D2014W

Members
  • Content count

    4
  • Joined

  • Last visited

About D2014W

  • Rank
    New Member
  1. Ok, that went smooth. Based on this log is there anything left to do? ComboFix.txt
  2. Ok, so far, so good. I ran TDSSKiller and the log is below. The computer has rebooted, and so far no 'noise'. Ready for next steps. 16:58:51.0031 3360 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 16:58:52.0264 3360 ============================================================ 16:58:52.0264 3360 Current date / time: 2012/07/04 16:58:52.0264 16:58:52.0264 3360 SystemInfo: 16:58:52.0264 3360 16:58:52.0264 3360 OS Version: 6.1.7601 ServicePack: 1.0 16:58:52.0264 3360 Product type: Workstation 16:58:52.0264 3360 ComputerName: DEREK-PC 16:58:52.0264 3360 UserName: Derek 16:58:52.0264 3360 Windows directory: C:\windows 16:58:52.0264 3360 System windows directory: C:\windows 16:58:52.0264 3360 Running under WOW64 16:58:52.0264 3360 Processor architecture: Intel x64 16:58:52.0264 3360 Number of processors: 2 16:58:52.0264 3360 Page size: 0x1000 16:58:52.0264 3360 Boot type: Normal boot 16:58:52.0264 3360 ============================================================ 16:58:54.0526 3360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:58:54.0526 3360 ============================================================ 16:58:54.0526 3360 \Device\Harddisk0\DR0: 16:58:54.0526 3360 MBR partitions: 16:58:54.0526 3360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000 16:58:54.0526 3360 ============================================================ 16:58:54.0557 3360 C: <-> \Device\Harddisk0\DR0\Partition0 16:58:54.0557 3360 ============================================================ 16:58:54.0557 3360 Initialize success 16:58:54.0557 3360 ============================================================ 16:59:16.0016 5924 ============================================================ 16:59:16.0016 5924 Scan started 16:59:16.0016 5924 Mode: Manual; SigCheck; TDLFS; 16:59:16.0016 5924 ============================================================ 16:59:17.0483 5924 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 16:59:17.0670 5924 1394ohci - ok 16:59:17.0763 5924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 16:59:17.0810 5924 ACPI - ok 16:59:17.0841 5924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 16:59:17.0904 5924 AcpiPmi - ok 16:59:18.0013 5924 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:59:18.0044 5924 AdobeARMservice - ok 16:59:18.0200 5924 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:59:18.0247 5924 AdobeFlashPlayerUpdateSvc - ok 16:59:18.0372 5924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 16:59:18.0419 5924 adp94xx - ok 16:59:18.0497 5924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 16:59:18.0559 5924 adpahci - ok 16:59:18.0668 5924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 16:59:18.0762 5924 adpu320 - ok 16:59:18.0793 5924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 16:59:18.0902 5924 AeLookupSvc - ok 16:59:18.0996 5924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 16:59:19.0058 5924 AFD - ok 16:59:19.0105 5924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 16:59:19.0136 5924 agp440 - ok 16:59:19.0183 5924 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 16:59:19.0245 5924 ALG - ok 16:59:19.0292 5924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 16:59:19.0323 5924 aliide - ok 16:59:19.0386 5924 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe 16:59:19.0448 5924 AMD External Events Utility - ok 16:59:19.0464 5924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 16:59:19.0495 5924 amdide - ok 16:59:19.0542 5924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 16:59:19.0604 5924 AmdK8 - ok 16:59:20.0415 5924 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys 16:59:20.0899 5924 amdkmdag - ok 16:59:21.0117 5924 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys 16:59:21.0180 5924 amdkmdap - ok 16:59:21.0227 5924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 16:59:21.0273 5924 AmdPPM - ok 16:59:21.0320 5924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 16:59:21.0351 5924 amdsata - ok 16:59:21.0383 5924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 16:59:21.0445 5924 amdsbs - ok 16:59:21.0476 5924 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 16:59:21.0507 5924 amdxata - ok 16:59:21.0539 5924 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys 16:59:21.0585 5924 amd_sata - ok 16:59:21.0695 5924 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys 16:59:21.0741 5924 amd_xata - ok 16:59:21.0773 5924 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 16:59:21.0897 5924 AppID - ok 16:59:21.0929 5924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 16:59:22.0022 5924 AppIDSvc - ok 16:59:22.0100 5924 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 16:59:22.0194 5924 Appinfo - ok 16:59:22.0272 5924 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 16:59:22.0319 5924 arc - ok 16:59:22.0334 5924 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 16:59:22.0365 5924 arcsas - ok 16:59:22.0397 5924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 16:59:22.0490 5924 AsyncMac - ok 16:59:22.0537 5924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 16:59:22.0568 5924 atapi - ok 16:59:22.0709 5924 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 16:59:22.0849 5924 AudioEndpointBuilder - ok 16:59:22.0849 5924 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 16:59:22.0958 5924 AudioSrv - ok 16:59:23.0005 5924 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 16:59:23.0068 5924 AxInstSV - ok 16:59:23.0146 5924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 16:59:23.0208 5924 b06bdrv - ok 16:59:23.0270 5924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 16:59:23.0348 5924 b57nd60a - ok 16:59:23.0629 5924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 16:59:23.0692 5924 BDESVC - ok 16:59:23.0723 5924 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 16:59:23.0832 5924 Beep - ok 16:59:23.0988 5924 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 16:59:24.0097 5924 BFE - ok 16:59:24.0362 5924 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys 16:59:24.0425 5924 BHDrvx64 - ok 16:59:24.0690 5924 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll 16:59:24.0815 5924 BITS - ok 16:59:24.0877 5924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 16:59:24.0940 5924 blbdrive - ok 16:59:24.0986 5924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 16:59:25.0033 5924 bowser - ok 16:59:25.0064 5924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 16:59:25.0127 5924 BrFiltLo - ok 16:59:25.0142 5924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 16:59:25.0189 5924 BrFiltUp - ok 