Inactive Infected: Tidserv Activity 4 alert & more

Status
Not open for further replies.
J

Jayse

Posts: 30   +0
Hello, new to the forums here. Actually stumbled upon this great site looking for information on this. I had some issues almost a week ago. I have Norton AV installed, well I kept getting multiple window alerts, figured I had a virus and tried to run Norton. It would not respond. I tried restoring to an earlier date and started having problems with PC going into auto chekdsk. Then it wouldn't check and automatically rebooted. This circle went on and on, so I downloaded AVG to see if I could catch the virus. Ran rkill first, malwarebytes, then AVG which found a couple viruses and several malware (unfortunately I do not recall the names). After that I still had problems. I noticed my PC showed there was no internet signal, and my router showed everything was fine, even my smartphone was able to use my routers signal fine. I also noticed my light on router was flashing like crazy showing use, even while no activity on my PC, so I believe my PC was communicating or something as its never doen that. After trying reboot again I got the signal indicator back showing i had internet. I have full version of Norton along with paid virus removal assurance (lol). I called up, and 5 hours later I believed my PC was cleaned. All temp files (or so I believe) were cleaned by logged in tech. Sorry temp file cleaning is something i was very neglectful at. Was told to call back if any further problems. While shutting down PC, it suddenly required to have 55 updates to windows (???). When I booted up the next day Norton displayed a window saying "Threat requiring manual removal detected: System infected: Tidserv Activity 4". Called up Norton again, 4 hours later I believed was clean again. Tech also asked if he could delete AVG and Malwarebytes. Said sure thinking there could be an issue with those. This time after done with tech, PC is EXTREMELY slow on internet, like on 14.4 dialup when i'm using DSL. PC was never this slow or anywhere near it. After a third call to Nortons techs, I still have this same threat warning as I mentioned earlier and PC is still extremely slow. I have lost confidence in Norton and it's techs, it especially doesn't help when there is a language/ accent barrier since they have outsourced their help to I believe India.

I apologize for this being a long post, but I wanted someone to know all the issues at the beginning. Could someone please help me. Also, from looking at a few threads I can tell you I am not that versed on shortcuts, etc for logs, etc. But if explained how to do something I can/ will do it. Thanks.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Good evening/ morning Broni. Sorry for the delay in getting back. I have the logs available, but have a question before posting them. DDS states to zip the "attach" file. You mention to send them in a .txt log. So don't zip it correct? I will check back here for a little bit and post logs if I get a reply from you, but won't be able to check back on here until 8pm eastern time tonight.

Also just FYI, today I noticed something new. I got a couple of alert boxes pop up saying "webpage error" no memory or run out of memory error: 5 (once), and a larger number once. I had no webpages open at one of the times, but again, my activity light on my router was flashing like a strobe light. Additionally, getting unknown problem from "Catalyst Control Center". It keeps having issues, whatever it is.

I'll await your reply, and thank you for taking the time out to help me.
 
Ok, seen others had posted the attach log without zipping so here comes my logs. As mentioned before, I won't be able to be back on until 8pm eastern time.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.22.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
jay :: JAY-PC [administrator]
4/22/2012 6:30:30 PM
mbam-log-2012-04-22 (18-30-30).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 423019
Time elapsed: 3 hour(s), 54 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Guest\Desktop\SoftonicDownloader_for_free-youtube-to-mp3-converter.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-23 01:17:30
Windows 6.1.7600
Running: xg78sqrn.exe; Driver: C:\Users\jay\AppData\Local\Temp\kwtdypow.sys

