - ok

01:22:02.0784 1452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

01:22:02.0826 1452 CLFS - ok

01:22:02.0896 1452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:22:02.0928 1452 clr_optimization_v2.0.50727_32 - ok

01:22:02.0995 1452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

01:22:03.0022 1452 clr_optimization_v2.0.50727_64 - ok

01:22:03.0093 1452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

01:22:03.0125 1452 clr_optimization_v4.0.30319_32 - ok

01:22:03.0182 1452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

01:22:03.0208 1452 clr_optimization_v4.0.30319_64 - ok

01:22:03.0269 1452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

01:22:03.0300 1452 CmBatt - ok

01:22:03.0335 1452 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

01:22:03.0351 1452 cmdide - ok

01:22:03.0401 1452 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

01:22:03.0452 1452 CNG - ok

01:22:03.0527 1452 CnxtHdAudService (66d12b53e117ef951d5e1ced03b4cc1b) C:\windows\system32\drivers\CHDRT64.sys

01:22:03.0575 1452 CnxtHdAudService - ok

01:22:03.0630 1452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

01:22:03.0645 1452 Compbatt - ok

01:22:03.0699 1452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

01:22:03.0737 1452 CompositeBus - ok

01:22:03.0755 1452 COMSysApp - ok

01:22:03.0800 1452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

01:22:03.0816 1452 crcdisk - ok

01:22:03.0887 1452 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

01:22:03.0978 1452 CryptSvc - ok

01:22:04.0186 1452 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

01:22:04.0223 1452 cvhsvc - ok

01:22:04.0336 1452 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

01:22:04.0404 1452 DcomLaunch - ok

01:22:04.0466 1452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

01:22:04.0538 1452 defragsvc - ok

01:22:04.0612 1452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

01:22:04.0669 1452 DfsC - ok

01:22:04.0776 1452 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

01:22:04.0835 1452 Dhcp - ok

01:22:04.0874 1452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

01:22:04.0939 1452 discache - ok

01:22:04.0985 1452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

01:22:05.0002 1452 Disk - ok

01:22:05.0035 1452 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

01:22:05.0114 1452 Dnscache - ok

01:22:05.0150 1452 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

01:22:05.0206 1452 dot3svc - ok

01:22:05.0229 1452 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

01:22:05.0281 1452 DPS - ok

01:22:05.0323 1452 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

01:22:05.0355 1452 drmkaud - ok

01:22:05.0420 1452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

01:22:05.0495 1452 DXGKrnl - ok

01:22:05.0530 1452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

01:22:05.0584 1452 EapHost - ok

01:22:05.0718 1452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

01:22:05.0852 1452 ebdrv - ok

01:22:05.0996 1452 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

01:22:06.0035 1452 eeCtrl - ok

01:22:06.0102 1452 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

01:22:06.0174 1452 EFS - ok

01:22:06.0249 1452 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

01:22:06.0329 1452 ehRecvr - ok

01:22:06.0361 1452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

01:22:06.0451 1452 ehSched - ok

01:22:06.0517 1452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

01:22:06.0542 1452 elxstor - ok

01:22:06.0676 1452 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

01:22:06.0707 1452 EraserUtilRebootDrv - ok

01:22:06.0750 1452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

01:22:06.0782 1452 ErrDev - ok

01:22:06.0851 1452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

01:22:06.0920 1452 EventSystem - ok

01:22:06.0954 1452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

01:22:07.0013 1452 exfat - ok

01:22:07.0041 1452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

01:22:07.0108 1452 fastfat - ok

01:22:07.0172 1452 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

01:22:07.0241 1452 Fax - ok

01:22:07.0281 1452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

01:22:07.0311 1452 fdc - ok

01:22:07.0351 1452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

01:22:07.0405 1452 fdPHost - ok

01:22:07.0429 1452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

01:22:07.0482 1452 FDResPub - ok

01:22:07.0503 1452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

01:22:07.0520 1452 FileInfo - ok

01:22:07.0537 1452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

01:22:07.0601 1452 Filetrace - ok

01:22:07.0635 1452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

01:22:07.0657 1452 flpydisk - ok

01:22:07.0701 1452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

01:22:07.0722 1452 FltMgr - ok

01:22:07.0782 1452 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

01:22:07.0854 1452 FontCache - ok

01:22:07.0918 1452 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

01:22:07.0931 1452 FontCache3.0.0.0 - ok

01:22:07.0976 1452 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

01:22:07.0992 1452 FsDepends - ok

01:22:08.0023 1452 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

01:22:08.0055 1452 Fs_Rec - ok

01:22:08.0102 1452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

01:22:08.0142 1452 fvevol - ok

01:22:08.0183 1452 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

01:22:08.0247 1452 FwLnk - ok

01:22:08.0294 1452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

01:22:08.0310 1452 gagp30kx - ok

01:22:08.0390 1452 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

01:22:08.0422 1452 GamesAppService - ok

01:22:08.0465 1452 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

01:22:08.0491 1452 GEARAspiWDM - ok

01:22:08.0546 1452 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\windows\system32\drivers\GIDv2.sys

