TechSpot

Infected: Tidserv Activity 4 alert & more

Inactive
By Jayse
Apr 20, 2012
  1. Hello, new to the forums here. Actually stumbled upon this great site looking for information on this. I had some issues almost a week ago. I have Norton AV installed, well I kept getting multiple window alerts, figured I had a virus and tried to run Norton. It would not respond. I tried restoring to an earlier date and started having problems with PC going into auto chekdsk. Then it wouldn't check and automatically rebooted. This circle went on and on, so I downloaded AVG to see if I could catch the virus. Ran rkill first, malwarebytes, then AVG which found a couple viruses and several malware (unfortunately I do not recall the names). After that I still had problems. I noticed my PC showed there was no internet signal, and my router showed everything was fine, even my smartphone was able to use my routers signal fine. I also noticed my light on router was flashing like crazy showing use, even while no activity on my PC, so I believe my PC was communicating or something as its never doen that. After trying reboot again I got the signal indicator back showing i had internet. I have full version of Norton along with paid virus removal assurance (lol). I called up, and 5 hours later I believed my PC was cleaned. All temp files (or so I believe) were cleaned by logged in tech. Sorry temp file cleaning is something i was very neglectful at. Was told to call back if any further problems. While shutting down PC, it suddenly required to have 55 updates to windows (???). When I booted up the next day Norton displayed a window saying "Threat requiring manual removal detected: System infected: Tidserv Activity 4". Called up Norton again, 4 hours later I believed was clean again. Tech also asked if he could delete AVG and Malwarebytes. Said sure thinking there could be an issue with those. This time after done with tech, PC is EXTREMELY slow on internet, like on 14.4 dialup when i'm using DSL. PC was never this slow or anywhere near it. After a third call to Nortons techs, I still have this same threat warning as I mentioned earlier and PC is still extremely slow. I have lost confidence in Norton and it's techs, it especially doesn't help when there is a language/ accent barrier since they have outsourced their help to I believe India.

    I apologize for this being a long post, but I wanted someone to know all the issues at the beginning. Could someone please help me. Also, from looking at a few threads I can tell you I am not that versed on shortcuts, etc for logs, etc. But if explained how to do something I can/ will do it. Thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    Good evening/ morning Broni. Sorry for the delay in getting back. I have the logs available, but have a question before posting them. DDS states to zip the "attach" file. You mention to send them in a .txt log. So don't zip it correct? I will check back here for a little bit and post logs if I get a reply from you, but won't be able to check back on here until 8pm eastern time tonight.

    Also just FYI, today I noticed something new. I got a couple of alert boxes pop up saying "webpage error" no memory or run out of memory error: 5 (once), and a larger number once. I had no webpages open at one of the times, but again, my activity light on my router was flashing like a strobe light. Additionally, getting unknown problem from "Catalyst Control Center". It keeps having issues, whatever it is.

    I'll await your reply, and thank you for taking the time out to help me.
     
  4. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    Ok, seen others had posted the attach log without zipping so here comes my logs. As mentioned before, I won't be able to be back on until 8pm eastern time.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.22.05
    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    jay :: JAY-PC [administrator]
    4/22/2012 6:30:30 PM
    mbam-log-2012-04-22 (18-30-30).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 423019
    Time elapsed: 3 hour(s), 54 minute(s), 3 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Guest\Desktop\SoftonicDownloader_for_free-youtube-to-mp3-converter.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
    (end)
     
  5. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-23 01:17:30
    Windows 6.1.7600
    Running: xg78sqrn.exe; Driver: C:\Users\jay\AppData\Local\Temp\kwtdypow.sys

    ---- Files - GMER 1.0.15 ----
    File C:\Windows\$NtUninstallKB15308$\1245199675 0 bytes
    File C:\Windows\$NtUninstallKB15308$\3992114750 0 bytes
    File C:\Windows\$NtUninstallKB15308$\3992114750\L 0 bytes
    File C:\Windows\$NtUninstallKB15308$\3992114750\U 0 bytes
    ---- EOF - GMER 1.0.15 ----
     
  6. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by jay at 1:32:17 on 2012-04-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.816 [GMT -4:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\lxcycoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\Lexmark 3400 Series\lxcymon.exe
    C:\Program Files\Lexmark 3400 Series\ezprint.exe
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\WSCStub.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    mURLSearchHooks: H - No File
    uWinlogon: Shell=explorer.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\19.6.2.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\19.6.2.10\ips\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\19.6.2.10\coIEPlg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
    uRun: [cdloader] "c:\users\jay\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
    mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\jay\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    Trusted Zone: $talisma_url$
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\1446D696E626C64676 : DhcpNameServer = 10.0.0.42 10.0.0.43 10.0.0.70
    TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\350584D244730303239303 : DhcpNameServer = 192.168.16.1
    TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\A6573747D656 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\F46756274627966756D2632453 : DhcpNameServer = 192.168.0.1
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306020.00a\symds.sys [2012-4-16 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306020.00a\symefa.sys [2012-4-16 905336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-20 821880]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys [2012-4-16 132744]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120420.001\IDSvix86.sys [2012-4-20 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys [2012-4-16 149624]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1306020.00a\symnets.sys [2012-4-16 318584]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-7 176128]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\19.6.2.10\ccsvchst.exe [2012-4-16 138232]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-16 106104]
    R3 kwtdypow;kwtdypow;c:\users\jay\appdata\local\temp\kwtdypow.sys [2012-4-23 100864]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-7 167936]
    R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-7 54136]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-7-17 84832]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CASprint;Sprint Con App Svc;"c:\program files\sprint\sprint smartview\conappssvc.exe" /n "casprint" --> c:\program files\sprint\sprint smartview\ConAppsSvc.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-22 40776]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-7 171520]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-04-22 22:27:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-04-22 22:27:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-19 03:44:19 -------- d-----w- c:\users\jay\appdata\roaming\FixZeroAccess
    2012-04-16 08:18:33 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-16 08:18:33 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-16 08:18:33 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-16 08:18:32 158720 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-16 07:11:20 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-16 07:11:18 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-16 06:37:13 905336 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symefa.sys
    2012-04-16 06:37:13 318584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symnets.sys
    2012-04-16 06:37:12 340088 ----a-r- c:\windows\system32\drivers\nis\1306020.00a\symds.sys
    2012-04-16 06:37:12 32888 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtspx.sys
    2012-04-16 06:37:11 574584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtsp.sys
    2012-04-16 06:37:11 149624 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys
    2012-04-16 06:37:10 132744 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys
    2012-04-16 06:36:39 -------- d-----w- c:\windows\system32\drivers\nis\1306020.00A
    2012-04-16 06:30:30 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-04-16 06:30:30 -------- d-----w- c:\program files\Symantec
    2012-04-16 06:30:30 -------- d-----w- c:\program files\common files\Symantec Shared
    2012-04-16 06:27:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2012-04-16 06:16:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-16 06:16:38 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-16 06:16:38 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-16 06:16:15 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2012-04-16 06:16:14 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-04-16 06:16:14 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-16 04:50:13 -------- d-----w- c:\users\jay\appdata\local\LogMeIn Rescue Applet
    2012-04-16 02:19:42 110592 ----a-w- c:\programdata\microsoft\windows\drm\2829.tmp
    2012-04-15 22:04:56 -------- d-----w- c:\users\jay\appdata\roaming\AVG2012
    2012-04-15 22:04:35 -------- d--h--w- c:\programdata\Common Files
    2012-04-15 22:02:10 -------- d-----w- c:\programdata\AVG2012
    2012-04-15 21:56:19 -------- d-----w- c:\programdata\MFAData
    .
    ==================== Find3M ====================
    .
    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 1:39:12.48 ===============
     