16:59:25.0236 5924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys 16:59:25.0361 5924 BridgeMP - ok 16:59:25.0376 5924 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 16:59:25.0486 5924 Browser - ok 16:59:25.0532 5924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 16:59:25.0595 5924 Brserid - ok 16:59:25.0626 5924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 16:59:25.0688 5924 BrSerWdm - ok 16:59:25.0720 5924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 16:59:25.0766 5924 BrUsbMdm - ok 16:59:25.0782 5924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 16:59:25.0813 5924 BrUsbSer - ok 16:59:25.0876 5924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 16:59:25.0922 5924 BTHMODEM - ok 16:59:25.0985 5924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 16:59:26.0094 5924 bthserv - ok 16:59:26.0125 5924 catchme - ok 16:59:26.0203 5924 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys 16:59:26.0234 5924 ccSet_NIS - ok 16:59:26.0281 5924 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 16:59:26.0375 5924 cdfs - ok 16:59:26.0437 5924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 16:59:26.0484 5924 cdrom - ok 16:59:26.0546 5924 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 16:59:26.0640 5924 CertPropSvc - ok 16:59:26.0687 5924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 16:59:26.0749 5924 circlass - ok 16:59:26.0812 5924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 16:59:26.0874 5924 CLFS - ok 16:59:26.0952 5924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:59:26.0999 5924 clr_optimization_v2.0.50727_32 - ok 16:59:27.0061 5924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:59:27.0092 5924 clr_optimization_v2.0.50727_64 - ok 16:59:27.0170 5924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:59:27.0202 5924 clr_optimization_v4.0.30319_32 - ok 16:59:27.0248 5924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:59:27.0280 5924 clr_optimization_v4.0.30319_64 - ok 16:59:27.0311 5924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 16:59:27.0373 5924 CmBatt - ok 16:59:27.0389 5924 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 16:59:27.0420 5924 cmdide - ok 16:59:27.0482 5924 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 16:59:27.0560 5924 CNG - ok 16:59:27.0763 5924 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys 16:59:27.0872 5924 CnxtHdAudService - ok 16:59:28.0044 5924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 16:59:28.0075 5924 Compbatt - ok 16:59:28.0106 5924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 16:59:28.0169 5924 CompositeBus - ok 16:59:28.0184 5924 COMSysApp - ok 16:59:28.0200 5924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 16:59:28.0231 5924 crcdisk - ok 16:59:28.0294 5924 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 16:59:28.0340 5924 CryptSvc - ok 16:59:28.0418 5924 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 16:59:28.0543 5924 DcomLaunch - ok 16:59:28.0621 5924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 16:59:28.0762 5924 defragsvc - ok 16:59:28.0824 5924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 16:59:28.0918 5924 DfsC - ok 16:59:28.0980 5924 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 16:59:29.0105 5924 Dhcp - ok 16:59:29.0120 5924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 16:59:29.0214 5924 discache - ok 16:59:29.0276 5924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 16:59:29.0308 5924 Disk - ok 16:59:29.0479 5924 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe 16:59:29.0542 5924 DiskDoctorService - ok 16:59:29.0604 5924 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 16:59:29.0651 5924 Dnscache - ok 16:59:29.0698 5924 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 16:59:29.0807 5924 dot3svc - ok 16:59:29.0838 5924 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 16:59:29.0947 5924 DPS - ok 16:59:30.0010 5924 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 16:59:30.0072 5924 drmkaud - ok 16:59:30.0259 5924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 16:59:30.0322 5924 DXGKrnl - ok 16:59:30.0368 5924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 16:59:30.0478 5924 EapHost - ok 16:59:30.0805 5924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 16:59:30.0946 5924 ebdrv - ok 16:59:31.0117 5924 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 16:59:31.0180 5924 eeCtrl - ok 16:59:31.0336 5924 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 16:59:31.0367 5924 EFS - ok 16:59:31.0492 5924 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 16:59:31.0554 5924 ehRecvr - ok 16:59:31.0601 5924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 16:59:31.0648 5924 ehSched - ok 16:59:31.0772 5924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 16:59:31.0819 5924 elxstor - ok 16:59:32.0006 5924 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 16:59:32.0038 5924 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 16:59:32.0038 5924 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 16:59:32.0178 5924 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 16:59:32.0225 5924 EraserUtilRebootDrv - ok 16:59:32.0240 5924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 16:59:32.0287 5924 ErrDev - ok 16:59:32.0365 5924 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys 16:59:32.0412 5924 ETD - ok 16:59:32.0474 5924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 16:59:32.0584 5924 EventSystem - ok 16:59:32.0677 5924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 16:59:32.0833 5924 exfat - ok 16:59:32.0896 5924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 16:59:33.0020 5924 fastfat - ok 16:59:33.0145 5924 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 16:59:33.0223 5924 Fax - ok 16:59:33.0239 5924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 16:59:33.0286 5924 fdc - ok 16:59:33.0332 5924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 16:59:33.0442 5924 fdPHost - ok 16:59:33.0457 5924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 16:59:33.0566 5924 FDResPub - ok 16:59:33.0644 5924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 16:59:33.0676 5924 FileInfo - ok 16:59:33.0816 5924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 16:59:34.0003 5924 Filetrace - ok 16:59:34.0034 5924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 16:59:34.0081 5924 flpydisk - ok 16:59:34.0175 5924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 16:59:34.0222 5924 FltMgr - ok 16:59:34.0362 5924 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 16:59:34.0440 5924 FontCache - ok 16:59:34.0502 5924 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:59:34.0534 5924 FontCache3.0.0.0 - ok 16:59:34.0627 5924 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 