01:22:08.0560 1452 GIDv2 - ok

01:22:08.0617 1452 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

01:22:08.0688 1452 gpsvc - ok

01:22:08.0716 1452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

01:22:08.0784 1452 hcw85cir - ok

01:22:08.0836 1452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

01:22:08.0873 1452 HdAudAddService - ok

01:22:08.0911 1452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

01:22:08.0943 1452 HDAudBus - ok

01:22:08.0971 1452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

01:22:09.0000 1452 HidBatt - ok

01:22:09.0022 1452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

01:22:09.0060 1452 HidBth - ok

01:22:09.0095 1452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

01:22:09.0127 1452 HidIr - ok

01:22:09.0168 1452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

01:22:09.0243 1452 hidserv - ok

01:22:09.0289 1452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

01:22:09.0307 1452 HidUsb - ok

01:22:09.0337 1452 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

01:22:09.0417 1452 hkmsvc - ok

01:22:09.0457 1452 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

01:22:09.0543 1452 HomeGroupListener - ok

01:22:09.0575 1452 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

01:22:09.0607 1452 HomeGroupProvider - ok

01:22:09.0653 1452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

01:22:09.0669 1452 HpSAMD - ok

01:22:09.0728 1452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

01:22:09.0810 1452 HTTP - ok

01:22:09.0847 1452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

01:22:09.0878 1452 hwpolicy - ok

01:22:09.0922 1452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

01:22:09.0944 1452 i8042prt - ok

01:22:09.0998 1452 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys

01:22:10.0015 1452 iaStor - ok

01:22:10.0072 1452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

01:22:10.0095 1452 iaStorV - ok

01:22:10.0181 1452 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

01:22:10.0224 1452 idsvc - ok

01:22:10.0438 1452 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120613.007\IDSvia64.sys

01:22:10.0464 1452 IDSVia64 - ok

01:22:10.0544 1452 IDVaultSvc (ebed410c201b7050c0f7cbbb0306656a) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