  7. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/19/2010 12:12:35 PM
    System Uptime: 4/23/2012 12:07:59 AM (1 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAE
    Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 160.179 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP430: 4/17/2012 3:00:57 AM - Windows Update
    RP431: 4/18/2012 3:00:21 AM - Windows Update
    RP432: 4/18/2012 4:10:34 AM - Windows Update
    RP433: 4/19/2012 12:46:53 AM - Removed AVG 2012
    RP435: 4/19/2012 12:51:22 AM - Removed AVG 2012
    RP436: 4/19/2012 3:00:15 AM - Windows Update
    RP437: 4/20/2012 3:00:12 AM - Windows Update
    RP438: 4/21/2012 3:00:16 AM - Windows Update
    RP439: 4/21/2012 3:28:29 AM - Windows Update
    RP440: 4/21/2012 10:26:12 AM - Windows Update
    RP441: 4/22/2012 3:00:19 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1
    Alien Sky
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Service & Support Tool
    ATI Catalyst Install Manager
    Atomaders
    Audacity 1.3.12 (Unicode)
    Berry Extract
    Big Fish Games: Game Manager
    Bonjour
    Bubble Shooter Premium Edition
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Compatibility Pack for the 2007 Office system
    DivX Setup
    Empress of the Deep - The Darkest Secret
    eMusic Download Manager 4.1.4
    EverQuest II Extended
    Feelers
    Fish Tycoon
    FLV Player 2.0 (build 25)
    Free YouTube to MP3 Converter version 3.10.15.1228
    Freecorder 4
    G.H.O.S.T. Hunters The Haunting of Majesty Manor
    Google Talk Plugin
    Google Update Helper
    Haunted Hotel
    Haunted Hotel II: Believe the Lies
    Hidden Mysteries Vampire Secrets
    ImTOO Video Converter Ultimate
    Internet TV for Windows Media Center
    IrfanView (remove only)
    Island Wars 2
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Label@Once 1.0
    Lexmark 3400 Series
    Lexmark Toolbar
    Magic Academy
    magicJack
    Mall-A-Palooza
    Malwarebytes Anti-Malware version 1.61.0.1400
    Massive Assault
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    My Life Story
    MyToshiba
    NetZero Launcher
    Norton Internet Security
    OpenAL
    OpenOffice.org 3.3
    Pando Media Booster
    PlayReady PC Runtime x86
    Quickbooks Financial Center
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Search Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Skype Launcher
    Synaptics Pointing Device Driver
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Online Backup
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Utility Common Driver
    VC80CRTRedist - 8.0.50727.4053
    vReveal
    Westward
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Center Add-in for Flash
    Wizard Land
    World of Tanks v.0.6.3.11
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/23/2012 12:08:25 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    4/23/2012 12:08:25 AM, Error: atikmdag [43029] - Display is not active
    4/23/2012 1:30:33 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    4/22/2012 9:53:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.
    4/22/2012 3:04:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
    4/20/2012 11:48:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/20/2012 1:15:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    4/19/2012 12:52:23 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/18/2012 8:05:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    4/16/2012 5:52:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2632503).
    4/16/2012 5:52:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
    4/16/2012 1:51:12 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    when aswMBR is double clicked, comp asks if I want to allow asw to make changes, clicked yes and nothing happens. Tried twice. Do you want me to continue on with Bootkit Remover, or wait for something else?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Yes, go ahead with Bootkit Remover.
     
  11. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    Nothing is showing up when I "control V" in the notepad
     
     
  12. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    ok, finally got it to work. Took several tries.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Controlled by rootkit!
    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]

    Done;
    Press any key to quit...
     
  13. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  14. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    Broni, it found it and was curing the threat then I got a warning window open. Says:
    Cant cure MBR. Write standard boot code?
    If you have installed custom bootloader (eg Acronis, Grub, Lilo), you will need to reinstall them after treatment
    Yes or No boxes

    Also My norton threw up a red window saying a threat was stopped
     
  15. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Write standard boot code?
    Yes.
     