16:59:34.0674 5924 FsDepends - ok 16:59:34.0705 5924 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 16:59:34.0736 5924 Fs_Rec - ok 16:59:34.0799 5924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 16:59:34.0846 5924 fvevol - ok 16:59:34.0877 5924 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys 16:59:34.0939 5924 FwLnk - ok 16:59:34.0986 5924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 16:59:35.0017 5924 gagp30kx - ok 16:59:35.0095 5924 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 16:59:35.0126 5924 GamesAppService - ok 16:59:35.0236 5924 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 16:59:35.0360 5924 gpsvc - ok 16:59:35.0407 5924 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:59:35.0438 5924 gupdate - ok 16:59:35.0438 5924 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:59:35.0470 5924 gupdatem - ok 16:59:35.0516 5924 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 16:59:35.0548 5924 gusvc - ok 16:59:35.0610 5924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 16:59:35.0657 5924 hcw85cir - ok 16:59:35.0750 5924 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 16:59:35.0797 5924 HdAudAddService - ok 16:59:35.0844 5924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 16:59:35.0891 5924 HDAudBus - ok 16:59:35.0922 5924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 16:59:35.0984 5924 HidBatt - ok 16:59:36.0031 5924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 16:59:36.0078 5924 HidBth - ok 16:59:36.0109 5924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 16:59:36.0156 5924 HidIr - ok 16:59:36.0203 5924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll 16:59:36.0296 5924 hidserv - ok 16:59:36.0343 5924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 16:59:36.0374 5924 HidUsb - ok 16:59:36.0421 5924 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 16:59:36.0530 5924 hkmsvc - ok 16:59:36.0562 5924 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 16:59:36.0624 5924 HomeGroupListener - ok 16:59:36.0655 5924 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 16:59:36.0702 5924 HomeGroupProvider - ok 16:59:36.0733 5924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 16:59:36.0764 5924 HpSAMD - ok 16:59:36.0842 5924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 16:59:36.0952 5924 HTTP - ok 16:59:36.0983 5924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 16:59:37.0014 5924 hwpolicy - ok 16:59:37.0045 5924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 16:59:37.0092 5924 i8042prt - ok 16:59:37.0154 5924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 16:59:37.0201 5924 iaStorV - ok 16:59:37.0342 5924 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:59:37.0388 5924 idsvc - ok 16:59:37.0716 5924 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys 16:59:37.0763 5924 IDSVia64 - ok 16:59:37.0888 5924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 16:59:37.0919 5924 iirsp - ok 16:59:38.0028 5924 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 16:59:38.0153 5924 IKEEXT - ok 16:59:38.0231 5924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 16:59:38.0262 5924 intelide - ok 16:59:38.0278 5924 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys 16:59:38.0340 5924 intelppm - ok 16:59:38.0387 5924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 16:59:38.0480 5924 IPBusEnum - ok 16:59:38.0527 5924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 16:59:38.0621 5924 IpFilterDriver - ok 16:59:38.0699 5924 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 16:59:38.0808 5924 iphlpsvc - ok 16:59:38.0839 5924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 16:59:38.0902 5924 IPMIDRV - ok 16:59:38.0948 5924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 16:59:39.0058 5924 IPNAT - ok 16:59:39.0104 5924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 16:59:39.0167 5924 IRENUM - ok 16:59:39.0182 5924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 16:59:39.0214 5924 isapnp - ok 16:59:39.0276 5924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 16:59:39.0323 5924 iScsiPrt - ok 16:59:39.0354 5924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 16:59:39.0385 5924 kbdclass - ok 16:59:39.0416 5924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 16:59:39.0463 5924 kbdhid - ok 16:59:39.0510 5924 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 16:59:39.0541 5924 KeyIso - ok 16:59:39.0572 5924 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 16:59:39.0604 5924 KSecDD - ok 16:59:39.0635 5924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 16:59:39.0666 5924 KSecPkg - ok 16:59:39.0697 5924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 16:59:39.0806 5924 ksthunk - ok 16:59:39.0869 5924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 16:59:39.0978 5924 KtmRm - ok 16:59:40.0072 5924 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys 16:59:40.0118 5924 L1C - ok 16:59:40.0165 5924 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll 16:59:40.0274 5924 LanmanServer - ok 16:59:40.0321 5924 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 16:59:40.0415 5924 LanmanWorkstation - ok 16:59:40.0462 5924 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 16:59:40.0555 5924 lltdio - ok 16:59:40.0618 5924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 16:59:40.0711 5924 lltdsvc - ok 16:59:40.0758 5924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 16:59:40.0836 5924 lmhosts - ok 16:59:40.0883 5924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 16:59:40.0930 5924 LSI_FC - ok 16:59:40.0976 5924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 16:59:41.0008 5924 LSI_SAS - ok 16:59:41.0039 5924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 16:59:41.0086 5924 LSI_SAS2 - ok 16:59:41.0117 5924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 16:59:41.0164 5924 LSI_SCSI - ok 16:59:41.0179 5924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 16:59:41.0273 5924 luafv - ok 16:59:41.0335 5924 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys 16:59:41.0382 5924 MBAMProtector - ok 16:59:41.0507 5924 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 16:59:41.0554 5924 MBAMService - ok 16:59:41.0600 5924 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 16:59:41.0632 5924 Mcx2Svc - ok 16:59:41.0663 5924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 16:59:41.0710 5924 megasas - ok 16:59:41.0756 5924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 16:59:41.0803 5924 MegaSR - ok 16:59:41.0850 5924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 16:59:41.0944 5924 MMCSS - ok 16:59:41.0975 5924 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 16:59:42.0100 5924 Modem - ok 16:59:42.0131 