01:22:10.0557 1452 IDVaultSvc - ok

01:22:10.0981 1452 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys

01:22:11.0305 1452 igfx - ok

01:22:11.0481 1452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

01:22:11.0496 1452 iirsp - ok

01:22:11.0589 1452 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

01:22:11.0651 1452 IKEEXT - ok

01:22:11.0691 1452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

01:22:11.0706 1452 intelide - ok

01:22:11.0765 1452 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

01:22:11.0824 1452 intelppm - ok

01:22:11.0863 1452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

01:22:11.0946 1452 IPBusEnum - ok

01:22:11.0984 1452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

01:22:12.0044 1452 IpFilterDriver - ok

01:22:12.0105 1452 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

01:22:12.0169 1452 iphlpsvc - ok

01:22:12.0216 1452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

01:22:12.0256 1452 IPMIDRV - ok

01:22:12.0314 1452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

01:22:12.0361 1452 IPNAT - ok

01:22:12.0415 1452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

01:22:12.0485 1452 IRENUM - ok

01:22:12.0540 1452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

01:22:12.0556 1452 isapnp - ok

01:22:12.0587 1452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

01:22:12.0607 1452 iScsiPrt - ok

01:22:12.0662 1452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

01:22:12.0677 1452 kbdclass - ok

01:22:12.0718 1452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

01:22:12.0765 1452 kbdhid - ok

01:22:12.0791 1452 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

01:22:12.0809 1452 KeyIso - ok

01:22:12.0843 1452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

01:22:12.0879 1452 KSecDD - ok

01:22:12.0916 1452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

01:22:12.0950 1452 KSecPkg - ok

01:22:12.0999 1452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

01:22:13.0060 1452 ksthunk - ok

01:22:13.0102 1452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

01:22:13.0177 1452 KtmRm - ok

01:22:13.0219 1452 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys

01:22:13.0253 1452 L1C - ok

01:22:13.0330 1452 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

01:22:13.0389 1452 LanmanServer - ok

01:22:13.0442 1452 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

01:22:13.0496 1452 LanmanWorkstation - ok

01:22:13.0547 1452 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

01:22:13.0596 1452 lltdio - ok

01:22:13.0653 1452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

01:22:13.0727 1452 lltdsvc - ok

01:22:13.0743 1452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

01:22:13.0784 1452 lmhosts - ok

01:22:13.0827 1452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

01:22:13.0844 1452 LSI_FC - ok

01:22:13.0876 1452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

01:22:13.0893 1452 LSI_SAS - ok

01:22:13.0932 1452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

01:22:13.0949 1452 LSI_SAS2 - ok

01:22:13.0989 1452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

01:22:14.0025 1452 LSI_SCSI - ok

01:22:14.0055 1452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

01:22:14.0112 1452 luafv - ok

01:22:14.0196 1452 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

01:22:14.0229 1452 MBAMProtector - ok

01:22:14.0353 1452 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

01:22:14.0377 1452 MBAMService - ok

01:22:14.0458 1452 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

01:22:14.0514 1452 Mcx2Svc - ok

01:22:14.0589 1452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

01:22:14.0604 1452 megasas - ok

01:22:14.0640 1452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

01:22:14.0660 1452 MegaSR - ok

01:22:14.0704 1452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

01:22:14.0754 1452 MMCSS - ok

01:22:14.0780 1452 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

01:22:14.0909 1452 Modem - ok

01:22:14.0938 1452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

01:22:14.0968 1452 monitor - ok

01:22:15.0024 1452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

01:22:15.0040 1452 mouclass - ok

01:22:15.0089 1452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

01:22:15.0123 1452 mouhid - ok

01:22:15.0157 1452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

01:22:15.0174 1452 mountmgr - ok

01:22:15.0257 1452 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

01:22:15.0290 1452 MozillaMaintenance - ok

01:22:15.0331 1452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

01:22:15.0349 1452 mpio - ok

01:22:15.0371 1452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

01:22:15.0413 1452 mpsdrv - ok

01:22:15.0463 1452 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

01:22:15.0520 1452 MpsSvc - ok

01:22:15.0562 1452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

01:22:15.0599 1452 MRxDAV - ok

01:22:15.0636 1452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

01:22:15.0741 1452 mrxsmb - ok

01:22:15.0771 1452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

01:22:15.0821 1452 mrxsmb10 - ok

01:22:15.0849 1452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

01:22:15.0867 1452 mrxsmb20 - ok

01:22:15.0908 1452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

01:22:15.0926 1452 msahci - ok

01:22:15.0966 1452 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

01:22:15.0983 1452 msdsm - ok

01:22:16.0034 1452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

01:22:16.0069 1452 MSDTC - ok

01:22:16.0104 1452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

01:22:16.0159 1452 Msfs - ok

01:22:16.0188 1452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

01:22:16.0242 1452 mshidkmdf - ok

01:22:16.0273 1452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

01:22:16.0314 1452 msisadrv - ok

01:22:16.0371 1452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

01:22:16.0444 1452 MSiSCSI - ok

01:22:16.0454 1452 msiserver - ok

01:22:16.0526 1452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

01:22:16.0577 1452 MSKSSRV - ok

01:22:16.0598 1452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

01:22:16.0657 1452 MSPCLOCK - ok

01:22:16.0693 1452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

01:22:16.0748 1452 MSPQM - ok

01:22:16.0784 1452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

01:22:16.0820 1452 MsRPC - ok

01:22:16.0900 1452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

01:22:16.0915 1452 mssmbios - ok

01:22:16.0953 1452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

01:22:17.0009 1452 MSTEE - ok

01:22:17.0027 1452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

01:22:17.0045 1452 MTConfig - ok

01:22:17.0069 1452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

01:22:17.0097 1452 Mup - ok

01:22:17.0210 1452 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

01:22:17.0224 1452 N360 - ok

01:22:17.0290 1452 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

01:22:17.0376 1452 napagent - ok

01:22:17.0442 1452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

01:22:17.0500 1452 NativeWifiP - ok

01:22:17.0690 1452 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120614.032\ENG64.SYS

01:22:17.0705 1452 NAVENG - ok

01:22:17.0983 1452 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120614.032\EX64.SYS