  16. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    22:34:31.0015 5612 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
    22:34:33.0021 5612 ============================================================
    22:34:33.0021 5612 Current date / time: 2012/04/23 22:34:33.0021
    22:34:33.0021 5612 SystemInfo:
    22:34:33.0021 5612
    22:34:33.0021 5612 OS Version: 6.1.7600 ServicePack: 0.0
    22:34:33.0021 5612 Product type: Workstation
    22:34:33.0021 5612 ComputerName: JAY-PC
    22:34:33.0021 5612 UserName: jay
    22:34:33.0021 5612 Windows directory: C:\windows
    22:34:33.0021 5612 System windows directory: C:\windows
    22:34:33.0021 5612 Processor architecture: Intel x86
    22:34:33.0021 5612 Number of processors: 1
    22:34:33.0021 5612 Page size: 0x1000
    22:34:33.0021 5612 Boot type: Normal boot
    22:34:33.0021 5612 ============================================================
    22:34:35.0079 5612 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    22:34:35.0079 5612 ============================================================
    22:34:35.0079 5612 \Device\Harddisk0\DR0:
    22:34:35.0079 5612 MBR partitions:
    22:34:35.0079 5612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
    22:34:35.0079 5612 ============================================================
    22:34:35.0149 5612 C: <-> \Device\Harddisk0\DR0\Partition0
    22:34:35.0179 5612 ============================================================
    22:34:35.0179 5612 Initialize success
    22:34:35.0179 5612 ============================================================
    22:35:24.0827 2164 ============================================================
    22:35:24.0827 2164 Scan started
    22:35:24.0827 2164 Mode: Manual;
    22:35:24.0827 2164 ============================================================
    22:35:27.0315 2164 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
    22:35:27.0315 2164 1394ohci - ok
    22:35:27.0387 2164 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
    22:35:27.0387 2164 ACPI - ok
    22:35:27.0447 2164 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
    22:35:27.0447 2164 AcpiPmi - ok
    22:35:27.0539 2164 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    22:35:27.0559 2164 adp94xx - ok
    22:35:27.0629 2164 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    22:35:27.0649 2164 adpahci - ok
    22:35:27.0699 2164 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    22:35:27.0709 2164 adpu320 - ok
    22:35:27.0801 2164 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
    22:35:27.0801 2164 AeLookupSvc - ok
    22:35:27.0901 2164 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
    22:35:27.0911 2164 AFD - ok
    22:35:28.0061 2164 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
    22:35:28.0081 2164 AgereSoftModem - ok
    22:35:28.0130 2164 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
    22:35:28.0134 2164 agp440 - ok
    22:35:28.0183 2164 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    22:35:28.0203 2164 aic78xx - ok
    22:35:28.0283 2164 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
    22:35:28.0283 2164 ALG - ok
    22:35:28.0333 2164 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
    22:35:28.0333 2164 aliide - ok
    22:35:28.0413 2164 AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\windows\system32\atiesrxx.exe
    22:35:28.0413 2164 AMD External Events Utility - ok
    22:35:28.0485 2164 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
    22:35:28.0485 2164 amdagp - ok
    22:35:28.0545 2164 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
    22:35:28.0545 2164 amdide - ok
    22:35:28.0607 2164 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    22:35:28.0607 2164 AmdK8 - ok
    22:35:28.0667 2164 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    22:35:28.0667 2164 AmdPPM - ok
    22:35:28.0747 2164 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
    22:35:28.0767 2164 amdsata - ok
    22:35:28.0847 2164 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    22:35:28.0857 2164 amdsbs - ok
    22:35:28.0917 2164 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
    22:35:28.0917 2164 amdxata - ok
    22:35:28.0977 2164 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
    22:35:28.0977 2164 AppID - ok
    22:35:29.0037 2164 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
    22:35:29.0037 2164 AppIDSvc - ok
    22:35:29.0086 2164 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
    22:35:29.0090 2164 Appinfo - ok
    22:35:29.0219 2164 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:35:29.0229 2164 Apple Mobile Device - ok
    22:35:29.0289 2164 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    22:35:29.0299 2164 arc - ok
    22:35:29.0353 2164 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    22:35:29.0357 2164 arcsas - ok
    22:35:29.0481 2164 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\windows\System32\DRIVERS\ASPI32.sys
    22:35:29.0481 2164 ASPI - ok
    22:35:29.0541 2164 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    22:35:29.0551 2164 AsyncMac - ok
    22:35:29.0581 2164 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
    22:35:29.0581 2164 atapi - ok
    22:35:30.0271 2164 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
    22:35:30.0430 2164 atikmdag - ok
    22:35:30.0585 2164 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
    22:35:30.0597 2164 AtiPcie - ok
    22:35:30.0687 2164 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
    22:35:30.0687 2164 AudioEndpointBuilder - ok
    22:35:30.0707 2164 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
    22:35:30.0707 2164 Audiosrv - ok
    22:35:30.0809 2164 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
    22:35:30.0819 2164 AxInstSV - ok
    22:35:30.0899 2164 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    22:35:30.0909 2164 b06bdrv - ok
    22:35:30.0989 2164 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    22:35:30.0999 2164 b57nd60x - ok
    22:35:31.0079 2164 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
    22:35:31.0089 2164 BDESVC - ok
    22:35:31.0139 2164 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    22:35:31.0139 2164 Beep - ok
    22:35:31.0229 2164 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
    22:35:31.0249 2164 BFE - ok
    22:35:31.0521 2164 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
    22:35:31.0541 2164 BHDrvx86 - ok
    22:35:31.0623 2164 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll
    22:35:31.0643 2164 BITS - ok
    22:35:31.0703 2164 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    22:35:31.0713 2164 blbdrive - ok
    22:35:31.0943 2164 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    22:35:31.0953 2164 Bonjour Service - ok
    22:35:32.0025 2164 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
    22:35:32.0025 2164 bowser - ok
    22:35:32.0065 2164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    22:35:32.0065 2164 BrFiltLo - ok
    22:35:32.0107 2164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    22:35:32.0127 2164 BrFiltUp - ok
    22:35:32.0187 2164 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
    22:35:32.0197 2164 Browser - ok
    22:35:32.0277 2164 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    22:35:32.0287 2164 Brserid - ok
    22:35:32.0334 2164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    22:35:32.0338 2164 BrSerWdm - ok
    22:35:32.0389 2164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    22:35:32.0389 2164 BrUsbMdm - ok
    22:35:32.0429 2164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    22:35:32.0429 2164 BrUsbSer - ok
    22:35:32.0479 2164 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    22:35:32.0481 2164 BTHMODEM - ok
    22:35:32.0561 2164 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
    22:35:32.0591 2164 bthserv - ok
    22:35:32.0643 2164 CASprint - ok
    22:35:32.0739 2164 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\windows\system32\drivers\NIS\1307000.009\ccSetx86.sys
    22:35:32.0743 2164 ccSet_NIS - ok
    22:35:32.0817 2164 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    22:35:32.0821 2164 cdfs - ok
    22:35:32.0885 2164 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
    22:35:32.0895 2164 cdrom - ok
    22:35:32.0955 2164 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
    22:35:32.0955 2164 CertPropSvc - ok
    22:35:33.0057 2164 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    22:35:33.0067 2164 cfWiMAXService - ok
    22:35:33.0142 2164 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    22:35:33.0145 2164 circlass - ok
    22:35:33.0208 2164 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    22:35:33.0216 2164 CLFS - ok
    22:35:33.0409 2164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:35:33.0489 2164 clr_optimization_v2.0.50727_32 - ok
    22:35:33.0631 2164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:35:33.0631 2164 clr_optimization_v4.0.30319_32 - ok
    22:35:33.0683 2164 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    22:35:33.0683 2164 CmBatt - ok