5924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 16:59:42.0193 5924 monitor - ok 16:59:42.0287 5924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 16:59:42.0334 5924 mouclass - ok 16:59:42.0349 5924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 16:59:42.0412 5924 mouhid - ok 16:59:42.0458 5924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 16:59:42.0490 5924 mountmgr - ok 16:59:42.0536 5924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 16:59:42.0568 5924 mpio - ok 16:59:42.0583 5924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 16:59:42.0677 5924 mpsdrv - ok 16:59:42.0770 5924 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 16:59:42.0895 5924 MpsSvc - ok 16:59:42.0926 5924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 16:59:42.0989 5924 MRxDAV - ok 16:59:43.0036 5924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 16:59:43.0098 5924 mrxsmb - ok 16:59:43.0160 5924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 16:59:43.0223 5924 mrxsmb10 - ok 16:59:43.0270 5924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 16:59:43.0316 5924 mrxsmb20 - ok 16:59:43.0363 5924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 16:59:43.0394 5924 msahci - ok 16:59:43.0457 5924 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 16:59:43.0504 5924 msdsm - ok 16:59:43.0535 5924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 16:59:43.0597 5924 MSDTC - ok 16:59:43.0644 5924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 16:59:43.0722 5924 Msfs - ok 16:59:43.0738 5924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 16:59:43.0831 5924 mshidkmdf - ok 16:59:43.0847 5924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 16:59:43.0878 5924 msisadrv - ok 16:59:44.0159 5924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 16:59:44.0268 5924 MSiSCSI - ok 16:59:44.0284 5924 msiserver - ok 16:59:44.0315 5924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 16:59:44.0440 5924 MSKSSRV - ok 16:59:44.0455 5924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 16:59:44.0564 5924 MSPCLOCK - ok 16:59:44.0580 5924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 16:59:44.0689 5924 MSPQM - ok 16:59:44.0736 5924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 16:59:44.0783 5924 MsRPC - ok 16:59:44.0814 5924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 16:59:44.0845 5924 mssmbios - ok 16:59:44.0861 5924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 16:59:44.0954 5924 MSTEE - ok 16:59:44.0970 5924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 16:59:45.0017 5924 MTConfig - ok 16:59:45.0048 5924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 16:59:45.0095 5924 Mup - ok 16:59:45.0157 5924 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 16:59:45.0266 5924 napagent - ok 16:59:45.0360 5924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 16:59:45.0438 5924 NativeWifiP - ok 16:59:45.0594 5924 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120704.002\ENG64.SYS 16:59:45.0641 5924 NAVENG - ok 16:59:45.0812 5924 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120704.002\EX64.SYS 16:59:45.0906 5924 NAVEX15 - ok 16:59:46.0171 5924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 16:59:46.0234 5924 NDIS - ok 16:59:46.0265 5924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 16:59:46.0374 5924 NdisCap - ok 16:59:46.0405 5924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 16:59:46.0499 5924 NdisTapi - ok 16:59:46.0546 5924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 16:59:46.0639 5924 Ndisuio - ok 16:59:46.0686 5924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 16:59:46.0780 5924 NdisWan - ok 16:59:46.0826 5924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 16:59:46.0904 5924 NDProxy - ok 16:59:46.0936 5924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 16:59:47.0045 5924 NetBIOS - ok 16:59:47.0092 5924 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 16:59:47.0201 5924 NetBT - ok 16:59:47.0248 5924 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 16:59:47.0279 5924 Netlogon - ok 16:59:47.0341 5924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 16:59:47.0466 5924 Netman - ok 16:59:47.0528 5924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 16:59:47.0638 5924 netprofm - ok 16:59:47.0716 5924 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:59:47.0747 5924 NetTcpPortSharing - ok 16:59:47.0794 5924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 16:59:47.0825 5924 nfrd960 - ok 16:59:47.0965 5924 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe 16:59:47.0996 5924 NIS - ok 16:59:48.0059 5924 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 16:59:48.0152 5924 NlaSvc - ok 16:59:48.0215 5924 Norton PC Checkup Application Launcher - ok 16:59:48.0246 5924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 16:59:48.0324 5924 Npfs - ok 16:59:48.0371 5924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 16:59:48.0480 5924 nsi - ok 16:59:48.0511 5924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 16:59:48.0605 5924 nsiproxy - ok 16:59:48.0761 5924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 16:59:48.0854 5924 Ntfs - ok 16:59:48.0995 5924 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 16:59:49.0104 5924 Null - ok 16:59:49.0135 5924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 16:59:49.0166 5924 nvraid - ok 16:59:49.0229 5924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 16:59:49.0276 5924 nvstor - ok 16:59:49.0291 5924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 16:59:49.0322 5924 nv_agp - ok 16:59:49.0369 5924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 16:59:49.0400 5924 ohci1394 - ok 16:59:49.0510 5924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:59:49.0541 5924 ose - ok 16:59:50.0040 5924 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:59:50.0243 5924 osppsvc - ok 16:59:50.0524 5924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 16:59:50.0586 5924 p2pimsvc - ok 16:59:50.0648 5924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 16:59:50.0695 5924 p2psvc - ok 16:59:50.0758 5924 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 16:59:50.0804 5924 Parport - ok 16:59:50.0836 5924 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 16:59:50.0867 5924 partmgr - ok 16:59:50.0914 5924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 16:59:50.0976 5924 PcaSvc - ok 16:59:51.0070 5924 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe 16:59:51.0101 5924 PCCUJobMgr - ok 16:59:51.0194 5924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 16:59:51.0241 5924 pci - ok 16:59:51.0272 5924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 16:59:51.0304 5924 pciide - ok 16:59:51.0350 5924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 