01:22:18.0085 1452 NAVEX15 - ok

01:22:18.0275 1452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

01:22:18.0327 1452 NDIS - ok

01:22:18.0389 1452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

01:22:18.0436 1452 NdisCap - ok

01:22:18.0466 1452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

01:22:18.0505 1452 NdisTapi - ok

01:22:18.0558 1452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

01:22:18.0623 1452 Ndisuio - ok

01:22:18.0664 1452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

01:22:18.0737 1452 NdisWan - ok

01:22:18.0778 1452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

01:22:18.0832 1452 NDProxy - ok

01:22:18.0883 1452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

01:22:18.0937 1452 NetBIOS - ok

01:22:19.0018 1452 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

01:22:19.0059 1452 NetBT - ok

01:22:19.0091 1452 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

01:22:19.0108 1452 Netlogon - ok

01:22:19.0168 1452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

01:22:19.0227 1452 Netman - ok

01:22:19.0287 1452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

01:22:19.0344 1452 netprofm - ok

01:22:19.0429 1452 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

01:22:19.0469 1452 NetTcpPortSharing - ok

01:22:19.0525 1452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

01:22:19.0541 1452 nfrd960 - ok

01:22:19.0604 1452 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

01:22:19.0654 1452 NlaSvc - ok

01:22:19.0720 1452 Norton PC Checkup Application Launcher - ok

01:22:19.0739 1452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

01:22:19.0779 1452 Npfs - ok

01:22:19.0815 1452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

01:22:19.0862 1452 nsi - ok

01:22:19.0894 1452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

01:22:19.0948 1452 nsiproxy - ok

01:22:20.0106 1452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

01:22:20.0195 1452 Ntfs - ok

01:22:20.0339 1452 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

01:22:20.0379 1452 Null - ok

01:22:20.0418 1452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

01:22:20.0435 1452 nvraid - ok

01:22:20.0478 1452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

01:22:20.0511 1452 nvstor - ok

01:22:20.0587 1452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

01:22:20.0604 1452 nv_agp - ok

01:22:20.0639 1452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

01:22:20.0707 1452 ohci1394 - ok

01:22:20.0854 1452 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

01:22:20.0889 1452 ose - ok

01:22:21.0510 1452 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

01:22:21.0834 1452 osppsvc - ok

01:22:21.0956 1452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

01:22:22.0038 1452 p2pimsvc - ok

01:22:22.0084 1452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

01:22:22.0108 1452 p2psvc - ok

01:22:22.0213 1452 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

01:22:22.0232 1452 Parport - ok

01:22:22.0281 1452 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

01:22:22.0310 1452 partmgr - ok

01:22:22.0393 1452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

01:22:22.0569 1452 PcaSvc - ok

01:22:22.0687 1452 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe

01:22:22.0731 1452 PCCUJobMgr - ok

01:22:22.0765 1452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

01:22:22.0785 1452 pci - ok

01:22:22.0810 1452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

01:22:22.0826 1452 pciide - ok

01:22:22.0869 1452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

01:22:22.0912 1452 pcmcia - ok

01:22:22.0984 1452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

01:22:23.0085 1452 pcw - ok

01:22:23.0147 1452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

01:22:23.0211 1452 PEAUTH - ok

01:22:23.0307 1452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

01:22:23.0342 1452 PerfHost - ok

01:22:23.0411 1452 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

01:22:23.0424 1452 PGEffect - ok

01:22:23.0650 1452 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

01:22:23.0778 1452 pla - ok

01:22:23.0834 1452 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

01:22:23.0998 1452 PlugPlay - ok

01:22:24.0130 1452 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

01:22:24.0201 1452 PMBDeviceInfoProvider - ok

01:22:24.0249 1452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

01:22:24.0314 1452 PNRPAutoReg - ok

01:22:24.0369 1452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

01:22:24.0419 1452 PNRPsvc - ok

01:22:24.0502 1452 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

01:22:24.0573 1452 PolicyAgent - ok

01:22:24.0627 1452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

01:22:24.0689 1452 Power - ok

01:22:24.0766 1452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

01:22:24.0937 1452 PptpMiniport - ok

01:22:25.0005 1452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

01:22:25.0035 1452 Processor - ok

01:22:25.0094 1452 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

01:22:25.0167 1452 ProfSvc - ok

01:22:25.0204 1452 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

01:22:25.0231 1452 ProtectedStorage - ok

01:22:25.0276 1452 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

01:22:25.0330 1452 Psched - ok

01:22:25.0703 1452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

01:22:25.0772 1452 ql2300 - ok

01:22:25.0878 1452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

01:22:25.0895 1452 ql40xx - ok

01:22:25.0934 1452 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

01:22:25.0978 1452 QWAVE - ok

01:22:26.0008 1452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

01:22:26.0074 1452 QWAVEdrv - ok

01:22:26.0105 1452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

01:22:26.0158 1452 RasAcd - ok

01:22:26.0200 1452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

01:22:26.0241 1452 RasAgileVpn - ok

01:22:26.0277 1452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

01:22:26.0333 1452 RasAuto - ok

01:22:26.0391 1452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

01:22:26.0447 1452 Rasl2tp - ok

01:22:26.0525 1452 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

01:22:26.0661 1452 RasMan - ok

01:22:26.0735 1452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

01:22:26.0804 1452 RasPppoe - ok

01:22:26.0854 1452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

01:22:26.0914 1452 RasSstp - ok

01:22:26.0972 1452 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

01:22:27.0124 1452 rdbss - ok

01:22:27.0157 1452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

01:22:27.0187 1452 rdpbus - ok

01:22:27.0210 1452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

01:22:27.0388 1452 RDPCDD - ok

01:22:27.0426 1452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

01:22:27.0483 1452 RDPENCDD - ok

01:22:27.0501 1452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

01:22:27.0541 1452 RDPREFMP - ok

01:22:27.0605 1452 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

01:22:27.0711 1452 RDPWD - ok

01:22:27.0768 1452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

01:22:27.0788 1452 rdyboost - ok

01:22:27.0819 1452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

01:22:27.0898 1452 RemoteAccess - ok

01:22:27.0941 1452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

01:22:28.0010 1452 RemoteRegistry - ok

01:22:28.0063 1452 RimUsb (ad42432d22940b4215177be113e4919c) C:\windows\system32\Drivers\RimUsb_AMD64.sys