    22:35:33.0726 2164 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
    22:35:33.0729 2164 cmdide - ok
    22:35:33.0822 2164 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
    22:35:33.0832 2164 CNG - ok
    22:35:33.0912 2164 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    22:35:33.0915 2164 Compbatt - ok
    22:35:33.0996 2164 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
    22:35:33.0998 2164 CompositeBus - ok
    22:35:34.0029 2164 COMSysApp - ok
    22:35:34.0240 2164 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    22:35:34.0241 2164 ConfigFree Service - ok
    22:35:34.0272 2164 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    22:35:34.0274 2164 crcdisk - ok
    22:35:34.0475 2164 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
    22:35:34.0475 2164 CryptSvc - ok
    22:35:34.0535 2164 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
    22:35:34.0545 2164 DcomLaunch - ok
    22:35:34.0605 2164 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
    22:35:34.0615 2164 defragsvc - ok
    22:35:34.0685 2164 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
    22:35:34.0695 2164 DfsC - ok
    22:35:34.0765 2164 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
    22:35:34.0775 2164 Dhcp - ok
    22:35:34.0825 2164 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    22:35:34.0835 2164 discache - ok
    22:35:34.0905 2164 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    22:35:34.0915 2164 Disk - ok
    22:35:34.0977 2164 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
    22:35:34.0987 2164 Dnscache - ok
    22:35:35.0057 2164 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
    22:35:35.0067 2164 dot3svc - ok
    22:35:35.0118 2164 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
    22:35:35.0124 2164 DPS - ok
    22:35:35.0189 2164 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    22:35:35.0200 2164 drmkaud - ok
    22:35:35.0311 2164 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
    22:35:35.0321 2164 DXGKrnl - ok
    22:35:35.0380 2164 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
    22:35:35.0383 2164 EapHost - ok
    22:35:35.0665 2164 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    22:35:35.0799 2164 ebdrv - ok
    22:35:35.0969 2164 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:35:35.0979 2164 eeCtrl - ok
    22:35:36.0129 2164 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
    22:35:36.0129 2164 EFS - ok
    22:35:36.0249 2164 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
    22:35:36.0279 2164 ehRecvr - ok
    22:35:36.0339 2164 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
    22:35:36.0371 2164 ehSched - ok
    22:35:36.0488 2164 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    22:35:36.0499 2164 elxstor - ok
    22:35:36.0723 2164 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:35:36.0723 2164 EraserUtilRebootDrv - ok
    22:35:36.0743 2164 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
    22:35:36.0771 2164 ErrDev - ok
    22:35:36.0865 2164 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
    22:35:36.0865 2164 EventSystem - ok
    22:35:36.0927 2164 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    22:35:36.0927 2164 exfat - ok
    22:35:36.0989 2164 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    22:35:36.0989 2164 fastfat - ok
    22:35:37.0079 2164 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
    22:35:37.0109 2164 Fax - ok
    22:35:37.0149 2164 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    22:35:37.0159 2164 fdc - ok
    22:35:37.0209 2164 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
    22:35:37.0209 2164 fdPHost - ok
    22:35:37.0249 2164 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
    22:35:37.0263 2164 FDResPub - ok
    22:35:37.0307 2164 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    22:35:37.0311 2164 FileInfo - ok
    22:35:37.0361 2164 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    22:35:37.0361 2164 Filetrace - ok
    22:35:37.0401 2164 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    22:35:37.0401 2164 flpydisk - ok
    22:35:37.0473 2164 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    22:35:37.0483 2164 FltMgr - ok
    22:35:37.0593 2164 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
    22:35:37.0613 2164 FontCache - ok
    22:35:37.0935 2164 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:35:37.0965 2164 FontCache3.0.0.0 - ok
    22:35:38.0035 2164 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    22:35:38.0035 2164 FsDepends - ok
    22:35:38.0107 2164 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
    22:35:38.0127 2164 Fs_Rec - ok
    22:35:38.0207 2164 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
    22:35:38.0217 2164 fvevol - ok
    22:35:38.0287 2164 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    22:35:38.0297 2164 gagp30kx - ok
    22:35:38.0417 2164 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    22:35:38.0447 2164 GameConsoleService - ok
    22:35:38.0527 2164 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
    22:35:38.0557 2164 gpsvc - ok
    22:35:38.0669 2164 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:35:38.0669 2164 gupdate - ok
    22:35:38.0729 2164 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:35:38.0729 2164 gupdatem - ok
    22:35:38.0781 2164 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    22:35:38.0781 2164 hcw85cir - ok
    22:35:38.0851 2164 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
    22:35:38.0871 2164 HdAudAddService - ok
    22:35:38.0931 2164 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
    22:35:38.0931 2164 HDAudBus - ok
    22:35:38.0979 2164 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    22:35:38.0983 2164 HidBatt - ok
    22:35:39.0041 2164 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    22:35:39.0043 2164 HidBth - ok
    22:35:39.0113 2164 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    22:35:39.0113 2164 HidIr - ok
    22:35:39.0175 2164 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
    22:35:39.0175 2164 hidserv - ok
    22:35:39.0255 2164 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
    22:35:39.0265 2164 HidUsb - ok
    22:35:39.0325 2164 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
    22:35:39.0325 2164 hkmsvc - ok
    22:35:39.0390 2164 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
    22:35:39.0397 2164 HomeGroupListener - ok
    22:35:39.0443 2164 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
    22:35:39.0452 2164 HomeGroupProvider - ok
    22:35:39.0509 2164 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
    22:35:39.0519 2164 HpSAMD - ok
    22:35:39.0599 2164 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
    22:35:39.0629 2164 HTTP - ok
    22:35:39.0659 2164 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
    22:35:39.0659 2164 hwpolicy - ok
    22:35:39.0741 2164 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
    22:35:39.0741 2164 i8042prt - ok
    22:35:39.0851 2164 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
    22:35:39.0861 2164 iaStorV - ok
    22:35:40.0043 2164 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:35:40.0083 2164 IDriverT - ok
    22:35:40.0235 2164 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:35:40.0275 2164 idsvc - ok
    22:35:40.0537 2164 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120423.001\IDSvix86.sys
    22:35:40.0547 2164 IDSVix86 - ok
    22:35:40.0707 2164 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    22:35:40.0707 2164 iirsp - ok
    22:35:40.0827 2164 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
    22:35:40.0847 2164 IKEEXT - ok
    22:35:41.0130 2164 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
    22:35:41.0216 2164 IntcAzAudAddService - ok
    22:35:41.0388 2164 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
    22:35:41.0391 2164 intelide - ok
    22:35:41.0432 2164 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    22:35:41.0433 2164 intelppm - ok
    22:35:41.0453 2164 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
    22:35:41.0463 2164 IPBusEnum - ok
    22:35:41.0508 2164 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    22:35:41.0530 2164 IpFilterDriver - ok
    22:35:41.0595 2164 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
    22:35:41.0605 2164 iphlpsvc - ok
    22:35:41.0635 2164 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
    22:35:41.0635 2164 IPMIDRV - ok
    22:35:41.0675 2164 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    22:35:41.0685 2164 IPNAT - ok
    22:35:41.0725 2164 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    22:35:41.0725 2164 IRENUM - ok
    22:35:41.0765 2164 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
    22:35:41.0775 2164 isapnp - ok
    22:35:41.0832 2164 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
    22:35:41.0857 2164 iScsiPrt - ok
    22:35:41.0927 2164 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