16:59:51.0397 5924 pcmcia - ok 16:59:51.0444 5924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 16:59:51.0475 5924 pcw - ok 16:59:51.0538 5924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 16:59:51.0662 5924 PEAUTH - ok 16:59:51.0772 5924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 16:59:51.0818 5924 PerfHost - ok 16:59:51.0959 5924 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 16:59:51.0990 5924 PGEffect - ok 16:59:52.0115 5924 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 16:59:52.0240 5924 pla - ok 16:59:52.0302 5924 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 16:59:52.0364 5924 PlugPlay - ok 16:59:52.0396 5924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 16:59:52.0505 5924 PNRPAutoReg - ok 16:59:52.0567 5924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 16:59:52.0614 5924 PNRPsvc - ok 16:59:52.0692 5924 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 16:59:52.0786 5924 PolicyAgent - ok 16:59:52.0848 5924 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 16:59:52.0957 5924 Power - ok 16:59:53.0035 5924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 16:59:53.0144 5924 PptpMiniport - ok 16:59:53.0160 5924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 16:59:53.0222 5924 Processor - ok 16:59:53.0269 5924 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 16:59:53.0316 5924 ProfSvc - ok 16:59:53.0347 5924 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 16:59:53.0378 5924 ProtectedStorage - ok 16:59:53.0425 5924 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 16:59:53.0519 5924 Psched - ok 16:59:53.0644 5924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 16:59:53.0753 5924 ql2300 - ok 16:59:53.0940 5924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 16:59:53.0971 5924 ql40xx - ok 16:59:54.0034 5924 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 16:59:54.0096 5924 QWAVE - ok 16:59:54.0112 5924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 16:59:54.0174 5924 QWAVEdrv - ok 16:59:54.0314 5924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 16:59:54.0455 5924 RasAcd - ok 16:59:54.0564 5924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 16:59:54.0658 5924 RasAgileVpn - ok 16:59:54.0689 5924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 16:59:54.0782 5924 RasAuto - ok 16:59:54.0829 5924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 16:59:54.0938 5924 Rasl2tp - ok 16:59:54.0985 5924 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 16:59:55.0079 5924 RasMan - ok 16:59:55.0141 5924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 16:59:55.0235 5924 RasPppoe - ok 16:59:55.0266 5924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 16:59:55.0375 5924 RasSstp - ok 16:59:55.0422 5924 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 16:59:55.0500 5924 rdbss - ok 16:59:55.0516 5924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 16:59:55.0578 5924 rdpbus - ok 16:59:55.0594 5924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 16:59:55.0687 5924 RDPCDD - ok 16:59:55.0703 5924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 16:59:55.0812 5924 RDPENCDD - ok 16:59:55.0812 5924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 16:59:55.0921 5924 RDPREFMP - ok 16:59:55.0968 5924 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 16:59:56.0030 5924 RDPWD - ok 16:59:56.0062 5924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 16:59:56.0093 5924 rdyboost - ok 16:59:56.0140 5924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 16:59:56.0233 5924 RemoteAccess - ok 16:59:56.0296 5924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 16:59:56.0405 5924 RemoteRegistry - ok 16:59:56.0436 5924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 16:59:56.0530 5924 RpcEptMapper - ok 16:59:56.0561 5924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 16:59:56.0639 5924 RpcLocator - ok 16:59:56.0701 5924 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 16:59:56.0795 5924 RpcSs - ok 16:59:56.0857 5924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 16:59:56.0951 5924 rspndr - ok 16:59:57.0013 5924 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys 16:59:57.0060 5924 RSUSBSTOR - ok 16:59:57.0185 5924 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys 16:59:57.0263 5924 RTL8192Ce - ok 16:59:57.0310 5924 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 16:59:57.0341 5924 SamSs - ok 16:59:57.0372 5924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 16:59:57.0419 5924 sbp2port - ok 16:59:57.0481 5924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 16:59:57.0575 5924 SCardSvr - ok 16:59:57.0606 5924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 16:59:57.0700 5924 scfilter - ok 16:59:57.0793 5924 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 16:59:57.0918 5924 Schedule - ok 16:59:57.0965 5924 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 16:59:58.0043 5924 SCPolicySvc - ok 16:59:58.0105 5924 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 16:59:58.0152 5924 SDRSVC - ok 16:59:58.0230 5924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 16:59:58.0370 5924 secdrv - ok 16:59:58.0402 5924 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 16:59:58.0542 5924 seclogon - ok 16:59:58.0776 5924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll 16:59:58.0948 5924 SENS - ok 16:59:59.0119 5924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 16:59:59.0213 5924 SensrSvc - ok 16:59:59.0291 5924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 16:59:59.0353 5924 Serenum - ok 16:59:59.0384 5924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 16:59:59.0431 5924 Serial - ok 16:59:59.0447 5924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 16:59:59.0494 5924 sermouse - ok 16:59:59.0540 5924 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 16:59:59.0634 5924 SessionEnv - ok 16:59:59.0696 5924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 16:59:59.0806 5924 sffdisk - ok 16:59:59.0837 5924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 16:59:59.0884 5924 sffp_mmc - ok 16:59:59.0899 5924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 16:59:59.0946 5924 sffp_sd - ok 16:59:59.0977 5924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 17:00:00.0024 5924 sfloppy - ok 17:00:00.0086 5924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 17:00:00.0196 5924 SharedAccess - ok 17:00:00.0258 5924 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 17:00:00.0367 5924 ShellHWDetection - ok 17:00:00.0398 5924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 17:00:00.0430 5924 SiSRaid2 - ok 17:00:00.0476 5924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 17:00:00.0523 5924 SiSRaid4 - ok 17:00:00.0554 5924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 