01:22:28.0161 1452 RimUsb - ok

01:22:28.0226 1452 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys

01:22:28.0288 1452 RimVSerPort - ok

01:22:28.0360 1452 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys

01:22:28.0414 1452 ROOTMODEM - ok

01:22:28.0450 1452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

01:22:28.0492 1452 RpcEptMapper - ok

01:22:28.0522 1452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

01:22:28.0555 1452 RpcLocator - ok

01:22:28.0611 1452 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

01:22:28.0660 1452 RpcSs - ok

01:22:28.0697 1452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

01:22:28.0739 1452 rspndr - ok

01:22:28.0826 1452 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys

01:22:28.0876 1452 RSUSBSTOR - ok

01:22:28.0915 1452 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

01:22:28.0941 1452 SamSs - ok

01:22:29.0013 1452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

01:22:29.0030 1452 sbp2port - ok

01:22:29.0065 1452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

01:22:29.0127 1452 SCardSvr - ok

01:22:29.0161 1452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

01:22:29.0216 1452 scfilter - ok

01:22:29.0289 1452 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

01:22:29.0357 1452 Schedule - ok

01:22:29.0400 1452 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

01:22:29.0439 1452 SCPolicySvc - ok

01:22:29.0501 1452 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

01:22:29.0563 1452 SDRSVC - ok

01:22:29.0621 1452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

01:22:29.0674 1452 secdrv - ok

01:22:29.0718 1452 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

01:22:29.0834 1452 seclogon - ok

01:22:29.0895 1452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

01:22:29.0938 1452 SENS - ok

01:22:29.0972 1452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

01:22:30.0046 1452 SensrSvc - ok

01:22:30.0084 1452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

01:22:30.0110 1452 Serenum - ok

01:22:30.0146 1452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

01:22:30.0164 1452 Serial - ok

01:22:30.0203 1452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

01:22:30.0227 1452 sermouse - ok

01:22:30.0287 1452 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

01:22:30.0366 1452 SessionEnv - ok

01:22:30.0405 1452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

01:22:30.0477 1452 sffdisk - ok

01:22:30.0510 1452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

01:22:30.0544 1452 sffp_mmc - ok

01:22:30.0557 1452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

01:22:30.0584 1452 sffp_sd - ok

01:22:30.0615 1452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

01:22:30.0634 1452 sfloppy - ok

01:22:30.0789 1452 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

01:22:30.0837 1452 Sftfs - ok

01:22:30.0950 1452 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

01:22:30.0972 1452 sftlist - ok

01:22:31.0070 1452 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

01:22:31.0160 1452 Sftplay - ok

01:22:31.0195 1452 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

01:22:31.0208 1452 Sftredir - ok

01:22:31.0229 1452 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

01:22:31.0262 1452 Sftvol - ok

01:22:31.0294 1452 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

01:22:31.0310 1452 sftvsa - ok

01:22:31.0362 1452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

01:22:31.0438 1452 SharedAccess - ok

01:22:31.0630 1452 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

01:22:31.0694 1452 ShellHWDetection - ok

01:22:31.0748 1452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

01:22:31.0765 1452 SiSRaid2 - ok

01:22:31.0789 1452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

01:22:31.0810 1452 SiSRaid4 - ok

01:22:31.0852 1452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

01:22:31.0894 1452 Smb - ok

01:22:31.0953 1452 SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\windows\system32\drivers\SMR300.SYS

01:22:31.0984 1452 SMR300 - ok

01:22:32.0047 1452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

01:22:32.0068 1452 SNMPTRAP - ok

01:22:32.0106 1452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

01:22:32.0124 1452 spldr - ok

01:22:32.0203 1452 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

01:22:32.0295 1452 Spooler - ok

01:22:32.0639 1452 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

01:22:32.0803 1452 sppsvc - ok

01:22:32.0924 1452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

01:22:32.0977 1452 sppuinotify - ok

01:22:33.0159 1452 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS

01:22:33.0200 1452 SRTSP - ok

01:22:33.0244 1452 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS

01:22:33.0272 1452 SRTSPX - ok

01:22:33.0328 1452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

01:22:33.0420 1452 srv - ok

01:22:33.0461 1452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

01:22:33.0496 1452 srv2 - ok

01:22:33.0539 1452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

01:22:33.0567 1452 srvnet - ok

01:22:33.0616 1452 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\windows\system32\DRIVERS\ssadbus.sys

01:22:33.0701 1452 ssadbus - ok

01:22:33.0750 1452 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\windows\system32\DRIVERS\ssadmdfl.sys

01:22:33.0836 1452 ssadmdfl - ok

01:22:33.0871 1452 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\windows\system32\DRIVERS\ssadmdm.sys

01:22:33.0930 1452 ssadmdm - ok

01:22:33.0990 1452 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\windows\system32\DRIVERS\ssadserd.sys