    22:35:41.0927 2164 kbdclass - ok
    22:35:41.0999 2164 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
    22:35:41.0999 2164 kbdhid - ok
    22:35:42.0061 2164 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
    22:35:42.0061 2164 KeyIso - ok
    22:35:42.0101 2164 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
    22:35:42.0117 2164 KSecDD - ok
    22:35:42.0158 2164 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
    22:35:42.0173 2164 KSecPkg - ok
    22:35:42.0248 2164 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
    22:35:42.0260 2164 KtmRm - ok
    22:35:42.0345 2164 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
    22:35:42.0355 2164 LanmanServer - ok
    22:35:42.0425 2164 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
    22:35:42.0435 2164 LanmanWorkstation - ok
    22:35:42.0509 2164 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    22:35:42.0513 2164 lltdio - ok
    22:35:42.0577 2164 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
    22:35:42.0587 2164 lltdsvc - ok
    22:35:42.0628 2164 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
    22:35:42.0633 2164 lmhosts - ok
    22:35:42.0689 2164 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
    22:35:42.0709 2164 LPCFilter - ok
    22:35:42.0781 2164 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    22:35:42.0791 2164 LSI_FC - ok
    22:35:42.0841 2164 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    22:35:42.0851 2164 LSI_SAS - ok
    22:35:42.0901 2164 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    22:35:42.0901 2164 LSI_SAS2 - ok
    22:35:42.0963 2164 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    22:35:42.0973 2164 LSI_SCSI - ok
    22:35:43.0022 2164 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    22:35:43.0027 2164 luafv - ok
    22:35:43.0060 2164 lxcy_device - ok
    22:35:43.0125 2164 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
    22:35:43.0125 2164 MBAMSwissArmy - ok
    22:35:43.0302 2164 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
    22:35:43.0310 2164 McciCMService - ok
    22:35:43.0367 2164 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
    22:35:43.0387 2164 Mcx2Svc - ok
    22:35:43.0437 2164 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    22:35:43.0437 2164 megasas - ok
    22:35:43.0497 2164 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    22:35:43.0505 2164 MegaSR - ok
    22:35:43.0559 2164 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
    22:35:43.0569 2164 MMCSS - ok
    22:35:43.0621 2164 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    22:35:43.0621 2164 Modem - ok
    22:35:43.0681 2164 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    22:35:43.0681 2164 monitor - ok
    22:35:43.0741 2164 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    22:35:43.0741 2164 mouclass - ok
    22:35:43.0797 2164 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    22:35:43.0803 2164 mouhid - ok
    22:35:43.0863 2164 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
    22:35:43.0863 2164 mountmgr - ok
    22:35:43.0908 2164 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
    22:35:43.0914 2164 mpio - ok
    22:35:43.0948 2164 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    22:35:43.0952 2164 mpsdrv - ok
    22:35:44.0035 2164 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
    22:35:44.0065 2164 MpsSvc - ok
    22:35:44.0227 2164 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    22:35:44.0227 2164 MREMP50 - ok
    22:35:44.0267 2164 MREMPR5 - ok
    22:35:44.0297 2164 MRENDIS5 - ok
    22:35:44.0369 2164 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    22:35:44.0379 2164 MRESP50 - ok
    22:35:44.0421 2164 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
    22:35:44.0426 2164 MRxDAV - ok
    22:35:44.0491 2164 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
    22:35:44.0501 2164 mrxsmb - ok
    22:35:44.0571 2164 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
    22:35:44.0581 2164 mrxsmb10 - ok
    22:35:44.0653 2164 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
    22:35:44.0653 2164 mrxsmb20 - ok
    22:35:44.0710 2164 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
    22:35:44.0714 2164 msahci - ok
    22:35:44.0760 2164 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
    22:35:44.0765 2164 msdsm - ok
    22:35:44.0827 2164 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
    22:35:44.0827 2164 MSDTC - ok
    22:35:44.0901 2164 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    22:35:44.0904 2164 Msfs - ok
    22:35:44.0955 2164 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    22:35:44.0958 2164 mshidkmdf - ok
    22:35:44.0989 2164 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
    22:35:44.0989 2164 msisadrv - ok
    22:35:45.0061 2164 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
    22:35:45.0091 2164 MSiSCSI - ok
    22:35:45.0111 2164 msiserver - ok
    22:35:45.0163 2164 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    22:35:45.0173 2164 MSKSSRV - ok
    22:35:45.0215 2164 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    22:35:45.0225 2164 MSPCLOCK - ok
    22:35:45.0275 2164 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    22:35:45.0275 2164 MSPQM - ok
    22:35:45.0337 2164 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    22:35:45.0337 2164 MsRPC - ok
    22:35:45.0398 2164 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
    22:35:45.0400 2164 mssmbios - ok
    22:35:45.0449 2164 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    22:35:45.0463 2164 MSTEE - ok
    22:35:45.0501 2164 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    22:35:45.0511 2164 MTConfig - ok
    22:35:45.0552 2164 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    22:35:45.0556 2164 Mup - ok
    22:35:45.0623 2164 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
    22:35:45.0633 2164 napagent - ok
    22:35:45.0716 2164 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    22:35:45.0724 2164 NativeWifiP - ok
    22:35:45.0955 2164 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120423.018\NAVENG.SYS
    22:35:45.0965 2164 NAVENG - ok
    22:35:46.0142 2164 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120423.018\NAVEX15.SYS
    22:35:46.0175 2164 NAVEX15 - ok
    22:35:46.0367 2164 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
    22:35:46.0377 2164 NDIS - ok
    22:35:46.0449 2164 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    22:35:46.0469 2164 NdisCap - ok
    22:35:46.0512 2164 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    22:35:46.0516 2164 NdisTapi - ok
    22:35:46.0571 2164 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
    22:35:46.0581 2164 Ndisuio - ok
    22:35:46.0625 2164 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
    22:35:46.0632 2164 NdisWan - ok
    22:35:46.0672 2164 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
    22:35:46.0673 2164 NDProxy - ok
    22:35:46.0743 2164 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    22:35:46.0756 2164 NetBIOS - ok
    22:35:46.0805 2164 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
    22:35:46.0805 2164 NetBT - ok
    22:35:46.0875 2164 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
    22:35:46.0875 2164 Netlogon - ok
    22:35:46.0955 2164 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
    22:35:46.0975 2164 Netman - ok
    22:35:47.0037 2164 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
    22:35:47.0057 2164 netprofm - ok
    22:35:47.0157 2164 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:35:47.0167 2164 NetTcpPortSharing - ok
    22:35:47.0213 2164 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    22:35:47.0217 2164 nfrd960 - ok
    22:35:47.0471 2164 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
    22:35:47.0481 2164 NIS - ok
    22:35:47.0531 2164 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
    22:35:47.0541 2164 NlaSvc - ok
    22:35:47.0609 2164 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\windows\system32\DRIVERS\pctnullport.sys
    22:35:47.0632 2164 Nmea - ok
    22:35:47.0663 2164 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    22:35:47.0663 2164 Npfs - ok
    22:35:47.0693 2164 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
    22:35:47.0709 2164 nsi - ok
    22:35:47.0737 2164 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    22:35:47.0743 2164 nsiproxy - ok
    22:35:47.0875 2164 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
    22:35:47.0895 2164 Ntfs - ok
    22:35:47.0935 2164 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    22:35:47.0935 2164 Null - ok
    22:35:47.0985 2164 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
    22:35:48.0015 2164 nvraid - ok
    22:35:48.0057 2164 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
    22:35:48.0064 2164 nvstor - ok
    22:35:48.0117 2164 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
    22:35:48.0122 2164 nv_agp - ok
    22:35:48.0167 2164 NWADI (0973c0c696780161f4526586d5eac422) C:\windows\system32
     