17:00:00.0664 5924 Smb - ok 17:00:00.0726 5924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 17:00:00.0773 5924 SNMPTRAP - ok 17:00:00.0976 5924 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe 17:00:01.0022 5924 SpeedDiskService - ok 17:00:01.0069 5924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 17:00:01.0085 5924 spldr - ok 17:00:01.0163 5924 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 17:00:01.0272 5924 Spooler - ok 17:00:01.0553 5924 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 17:00:01.0724 5924 sppsvc - ok 17:00:01.0865 5924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 17:00:01.0974 5924 sppuinotify - ok 17:00:02.0130 5924 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS 17:00:02.0192 5924 SRTSP - ok 17:00:02.0239 5924 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS 17:00:02.0270 5924 SRTSPX - ok 17:00:02.0395 5924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 17:00:02.0458 5924 srv - ok 17:00:02.0504 5924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 17:00:02.0567 5924 srv2 - ok 17:00:02.0598 5924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 17:00:02.0645 5924 srvnet - ok 17:00:03.0066 5924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 17:00:03.0191 5924 SSDPSRV - ok 17:00:03.0238 5924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 17:00:03.0331 5924 SstpSvc - ok 17:00:03.0362 5924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 17:00:03.0394 5924 stexstor - ok 17:00:03.0472 5924 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 17:00:03.0550 5924 stisvc - ok 17:00:03.0565 5924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 17:00:03.0596 5924 swenum - ok 17:00:03.0674 5924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 17:00:03.0768 5924 swprv - ok 17:00:03.0893 5924 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS 17:00:03.0940 5924 SymDS - ok 17:00:04.0002 5924 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\windows\system32\drivers\SymDSMon.sys 17:00:04.0064 5924 SymDSMon - ok 17:00:04.0189 5924 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS 17:00:04.0267 5924 SymEFA - ok 17:00:04.0330 5924 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 17:00:04.0392 5924 SymEvent - ok 17:00:04.0454 5924 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS 17:00:04.0501 5924 SymIRON - ok 17:00:04.0564 5924 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS 17:00:04.0626 5924 SymNetS - ok 17:00:04.0688 5924 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\windows\system32\drivers\SymSpeedDisk.sys 17:00:04.0735 5924 SYMSpeedDisk - ok 17:00:05.0032 5924 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 17:00:05.0125 5924 SysMain - ok 17:00:05.0266 5924 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 17:00:05.0328 5924 TabletInputService - ok 17:00:05.0390 5924 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 17:00:05.0484 5924 TapiSrv - ok 17:00:05.0515 5924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 17:00:05.0609 5924 TBS - ok 17:00:05.0952 5924 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 17:00:06.0108 5924 Tcpip - ok 17:00:06.0529 5924 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 17:00:06.0623 5924 TCPIP6 - ok 17:00:06.0794 5924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 17:00:06.0888 5924 tcpipreg - ok 17:00:06.0935 5924 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 17:00:06.0982 5924 tdcmdpst - ok 17:00:07.0013 5924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 17:00:07.0044 5924 TDPIPE - ok 17:00:07.0091 5924 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 17:00:07.0122 5924 TDTCP - ok 17:00:07.0153 5924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 17:00:07.0262 5924 tdx - ok 17:00:07.0278 5924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 17:00:07.0309 5924 TermDD - ok 17:00:07.0403 5924 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 17:00:07.0512 5924 TermService - ok 17:00:07.0528 5924 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 17:00:07.0574 5924 Themes - ok 17:00:07.0606 5924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:00:07.0699 5924 THREADORDER - ok 17:00:07.0808 5924 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 17:00:07.0840 5924 TMachInfo - ok 17:00:07.0886 5924 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe 17:00:07.0918 5924 TODDSrv - ok 17:00:08.0058 5924 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 17:00:08.0105 5924 TosCoSrv - ok 17:00:08.0167 5924 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 17:00:08.0214 5924 TOSHIBA HDD SSD Alert Service - ok 17:00:08.0261 5924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 17:00:08.0354 5924 TrkWks - ok 17:00:08.0417 5924 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 17:00:08.0510 5924 TrustedInstaller - ok 17:00:08.0573 5924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 17:00:08.0651 5924 tssecsrv - ok 17:00:08.0698 5924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 17:00:08.0744 5924 TsUsbFlt - ok 17:00:08.0776 5924 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 17:00:08.0822 5924 TsUsbGD - ok 17:00:08.0869 5924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 17:00:08.0963 5924 tunnel - ok 17:00:09.0010 5924 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 17:00:09.0025 5924 TVALZ - ok 17:00:09.0041 5924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 17:00:09.0088 5924 uagp35 - ok 17:00:09.0150 5924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 17:00:09.0259 5924 udfs - ok 17:00:09.0306 5924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 17:00:09.0353 5924 UI0Detect - ok 17:00:09.0384 5924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 17:00:09.0431 5924 uliagpkx - ok 17:00:09.0478 5924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 17:00:09.0509 5924 umbus - ok 17:00:09.0524 5924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 17:00:09.0571 5924 UmPass - ok 17:00:09.0634 5924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 17:00:09.0743 5924 upnphost - ok 17:00:09.0790 5924 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 17:00:09.0821 5924 usbccgp - ok 17:00:10.0055 5924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 17:00:10.0117 5924 usbcir - ok 17:00:10.0148 5924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 17:00:10.0195 5924 usbehci - ok 17:00:10.0273 5924 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 17:00:10.0336 5924 usbhub - ok 17:00:10.0398 5924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys 17:00:10.0445 5924 usbohci - ok 17:00:10.0460 5924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 17:00:10.0507 5924 usbprint - ok 17:00:10.0554 5924 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 