01:22:34.0019 1452 ssadserd - ok

01:22:34.0093 1452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

01:22:34.0184 1452 SSDPSRV - ok

01:22:34.0244 1452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

01:22:34.0319 1452 SstpSvc - ok

01:22:34.0362 1452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

01:22:34.0379 1452 stexstor - ok

01:22:34.0446 1452 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

01:22:34.0489 1452 stisvc - ok

01:22:34.0525 1452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

01:22:34.0540 1452 swenum - ok

01:22:34.0576 1452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

01:22:34.0635 1452 swprv - ok

01:22:34.0743 1452 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS

01:22:34.0806 1452 SymDS - ok

01:22:34.0900 1452 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS

01:22:34.0950 1452 SymEFA - ok

01:22:35.0022 1452 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

01:22:35.0079 1452 SymEvent - ok

01:22:35.0167 1452 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\windows\system32\DRIVERS\SymIMv.sys

01:22:35.0180 1452 SymIM - ok

01:22:35.0250 1452 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS

01:22:35.0266 1452 SymIRON - ok

01:22:35.0303 1452 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS

01:22:35.0322 1452 SymNetS - ok

01:22:35.0378 1452 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

01:22:35.0397 1452 SynTP - ok

01:22:35.0484 1452 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

01:22:35.0556 1452 SysMain - ok

01:22:35.0689 1452 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

01:22:35.0746 1452 TabletInputService - ok

01:22:35.0784 1452 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

01:22:35.0874 1452 TapiSrv - ok

01:22:35.0927 1452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

01:22:35.0990 1452 TBS - ok

01:22:36.0248 1452 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

01:22:36.0347 1452 Tcpip - ok

01:22:36.0701 1452 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

01:22:36.0750 1452 TCPIP6 - ok

01:22:36.0922 1452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

01:22:37.0006 1452 tcpipreg - ok

01:22:37.0055 1452 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

01:22:37.0070 1452 tdcmdpst - ok

01:22:37.0100 1452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

01:22:37.0159 1452 TDPIPE - ok

01:22:37.0189 1452 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

01:22:37.0222 1452 TDTCP - ok

01:22:37.0263 1452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

01:22:37.0375 1452 tdx - ok

01:22:37.0416 1452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

01:22:37.0433 1452 TermDD - ok

01:22:37.0477 1452 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

01:22:37.0560 1452 TermService - ok

01:22:37.0609 1452 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

01:22:37.0651 1452 Themes - ok

01:22:37.0696 1452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

01:22:37.0740 1452 THREADORDER - ok

01:22:37.0890 1452 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

01:22:37.0925 1452 TMachInfo - ok

01:22:37.0974 1452 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe

01:22:37.0989 1452 TODDSrv - ok

01:22:38.0145 1452 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

01:22:38.0182 1452 TosCoSrv - ok

01:22:38.0274 1452 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

01:22:38.0287 1452 TOSHIBA HDD SSD Alert Service - ok

01:22:38.0344 1452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

01:22:38.0399 1452 TrkWks - ok

01:22:38.0539 1452 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

01:22:38.0587 1452 TrustedInstaller - ok

01:22:38.0688 1452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

01:22:38.0750 1452 tssecsrv - ok

01:22:38.0776 1452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

01:22:38.0845 1452 TsUsbFlt - ok

01:22:38.0904 1452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

01:22:38.0951 1452 tunnel - ok

01:22:38.0999 1452 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

01:22:39.0021 1452 TVALZ - ok

01:22:39.0087 1452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

01:22:39.0103 1452 uagp35 - ok

01:22:39.0151 1452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

01:22:39.0204 1452 udfs - ok

01:22:39.0256 1452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

01:22:39.0313 1452 UI0Detect - ok

01:22:39.0359 1452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

01:22:39.0375 1452 uliagpkx - ok

01:22:39.0417 1452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

01:22:39.0434 1452 umbus - ok

01:22:39.0469 1452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

01:22:39.0504 1452 UmPass - ok

01:22:39.0552 1452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

01:22:39.0597 1452 upnphost - ok

01:22:39.0642 1452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

01:22:39.0754 1452 usbccgp - ok

01:22:39.0797 1452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

01:22:39.0817 1452 usbcir - ok

01:22:39.0839 1452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

01:22:39.0873 1452 usbehci - ok

01:22:39.0902 1452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

01:22:39.0937 1452 usbhub - ok

01:22:39.0966 1452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

01:22:39.0997 1452 usbohci - ok

01:22:40.0028 1452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

01:22:40.0068 1452 usbprint - ok

01:22:40.0090 1452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

01:22:40.0164 1452 USBSTOR - ok

01:22:40.0222 1452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

01:22:40.0251 1452 usbuhci - ok

01:22:40.0318 1452 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

01:22:40.0339 1452 usbvideo - ok

01:22:40.0381 1452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

01:22:40.0429 1452 UxSms - ok

01:22:40.0461 1452 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

01:22:40.0477 1452 VaultSvc - ok

01:22:40.0524 1452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

01:22:40.0539 1452 vdrvroot - ok

01:22:40.0625 1452 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

01:22:40.0747 1452 vds - ok

01:22:40.0813 1452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

01:22:40.0834 1452 vga - ok