  17. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    \DRIVERS\NWADIenum.sys
    22:35:48.0173 2164 NWADI - ok
    22:35:48.0307 2164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:35:48.0337 2164 odserv - ok
    22:35:48.0387 2164 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
    22:35:48.0397 2164 ohci1394 - ok
    22:35:48.0467 2164 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:35:48.0487 2164 ose - ok
    22:35:48.0567 2164 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
    22:35:48.0577 2164 p2pimsvc - ok
    22:35:48.0639 2164 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
    22:35:48.0649 2164 p2psvc - ok
    22:35:48.0709 2164 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    22:35:48.0709 2164 Parport - ok
    22:35:48.0749 2164 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
    22:35:48.0776 2164 partmgr - ok
    22:35:48.0821 2164 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    22:35:48.0821 2164 Parvdm - ok
    22:35:48.0893 2164 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
    22:35:48.0903 2164 PcaSvc - ok
    22:35:48.0958 2164 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
    22:35:48.0964 2164 pci - ok
    22:35:49.0020 2164 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
    22:35:49.0024 2164 pciide - ok
    22:35:49.0099 2164 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    22:35:49.0108 2164 pcmcia - ok
    22:35:49.0122 2164 PCTINDIS5 - ok
    22:35:49.0161 2164 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    22:35:49.0163 2164 pcw - ok
    22:35:49.0229 2164 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    22:35:49.0238 2164 PEAUTH - ok
    22:35:49.0402 2164 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
    22:35:49.0451 2164 pla - ok
    22:35:49.0595 2164 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
    22:35:49.0615 2164 PlugPlay - ok
    22:35:49.0675 2164 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
    22:35:49.0695 2164 PNRPAutoReg - ok
    22:35:49.0767 2164 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
    22:35:49.0777 2164 PNRPsvc - ok
    22:35:49.0859 2164 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
    22:35:49.0869 2164 PolicyAgent - ok
    22:35:49.0951 2164 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
    22:35:49.0961 2164 Power - ok
    22:35:50.0043 2164 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    22:35:50.0063 2164 PptpMiniport - ok
    22:35:50.0103 2164 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    22:35:50.0103 2164 Processor - ok
    22:35:50.0163 2164 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
    22:35:50.0173 2164 ProfSvc - ok
    22:35:50.0232 2164 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
    22:35:50.0235 2164 ProtectedStorage - ok
    22:35:50.0295 2164 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    22:35:50.0305 2164 Psched - ok
    22:35:50.0437 2164 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    22:35:50.0477 2164 ql2300 - ok
    22:35:50.0619 2164 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    22:35:50.0619 2164 ql40xx - ok
    22:35:50.0689 2164 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
    22:35:50.0699 2164 QWAVE - ok
    22:35:50.0739 2164 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    22:35:50.0751 2164 QWAVEdrv - ok
    22:35:50.0805 2164 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    22:35:50.0808 2164 RasAcd - ok
    22:35:50.0861 2164 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    22:35:50.0871 2164 RasAgileVpn - ok
    22:35:50.0931 2164 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
    22:35:50.0933 2164 RasAuto - ok
    22:35:51.0003 2164 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    22:35:51.0013 2164 Rasl2tp - ok
    22:35:51.0093 2164 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
    22:35:51.0113 2164 RasMan - ok
    22:35:51.0153 2164 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    22:35:51.0163 2164 RasPppoe - ok
    22:35:51.0213 2164 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    22:35:51.0223 2164 RasSstp - ok
    22:35:51.0273 2164 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
    22:35:51.0283 2164 rdbss - ok
    22:35:51.0343 2164 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    22:35:51.0343 2164 rdpbus - ok
    22:35:51.0373 2164 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
    22:35:51.0383 2164 RDPCDD - ok
    22:35:51.0455 2164 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    22:35:51.0455 2164 RDPENCDD - ok
    22:35:51.0524 2164 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    22:35:51.0527 2164 RDPREFMP - ok
    22:35:51.0597 2164 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
    22:35:51.0597 2164 RDPWD - ok
    22:35:51.0657 2164 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
    22:35:51.0667 2164 rdyboost - ok
    22:35:51.0717 2164 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
    22:35:51.0717 2164 RemoteAccess - ok
    22:35:51.0771 2164 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
    22:35:51.0809 2164 RemoteRegistry - ok
    22:35:51.0839 2164 RimUsb - ok
    22:35:51.0941 2164 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
    22:35:51.0961 2164 RimVSerPort - ok
    22:35:52.0021 2164 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
    22:35:52.0031 2164 ROOTMODEM - ok
    22:35:52.0143 2164 RoxLiveShare9 - ok
    22:35:52.0193 2164 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
    22:35:52.0203 2164 RpcEptMapper - ok
    22:35:52.0255 2164 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
    22:35:52.0274 2164 RpcLocator - ok
    22:35:52.0345 2164 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
    22:35:52.0355 2164 RpcSs - ok
    22:35:52.0395 2164 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    22:35:52.0395 2164 rspndr - ok
    22:35:52.0445 2164 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
    22:35:52.0475 2164 RSUSBSTOR - ok
    22:35:52.0525 2164 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
    22:35:52.0535 2164 RTL8167 - ok
    22:35:52.0606 2164 RTL8187Se (5bd298bdf62e6a8a0fc69f73a82a52bb) C:\windows\system32\DRIVERS\RTL8187Se.sys
    22:35:52.0637 2164 RTL8187Se - ok
    22:35:52.0667 2164 RtsUIR - ok
    22:35:52.0729 2164 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
    22:35:52.0729 2164 SamSs - ok
    22:35:52.0789 2164 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
    22:35:52.0809 2164 sbp2port - ok
    22:35:52.0869 2164 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
    22:35:52.0879 2164 SCardSvr - ok
    22:35:52.0921 2164 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
    22:35:52.0925 2164 scfilter - ok
    22:35:53.0011 2164 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
    22:35:53.0031 2164 Schedule - ok
    22:35:53.0093 2164 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
    22:35:53.0098 2164 SCPolicySvc - ok
    22:35:53.0153 2164 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
    22:35:53.0183 2164 SDRSVC - ok
    22:35:53.0253 2164 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    22:35:53.0253 2164 secdrv - ok
    22:35:53.0303 2164 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
    22:35:53.0313 2164 seclogon - ok
    22:35:53.0385 2164 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
    22:35:53.0392 2164 SENS - ok
    22:35:53.0435 2164 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
    22:35:53.0445 2164 SensrSvc - ok
    22:35:53.0505 2164 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    22:35:53.0507 2164 Serenum - ok
    22:35:53.0547 2164 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    22:35:53.0561 2164 Serial - ok
    22:35:53.0609 2164 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    22:35:53.0609 2164 sermouse - ok
    22:35:53.0711 2164 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
    22:35:53.0721 2164 SessionEnv - ok
    22:35:53.0765 2164 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
    22:35:53.0769 2164 sffdisk - ok
    22:35:53.0833 2164 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
    22:35:53.0833 2164 sffp_mmc - ok
    22:35:53.0873 2164 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
    22:35:53.0901 2164 sffp_sd - ok
    22:35:53.0945 2164 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    22:35:53.0945 2164 sfloppy - ok
    22:35:54.0017 2164 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
    22:35:54.0027 2164 SharedAccess - ok
    22:35:54.0099 2164 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
    22:35:54.0109 2164 ShellHWDetection - ok
    22:35:54.0156 2164 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
    22:35:54.0160 2164 sisagp - ok
    22:35:54.0211 2164 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    22:35:54.0221 2164 SiSRaid2 - ok
    22:35:54.0270 2164 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    22:35:54.0275 2164 SiSRaid4 - ok
    22:35:54.0343 2164 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    22:35:54.0343 2164 Smb - ok
    22:35:54.0435 2164 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
    22:35:54.0443 2164 SNMPTRAP - ok
    22:35:54.0478 2164 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    22:35:54.0481 2164 spldr - ok
    22:35:54.0565 2164 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
    22:35:54.0585 2164 Spooler - ok
    22:35:54.0847 2164 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
    22:35:54.0954 2164 sppsvc - ok
    22:35:55.0081 2164 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
    22:35:55.0091 2164 sppuinotify - ok
    22:35:55.0150 2164 SprintRcAppSvc - ok
    22:35:55.0323 2164 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\windows\System32\Drivers\NIS\1306020.00A\SRTSP.SYS
    22:35:55.0333 2164 SRTSP - ok
    22:35:55.0455 2164 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\windows\system32\drivers\NIS\1307000.009\SRTSPX.SYS
    22:35:55.0485 2164 SRTSPX - ok
    22:35:55.0557 2164 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
    22:35:55.0577 2164 srv - ok
    22:35:55.0672 2164 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
    22:35:55.0683 2164 srv2 - ok
    22:35:55.0743 2164 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
    22:35:55.0749 2164 srvnet - ok
    22:35:55.0829 2164 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
    22:35:55.0829 2164 sscdbus - ok
    22:35:55.0911 2164 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
    22:35:55.0921 2164 SSDPSRV - ok
    22:35:55.0973 2164 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
    22:35:55.0981 2164 SstpSvc - ok
    22:35:56.0027 2164 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    22:35:56.0031 2164 stexstor - ok
    22:35:56.0113 2164 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
    22:35:56.0133 2164 StiSvc - ok
    22:35:56.0187 2164 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
    22:35:56.0190 2164 swenum - ok
    22:35:56.0275 2164 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\windows\System32\drivers\swmsflt.sys
    22:35:56.0285 2164 swmsflt - ok
    22:35:56.0345 2164 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\windows\system32\DRIVERS\swmx00.sys
    22:35:56.0355 2164 swmx00 - ok
    22:35:56.0425 2164 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\windows\system32\DRIVERS\SWNC5E00.sys
    22:35:56.0435 2164 SWNC5E00 - ok
    22:35:56.0515 2164 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
    22:35:56.0527 2164 swprv - ok
    22:35:56.0667 2164 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\windows\system32\drivers\NIS\1307000.009\SYMDS.SYS
    22:35:56.0677 2164 SymDS - ok
    22:35:56.0819 2164 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS
    22:35:56.0839 2164 SymEFA - ok
    22:35:56.0931 2164 SymEvent (74e2521e96176a4449570e50be91954d) C:\windows\system32\Drivers\SYMEVENT.SYS
    22:35:56.0931 2164 SymEvent - ok
    22:35:57.0031 2164 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\windows\system32\drivers\NIS\1307000.009\Ironx86.SYS
    22:35:57.0031 2164 SymIRON - ok
    22:35:57.0163 2164 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\windows\System32\Drivers\NIS\1306020.00A\SYMNETS.SYS
    22:35:57.0163 2164 SymNetS - ok
    22:35:57.0245 2164 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
    22:35:57.0255 2164 SynTP - ok
    22:35:57.0375 2164 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
    22:35:57.0405 2164 SysMain - ok
    22:35:57.0453 2164 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
    22:35:57.0457 2164 TabletInputService - ok
    22:35:57.0519 2164 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
    22:35:57.0539 2164 TapiSrv - ok
    22:35:57.0583 2164 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
    22:35:57.0591 2164 TBS - ok
    22:35:57.0761 2164 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
    22:35:57.0781 2164 Tcpip - ok