17:00:10.0679 5924 usbscan - ok 17:00:10.0726 5924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 17:00:10.0757 5924 USBSTOR - ok 17:00:10.0788 5924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 17:00:10.0835 5924 usbuhci - ok 17:00:10.0882 5924 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 17:00:10.0928 5924 usbvideo - ok 17:00:10.0960 5924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 17:00:11.0053 5924 UxSms - ok 17:00:11.0116 5924 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:00:11.0147 5924 VaultSvc - ok 17:00:11.0162 5924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 17:00:11.0194 5924 vdrvroot - ok 17:00:11.0287 5924 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 17:00:11.0396 5924 vds - ok 17:00:11.0459 5924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 17:00:11.0506 5924 vga - ok 17:00:11.0506 5924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 17:00:11.0615 5924 VgaSave - ok 17:00:11.0662 5924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 17:00:11.0693 5924 vhdmp - ok 17:00:11.0724 5924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 17:00:11.0755 5924 viaide - ok 17:00:11.0771 5924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 17:00:11.0802 5924 volmgr - ok 17:00:11.0864 5924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 17:00:11.0911 5924 volmgrx - ok 17:00:11.0974 5924 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 17:00:12.0020 5924 volsnap - ok 17:00:12.0067 5924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 17:00:12.0130 5924 vsmraid - ok 17:00:12.0270 5924 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 17:00:12.0410 5924 VSS - ok 17:00:12.0582 5924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 17:00:12.0629 5924 vwifibus - ok 17:00:12.0660 5924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 17:00:12.0722 5924 vwififlt - ok 17:00:12.0769 5924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 17:00:12.0878 5924 W32Time - ok 17:00:12.0925 5924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 17:00:12.0988 5924 WacomPen - ok 17:00:13.0034 5924 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:00:13.0128 5924 WANARP - ok 17:00:13.0128 5924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:00:13.0222 5924 Wanarpv6 - ok 17:00:13.0783 5924 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 17:00:13.0877 5924 WatAdminSvc - ok 17:00:14.0064 5924 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 17:00:14.0142 5924 wbengine - ok 17:00:14.0314 5924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 17:00:14.0360 5924 WbioSrvc - ok 17:00:14.0407 5924 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 17:00:14.0470 5924 wcncsvc - ok 17:00:14.0501 5924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 17:00:14.0548 5924 WcsPlugInService - ok 17:00:14.0657 5924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 17:00:14.0704 5924 Wd - ok 17:00:14.0766 5924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 17:00:14.0813 5924 Wdf01000 - ok 17:00:14.0860 5924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:00:14.0922 5924 WdiServiceHost - ok 17:00:14.0938 5924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:00:14.0984 5924 WdiSystemHost - ok 17:00:15.0031 5924 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 17:00:15.0094 5924 WebClient - ok 17:00:15.0125 5924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 17:00:15.0234 5924 Wecsvc - ok 17:00:15.0281 5924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 17:00:15.0390 5924 wercplsupport - ok 17:00:15.0421 5924 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 17:00:15.0546 5924 WerSvc - ok 17:00:15.0593 5924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 17:00:15.0686 5924 WfpLwf - ok 17:00:15.0702 5924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 17:00:15.0733 5924 WIMMount - ok 17:00:15.0764 5924 WinDefend - ok 17:00:15.0780 5924 WinHttpAutoProxySvc - ok 17:00:15.0858 5924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 17:00:15.0952 5924 Winmgmt - ok 17:00:16.0170 5924 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 17:00:16.0310 5924 WinRM - ok 17:00:16.0544 5924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 17:00:16.0607 5924 WinUsb - ok 17:00:16.0700 5924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 17:00:16.0794 5924 Wlansvc - ok 17:00:16.0888 5924 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:00:16.0903 5924 wlcrasvc - ok 17:00:17.0184 5924 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:00:17.0293 5924 wlidsvc - ok 17:00:17.0434 5924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 17:00:17.0465 5924 WmiAcpi - ok 17:00:17.0543 5924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 17:00:17.0590 5924 wmiApSrv - ok 17:00:17.0652 5924 WMPNetworkSvc - ok 17:00:17.0683 5924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 17:00:17.0714 5924 WPCSvc - ok 17:00:17.0746 5924 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 17:00:17.0792 5924 WPDBusEnum - ok 17:00:17.0824 5924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 17:00:17.0917 5924 ws2ifsl - ok 17:00:17.0948 5924 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll 17:00:18.0011 5924 wscsvc - ok 17:00:18.0026 5924 WSearch - ok 17:00:18.0276 5924 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 17:00:18.0401 5924 wuauserv - ok 17:00:18.0588 5924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 17:00:18.0682 5924 WudfPf - ok 17:00:18.0728 5924 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 17:00:18.0822 5924 WUDFRd - ok 17:00:18.0853 5924 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 17:00:18.0947 5924 wudfsvc - ok 17:00:18.0978 5924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 17:00:19.0056 5924 WwanSvc - ok 17:00:19.0103 5924 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0 17:00:19.0150 5924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 17:00:19.0150 5924 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 17:00:20.0366 5924 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 17:00:20.0366 5924 \Device\Harddisk0\DR0 - detected TDSS File System (1) 17:00:20.0398 5924 Boot (0x1200) (de8590baa713dfec22a1b646ac041426) \Device\Harddisk0\DR0\Partition0 17:00:20.0398 5924 \Device\Harddisk0\DR0\Partition0 - ok 17:00:20.0398 5924 ============================================================ 17:00:20.0398 5924 Scan finished 17:00:20.0398 5924 ============================================================ 17:00:20.0444 4248 Detected object count: 3 17:00:20.0444 4248 Actual detected object count: 3 17:03:14.0946 4248 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 17:03:14.0946 4248 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:03:16.0896 4248 \Device\Harddisk0\DR0\# - copied to quarantine 17:03:16.0896 4248 \Device\Harddisk0\DR0 - copied to quarantine 17:03:16.0990 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 17:03:17.0021 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 17:03:17.0037 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 17:03:17.0037 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 17:03:17.0068 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 17:03:17.0084 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 17:03:17.0084 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 17:03:17.0099 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 17:03:17.0099 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 17:03:17.0115 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 17:03:17.0115 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 17:03:17.0130 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 17:03:17.0162 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 17:03:17.0177 4248 \Device\Harddisk0\DR0 - ok 17:03:17.0661 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 17:03:17.0988 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 17:03:17.0988 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 17:03:18.0004 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 17:03:18.0020 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 17:03:18.0051 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 17:03:18.0082 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 17:03:18.0082 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 17:03:18.0098 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 17:03:18.0098 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 17:03:18.0113 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 17:03:18.0113 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 17:03:18.0129 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 17:03:18.0129 4248 \Device\Harddisk0\DR0\TDLFS - deleted 17:03:18.0129 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 17:04:34.0117 5500 Deinitialize success
  3. RogueKiller crashed about 3/4 way through the scan. It did leave behind a debug file. It was too long to cut and paste, so attached. debug.log
  4. Similar to other posts I've seen, I have an attack going on that is directly related to svchost.exe (I can stop it and the music/radio stops, but eventually it will come back) I've loaded Malware Anti-Malware and it finds the Trojan and I eliminate it, but it comes back again. There two similar posts going now that gringo_pr has been addressing. Following the initial steps of those, I have run the Security Check and Combofix. The logs are listed below. After running these and rebooting, the 'sounds' have continued. What should my next steps be? Thank you in advance for your help! Security Check: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 25 Java version out of Date! Adobe Reader X (10.1.3) Google Chrome 19.0.1084.56 Google Chrome 20.0.1132.47 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log`````````````````````` Combofix: ComboFix 12-07-04.03 - Derek 07/04/2012 11:17:29.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6226 [GMT -5:00] Running from: c:\users\Derek\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 02:51 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-04 02:51 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes 2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\programdata\Malwarebytes 2012-07-04 00:28 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-29 00:08 . 2012-06-29 00:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 18:28 . 2012-06-23 18:28 -------- d-----w- c:\users\Derek\AppData\Roaming\PCCUStubInstaller 2012-06-23 17:49 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-23 17:47 . 2012-06-23 19:05 -------- d-----w- c:\windows\SysWow64\QuickTime 2012-06-23 17:47 . 2012-06-23 19:05 -------- d-----w- c:\program files (x86)\QuickTime 2012-06-23 17:47 . 2012-06-23 17:47 -------- d-----w- c:\programdata\QuickTime 2012-06-22 16:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 16:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 16:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 16:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 16:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 16:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 16:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 16:28 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 16:28 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 00:41 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 00:41 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 00:41 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 00:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 00:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 00:41 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 00:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 00:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 00:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 00:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 00:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 00:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 00:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 00:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-29 00:42 . 2011-07-22 01:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-04-09 22:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-14 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-09 1557160] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-06-23 98304] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 250056] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712] R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2010-11-30 191232] R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys [2012-06-14 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288] S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-06-13 135608] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-14 138912] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 00:42] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 14:39] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 14:39] . 2012-07-04 c:\windows\Tasks\NUSchedule.job - c:\program files (x86)\Norton Utilities 15\nu.exe [2012-03-24 14:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe c:\\.\globalroot\systemroot\svchost.exe . ************************************************************************** . Completion time: 2012-07-04 11:57:14 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-04 16:57 . Pre-Run: 246,972,682,240 bytes free Post-Run: 247,409,676,288 bytes free . - - End Of File - - 9035A44A2D6CEB714707A0B20E111743