01:22:40.0861 1452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

01:22:40.0915 1452 VgaSave - ok

01:22:40.0968 1452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

01:22:40.0988 1452 vhdmp - ok

01:22:41.0007 1452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

01:22:41.0023 1452 viaide - ok

01:22:41.0065 1452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

01:22:41.0083 1452 volmgr - ok

01:22:41.0164 1452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

01:22:41.0199 1452 volmgrx - ok

01:22:41.0294 1452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

01:22:41.0315 1452 volsnap - ok

01:22:41.0365 1452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

01:22:41.0384 1452 vsmraid - ok

01:22:41.0531 1452 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

01:22:41.0613 1452 VSS - ok

01:22:41.0732 1452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

01:22:41.0767 1452 vwifibus - ok

01:22:41.0800 1452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

01:22:41.0838 1452 vwififlt - ok

01:22:41.0881 1452 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

01:22:41.0916 1452 vwifimp - ok

01:22:41.0959 1452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

01:22:42.0006 1452 W32Time - ok

01:22:42.0039 1452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

01:22:42.0068 1452 WacomPen - ok

01:22:42.0125 1452 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

01:22:42.0184 1452 WANARP - ok

01:22:42.0201 1452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

01:22:42.0275 1452 Wanarpv6 - ok

01:22:42.0380 1452 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

01:22:42.0443 1452 WatAdminSvc - ok

01:22:42.0521 1452 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

01:22:42.0626 1452 wbengine - ok

01:22:42.0728 1452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

01:22:42.0811 1452 WbioSrvc - ok

01:22:42.0864 1452 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

01:22:42.0943 1452 wcncsvc - ok

01:22:42.0984 1452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

01:22:43.0108 1452 WcsPlugInService - ok

01:22:43.0165 1452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

01:22:43.0180 1452 Wd - ok

01:22:43.0222 1452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

01:22:43.0259 1452 Wdf01000 - ok

01:22:43.0283 1452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

01:22:43.0375 1452 WdiServiceHost - ok

01:22:43.0386 1452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

01:22:43.0410 1452 WdiSystemHost - ok

01:22:43.0519 1452 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

01:22:43.0556 1452 WebClient - ok

01:22:43.0594 1452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

01:22:43.0654 1452 Wecsvc - ok

01:22:43.0734 1452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

01:22:43.0856 1452 wercplsupport - ok

01:22:43.0904 1452 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

01:22:43.0983 1452 WerSvc - ok

01:22:44.0051 1452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

01:22:44.0092 1452 WfpLwf - ok

01:22:44.0131 1452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

01:22:44.0151 1452 WIMMount - ok

01:22:44.0200 1452 WinDefend - ok

01:22:44.0216 1452 WinHttpAutoProxySvc - ok

01:22:44.0292 1452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

01:22:44.0344 1452 Winmgmt - ok

01:22:44.0573 1452 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

01:22:44.0710 1452 WinRM - ok

01:22:44.0858 1452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

01:22:44.0905 1452 WinUsb - ok

01:22:45.0038 1452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

01:22:45.0108 1452 Wlansvc - ok

01:22:45.0209 1452 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

01:22:45.0244 1452 wlcrasvc - ok

01:22:45.0456 1452 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

01:22:45.0541 1452 wlidsvc - ok

01:22:45.0719 1452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

01:22:45.0758 1452 WmiAcpi - ok

01:22:45.0829 1452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

01:22:45.0857 1452 wmiApSrv - ok

01:22:45.0929 1452 WMPNetworkSvc - ok

01:22:45.0970 1452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

01:22:46.0046 1452 WPCSvc - ok

01:22:46.0088 1452 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

01:22:46.0174 1452 WPDBusEnum - ok

01:22:46.0216 1452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

01:22:46.0262 1452 ws2ifsl - ok

01:22:46.0327 1452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

01:22:46.0371 1452 wscsvc - ok

01:22:46.0383 1452 WSearch - ok

01:22:46.0531 1452 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

01:22:46.0665 1452 wuauserv - ok

01:22:46.0797 1452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

01:22:46.0853 1452 WudfPf - ok

01:22:46.0917 1452 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

01:22:46.0971 1452 WUDFRd - ok

01:22:47.0011 1452 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

01:22:47.0053 1452 wudfsvc - ok

01:22:47.0087 1452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

01:22:47.0141 1452 WwanSvc - ok

01:22:47.0204 1452 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

01:22:47.0745 1452 \Device\Harddisk0\DR0 - ok

01:22:47.0778 1452 Boot (0x1200) (f0dd1e264c067963ab34e1dd5ea255a7) \Device\Harddisk0\DR0\Partition0

01:22:47.0779 1452 \Device\Harddisk0\DR0\Partition0 - ok

01:22:47.0783 1452 ============================================================

01:22:47.0783 1452 Scan finished

01:22:47.0783 1452 ============================================================

01:22:47.0803 6548 Detected object count: 0

01:22:47.0803 6548 Actual detected object count: 0

01:23:09.0069 4344 Deinitialize success

[MrCharlie]

That scan was clean.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[InMyMind]

I did everything the instructions told me when it came to disabling my AV and Malware programs but ComboFix kept telling me that my anti spyware: Norton was still running. Also I dont know if I did something wrong but it would do the extracting (black screen green text) but took a long time to pop up so Id run it again =\ but they all still said disable Norton. Also one time I spaced and pressed ok for it to run, but I closed the blue screen immediately.