    22:35:57.0873 2164 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
    22:35:57.0897 2164 TCPIP6 - ok
    22:35:57.0975 2164 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
    22:35:57.0985 2164 tcpipreg - ok
    22:35:58.0067 2164 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
    22:35:58.0067 2164 tdcmdpst - ok
    22:35:58.0119 2164 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
    22:35:58.0119 2164 TDPIPE - ok
    22:35:58.0179 2164 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
    22:35:58.0179 2164 TDTCP - ok
    22:35:58.0251 2164 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
    22:35:58.0271 2164 tdx - ok
    22:35:58.0331 2164 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
    22:35:58.0351 2164 TermDD - ok
    22:35:58.0441 2164 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
    22:35:58.0451 2164 TermService - ok
    22:35:58.0491 2164 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
    22:35:58.0503 2164 Themes - ok
    22:35:58.0553 2164 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
    22:35:58.0557 2164 THREADORDER - ok
    22:35:58.0663 2164 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    22:35:58.0663 2164 TMachInfo - ok
    22:35:58.0743 2164 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
    22:35:58.0743 2164 TODDSrv - ok
    22:35:58.0875 2164 TosCoSrv (451b09ba1a0d019ba0b5a27229559d55) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    22:35:58.0885 2164 TosCoSrv - ok
    22:35:58.0947 2164 TOSHIBA HDD SSD Alert Service (94ecabe1ba3559214fe6c3ce6c9677eb) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    22:35:58.0977 2164 TOSHIBA HDD SSD Alert Service - ok
    22:35:59.0077 2164 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
    22:35:59.0087 2164 tos_sps32 - ok
    22:35:59.0157 2164 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
    22:35:59.0167 2164 TrkWks - ok
    22:35:59.0249 2164 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
    22:35:59.0259 2164 TrustedInstaller - ok
    22:35:59.0329 2164 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
    22:35:59.0331 2164 tssecsrv - ok
    22:35:59.0391 2164 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
    22:35:59.0401 2164 tunnel - ok
    22:35:59.0463 2164 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    22:35:59.0463 2164 TVALZ - ok
    22:35:59.0522 2164 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    22:35:59.0525 2164 uagp35 - ok
    22:35:59.0583 2164 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
    22:35:59.0587 2164 udfs - ok
    22:35:59.0678 2164 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
    22:35:59.0699 2164 UI0Detect - ok
    22:35:59.0769 2164 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
    22:35:59.0769 2164 uliagpkx - ok
    22:35:59.0829 2164 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
    22:35:59.0839 2164 umbus - ok
    22:35:59.0899 2164 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    22:35:59.0909 2164 UmPass - ok
    22:35:59.0971 2164 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
    22:35:59.0981 2164 upnphost - ok
    22:36:00.0061 2164 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
    22:36:00.0071 2164 usbaudio - ok
    22:36:00.0116 2164 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
    22:36:00.0122 2164 usbccgp - ok
    22:36:00.0153 2164 USBCCID - ok
    22:36:00.0223 2164 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
    22:36:00.0243 2164 usbcir - ok
    22:36:00.0305 2164 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
    22:36:00.0305 2164 usbehci - ok
    22:36:00.0365 2164 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
    22:36:00.0375 2164 usbhub - ok
    22:36:00.0425 2164 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\DRIVERS\usbohci.sys
    22:36:00.0425 2164 usbohci - ok
    22:36:00.0497 2164 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    22:36:00.0497 2164 usbprint - ok
    22:36:00.0547 2164 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
    22:36:00.0557 2164 usbscan - ok
    22:36:00.0619 2164 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
    22:36:00.0629 2164 USBSTOR - ok
    22:36:00.0689 2164 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
    22:36:00.0689 2164 usbuhci - ok
    22:36:00.0761 2164 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
    22:36:00.0771 2164 UxSms - ok
    22:36:00.0833 2164 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
    22:36:00.0833 2164 VaultSvc - ok
    22:36:00.0893 2164 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
    22:36:00.0903 2164 vdrvroot - ok
    22:36:00.0993 2164 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
    22:36:01.0013 2164 vds - ok
    22:36:01.0075 2164 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    22:36:01.0095 2164 vga - ok
    22:36:01.0135 2164 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    22:36:01.0135 2164 VgaSave - ok
    22:36:01.0187 2164 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
    22:36:01.0197 2164 vhdmp - ok
    22:36:01.0242 2164 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
    22:36:01.0248 2164 viaagp - ok
    22:36:01.0299 2164 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    22:36:01.0299 2164 ViaC7 - ok
    22:36:01.0339 2164 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
    22:36:01.0353 2164 viaide - ok
    22:36:01.0398 2164 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
    22:36:01.0401 2164 volmgr - ok
    22:36:01.0471 2164 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    22:36:01.0471 2164 volmgrx - ok
    22:36:01.0543 2164 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
    22:36:01.0553 2164 volsnap - ok
    22:36:01.0623 2164 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    22:36:01.0633 2164 vsmraid - ok
    22:36:01.0753 2164 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
    22:36:01.0795 2164 VSS - ok
    22:36:01.0865 2164 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    22:36:01.0875 2164 vwifibus - ok
    22:36:01.0922 2164 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    22:36:01.0927 2164 vwififlt - ok
    22:36:01.0987 2164 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
    22:36:01.0987 2164 vwifimp - ok
    22:36:02.0069 2164 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
    22:36:02.0079 2164 W32Time - ok
    22:36:02.0129 2164 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    22:36:02.0133 2164 WacomPen - ok
    22:36:02.0171 2164 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    22:36:02.0181 2164 WANARP - ok
    22:36:02.0201 2164 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    22:36:02.0201 2164 Wanarpv6 - ok
    22:36:02.0383 2164 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
    22:36:02.0403 2164 WatAdminSvc - ok
    22:36:02.0535 2164 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
    22:36:02.0575 2164 wbengine - ok
    22:36:02.0631 2164 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
    22:36:02.0642 2164 WbioSrvc - ok
    22:36:02.0707 2164 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
    22:36:02.0727 2164 wcncsvc - ok
    22:36:02.0780 2164 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
    22:36:02.0789 2164 WcsPlugInService - ok
    22:36:02.0859 2164 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    22:36:02.0859 2164 Wd - ok
    22:36:02.0931 2164 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    22:36:02.0941 2164 Wdf01000 - ok
    22:36:02.0991 2164 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
    22:36:03.0001 2164 WdiServiceHost - ok
    22:36:03.0021 2164 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
    22:36:03.0031 2164 WdiSystemHost - ok
    22:36:03.0113 2164 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
    22:36:03.0123 2164 WebClient - ok
    22:36:03.0190 2164 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
    22:36:03.0195 2164 Wecsvc - ok
    22:36:03.0235 2164 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
    22:36:03.0235 2164 wercplsupport - ok
    22:36:03.0297 2164 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
    22:36:03.0307 2164 WerSvc - ok
    22:36:03.0371 2164 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    22:36:03.0375 2164 WfpLwf - ok
    22:36:03.0429 2164 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    22:36:03.0429 2164 WIMMount - ok
    22:36:03.0469 2164 WinHttpAutoProxySvc - ok
    22:36:03.0551 2164 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
    22:36:03.0551 2164 Winmgmt - ok
    22:36:03.0682 2164 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
    22:36:03.0711 2164 WinRM - ok
    22:36:03.0833 2164 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
    22:36:03.0843 2164 WinUsb - ok
    22:36:03.0963 2164 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
    22:36:03.0993 2164 Wlansvc - ok
    22:36:04.0045 2164 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
    22:36:04.0045 2164 WmiAcpi - ok
    22:36:04.0137 2164 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
    22:36:04.0137 2164 wmiApSrv - ok
    22:36:04.0307 2164 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
    22:36:04.0327 2164 WMPNetworkSvc - ok
    22:36:04.0387 2164 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
    22:36:04.0398 2164 WPCSvc - ok
    22:36:04.0438 2164 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
    22:36:04.0448 2164 WPDBusEnum - ok
    22:36:04.0519 2164 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    22:36:04.0519 2164 ws2ifsl - ok
    22:36:04.0539 2164 WSearch - ok
    22:36:04.0733 2164 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
    22:36:04.0761 2164 wuauserv - ok
    22:36:04.0881 2164 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
    22:36:04.0891 2164 WudfPf - ok
    22:36:04.0931 2164 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
    22:36:04.0931 2164 wudfsvc - ok
    22:36:04.0971 2164 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
    22:36:05.0001 2164 WwanSvc - ok
    22:36:05.0193 2164 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    22:36:05.0223 2164 YahooAUService - ok
    22:36:05.0357 2164 MBR (0x1B8) (f3c579bffdc2fabb0a2300421fc3ad48) \Device\Harddisk0\DR0
    22:36:05.0377 2164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
    22:36:05.0377 2164 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    22:36:05.0427 2164 Boot (0x1200) (3e2d8ff930a548fe6bfa83167efb82c4) \Device\Harddisk0\DR0\Partition0
    22:36:05.0437 2164 \Device\Harddisk0\DR0\Partition0 - ok
    22:36:05.0447 2164 ============================================================
    22:36:05.0447 2164 Scan finished
    22:36:05.0447 2164 ============================================================
    22:36:05.0493 4256 Detected object count: 1
    22:36:05.0493 4256 Actual detected object count: 1
    22:36:23.0599 4256 \Device\Harddisk0\DR0\# - copied to quarantine
    22:36:23.0599 4256 \Device\Harddisk0\DR0 - copied to quarantine
    22:36:23.0639 4256 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    22:36:23.0649 4256 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    22:36:23.0649 4256 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    22:36:23.0659 4256 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    22:36:23.0659 4256 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    22:36:23.0669 4256 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    22:36:23.0701 4256 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    22:36:23.0711 4256 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    22:36:23.0711 4256 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    22:36:23.0721 4256 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    22:36:23.0731 4256 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    22:36:23.0741 4256 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    22:36:23.0754 4256 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    22:36:23.0760 4256 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    22:36:23.0766 4256 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    22:36:23.0789 4256 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    22:36:23.0796 4256 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    22:36:23.0853 4256 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
    22:36:23.0913 4256 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    22:36:23.0963 4256 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    22:36:23.0973 4256 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    22:36:24.0227 4256 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
    22:36:24.0287 4256 \Device\Harddisk0\DR0 - processing error
    22:42:39.0801 4256 \Device\Harddisk0\DR0 - will be restored on reboot
    22:42:39.0991 4256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
    22:43:03.0255 5112 Deinitialize success
     