[MrCharlie]

As long as your sure that Norton is disabled you can run ComboFix, but do it like this.......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode with network support (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now.

MrC

[InMyMind]

Finally figured out how to disable every part of norton (I read the log and for some reason it said it was still active), system rebooted and it wouldnt let me get the combofix log, I wasnt alarmed until I tried to open a browser to come post and it said that my combofix log and browsers, notepad, and almost anything I tried to open was a registry key set for deletion. So I bootedin safe mode and almost restored my computer to an earlier date but decided to see if my computer would boot up and work in a regular boot, and it has (I backed up the combofix log if it wouldnt have started and I had to restore)

ComboFix 12-06-16.02 - Elyse 06/18/2012 21:04:11.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1916.839 [GMT -5:00]

Running from: c:\users\Elyse\Desktop\combofix.exe

Command switches used :: /nombr

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 02:12 . 2012-06-19 02:12 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-06-19 02:12 . 2012-06-19 02:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 01:36 . 2012-06-19 01:36 0 ----a-w- c:\windows\SysWow64\sho51C.tmp

2012-06-17 17:57 . 2012-06-17 17:57 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 17:57 . 2012-06-17 17:57 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-15 11:17 . 2012-06-15 11:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C2E78D-7F07-4BEC-957A-B5C9FB183580}\offreg.dll

2012-06-15 11:17 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1C2E78D-7F07-4BEC-957A-B5C9FB183580}\mpengine.dll

2012-06-14 09:43 . 2012-06-14 10:06 -------- d-----w- c:\users\Elyse\AppData\Local\NPE

2012-06-13 00:38 . 2012-05-18 01:56 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-13 00:20 . 2012-06-13 00:20 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2012-06-13 00:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 00:05 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 00:05 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 00:05 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 00:05 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 00:05 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 00:04 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 00:04 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 00:04 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 00:04 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-13 00:04 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 00:03 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 00:03 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 00:03 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 00:03 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 00:03 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 00:03 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-09 06:59 . 2012-06-09 06:59 -------- d-----w- c:\users\Elyse\AppData\Local\Macromedia

2012-05-30 23:12 . 2012-05-30 23:12 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-27 19:42 . 2012-05-27 19:42 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-09 06:59 . 2012-04-02 19:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-09 06:59 . 2011-09-08 18:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-30 23:12 . 2011-08-02 07:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-12 07:12 . 2012-05-12 07:12 0 ----a-w- c:\windows\SysWow64\sho940E.tmp

2012-05-10 08:19 . 2012-05-10 08:19 0 ----a-w- c:\windows\SysWow64\sho7254.tmp

2012-05-04 19:28 . 2012-04-02 19:28 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-04 20:56 . 2011-10-11 19:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-09 19:16 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Elyse\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg&inst=NzYtOTQxMjkxMDgwLVNUMTJGT0krMS1ERFQrMC1TVDEyQVBQKzEtRVVMQSsx∏=94&ver=2012.0.1831&mid=86ef1b55244c47d1826d147051f085d3-6e22f5d63c56d589da72ca653a04c7ccfd2dbc31" [?]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-6-13 6534768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-04-02 1160824]

S1 GIDv2;GIDv2; [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120613.007\IDSvia64.sys [2012-06-14 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-06-13 66160]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe [2011-12-07 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2009-08-24 126392]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:59]

.

2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3130455298-971642170-3200459864-1000Core.job

- c:\users\Elyse\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 19:09]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3130455298-971642170-3200459864-1000UA.job

- c:\users\Elyse\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 19:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.toshiba.com/g/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\users\Elyse\AppData\Roaming\Mozilla\Firefox\Profiles\4h79tzjr.default\

FF - prefs.js: browser.search.selectedEngine - Search & Win

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-18 21:25:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 02:25

.

Pre-Run: 168,806,428,672 bytes free

Post-Run: 168,665,460,736 bytes free

.

- - End Of File - - 7A55A68EE99914F00A520E1FC4309D19

[MrCharlie]

Please find these files and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

c:\windows\SysWow64\sho940E.tmp

c:\windows\SysWow64\sho7254.tmp

http://www.virustotal.com/

MrC

[InMyMind]

https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/

https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/

[MrCharlie]

Looks like they're clean.....please do this:

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

--------------------------------------

Then.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[InMyMind]

tried running it, Norton had a pop up saying less than 5 users had the file... I went to run it anyways and Norton detected and deleted TFC, Ive had this on my computer before but it had never been picked up by Norton like this

[MrCharlie]

Try disabling Norton or rename tfc.exe to svchost.exe, Let me know....MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!