  18. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Good :)

    See if aswMBR will run now.
     
  19. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    asw has been running, but is it supposed to say anything when done? It was scanning and looks like it just stopped mid scan... here is the log anyhow.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-23 23:04:55
    -----------------------------
    23:04:55.096 OS Version: Windows 6.1.7600
    23:04:55.096 Number of processors: 1 586 0x301
    23:04:55.096 ComputerName: JAY-PC UserName: jay
    23:05:10.103 Initialize success
    23:07:08.155 AVAST engine defs: 12042301
    23:07:25.393 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    23:07:25.409 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11
    23:07:25.424 Disk 0 MBR read successfully
    23:07:25.440 Disk 0 MBR scan
    23:07:25.440 Disk 0 Windows XP default MBR code
    23:07:25.456 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    23:07:25.487 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
    23:07:25.518 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
    23:07:25.565 Disk 0 scanning sectors +488396800
    23:07:25.877 Disk 0 scanning C:\windows\system32\drivers
    23:07:43.068 Service scanning
    23:08:45.499 Modules scanning
    23:09:09.711 Disk 0 trace - called modules:
    23:09:09.773 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
    23:09:09.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e6bac8]
    23:09:09.804 3 CLASSPNP.SYS[88ce759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85e5f340]
    23:09:10.771 AVAST engine scan C:\windows
    23:09:13.891 AVAST engine scan C:\windows\system32
    23:14:02.710 AVAST engine scan C:\windows\system32\drivers
    23:14:23.053 AVAST engine scan C:\Users\jay
    23:18:09.188 Disk 0 MBR has been saved successfully to "C:\Users\jay\Desktop\MBR.dat"
    23:18:09.203 The log file has been saved successfully to "C:\Users\jay\Desktop\aswMBR.txt"
     
  20. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    Broni, it froze up in mid scan I got an error Freeware implimentation of xclacls has stopped working.
     
  22. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    I also apologize, I am exhausted... and have to get up in a few hours. Would you mind if we finished this up tomorrow night about 9pm?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Try to run it from safe mode.
     
  24. Jayse

    Jayse TS Rookie Topic Starter Posts: 30

    Apologies Broni, unexpected work schedule is keeping me away from finishing up. Please don't close my thread. Should get back with you on Monday... Tuesday at latest. Thanks
     
  25. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Thanks for letting me know :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.