---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB15308$\1245199675 0 bytes
File C:\Windows\$NtUninstallKB15308$\3992114750 0 bytes
File C:\Windows\$NtUninstallKB15308$\3992114750\L 0 bytes
File C:\Windows\$NtUninstallKB15308$\3992114750\U 0 bytes
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jay at 1:32:17 on 2012-04-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.816 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\lxcycoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\WSCStub.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\19.6.2.10\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\19.6.2.10\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [cdloader] "c:\users\jay\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\jay\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\1446D696E626C64676 : DhcpNameServer = 10.0.0.42 10.0.0.43 10.0.0.70
TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\350584D244730303239303 : DhcpNameServer = 192.168.16.1
TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\A6573747D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{80C0DEBB-BB48-459D-B228-D473106C8874}\F46756274627966756D2632453 : DhcpNameServer = 192.168.0.1
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306020.00a\symds.sys [2012-4-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306020.00a\symefa.sys [2012-4-16 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-20 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys [2012-4-16 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120420.001\IDSvix86.sys [2012-4-20 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys [2012-4-16 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1306020.00a\symnets.sys [2012-4-16 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-7 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\19.6.2.10\ccsvchst.exe [2012-4-16 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-16 106104]
R3 kwtdypow;kwtdypow;c:\users\jay\appdata\local\temp\kwtdypow.sys [2012-4-23 100864]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-7 167936]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-7 54136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-7-17 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CASprint;Sprint Con App Svc;"c:\program files\sprint\sprint smartview\conappssvc.exe" /n "casprint" --> c:\program files\sprint\sprint smartview\ConAppsSvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-22 40776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-7 171520]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
.
=============== Created Last 30 ================
.
2012-04-22 22:27:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-22 22:27:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-19 03:44:19 -------- d-----w- c:\users\jay\appdata\roaming\FixZeroAccess
2012-04-16 08:18:33 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-16 08:18:33 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 08:18:33 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 08:18:32 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 07:11:20 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-16 07:11:18 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-16 06:37:13 905336 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symefa.sys
2012-04-16 06:37:13 318584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\symnets.sys
2012-04-16 06:37:12 340088 ----a-r- c:\windows\system32\drivers\nis\1306020.00a\symds.sys
2012-04-16 06:37:12 32888 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtspx.sys
2012-04-16 06:37:11 574584 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\srtsp.sys
2012-04-16 06:37:11 149624 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys
2012-04-16 06:37:10 132744 ----a-w- c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys
2012-04-16 06:36:39 -------- d-----w- c:\windows\system32\drivers\nis\1306020.00A
2012-04-16 06:30:30 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 06:30:30 -------- d-----w- c:\program files\Symantec
2012-04-16 06:30:30 -------- d-----w- c:\program files\common files\Symantec Shared
2012-04-16 06:27:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-16 06:16:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-16 06:16:38 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-16 06:16:38 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-16 06:16:15 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-16 06:16:14 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-16 06:16:14 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-16 04:50:13 -------- d-----w- c:\users\jay\appdata\local\LogMeIn Rescue Applet
2012-04-16 02:19:42 110592 ----a-w- c:\programdata\microsoft\windows\drm\2829.tmp
2012-04-15 22:04:56 -------- d-----w- c:\users\jay\appdata\roaming\AVG2012
2012-04-15 22:04:35 -------- d--h--w- c:\programdata\Common Files
2012-04-15 22:02:10 -------- d-----w- c:\programdata\AVG2012
2012-04-15 21:56:19 -------- d-----w- c:\programdata\MFAData
.
==================== Find3M ====================
.
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:39:12.48 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/19/2010 12:12:35 PM
System Uptime: 4/23/2012 12:07:59 AM (1 hours ago)
.
Motherboard: TOSHIBA | | NBWAE
Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 160.179 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP430: 4/17/2012 3:00:57 AM - Windows Update
RP431: 4/18/2012 3:00:21 AM - Windows Update
RP432: 4/18/2012 4:10:34 AM - Windows Update
RP433: 4/19/2012 12:46:53 AM - Removed AVG 2012
RP435: 4/19/2012 12:51:22 AM - Removed AVG 2012
RP436: 4/19/2012 3:00:15 AM - Windows Update
RP437: 4/20/2012 3:00:12 AM - Windows Update
RP438: 4/21/2012 3:00:16 AM - Windows Update
RP439: 4/21/2012 3:28:29 AM - Windows Update
RP440: 4/21/2012 10:26:12 AM - Windows Update
RP441: 4/22/2012 3:00:19 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Alien Sky
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Service & Support Tool
ATI Catalyst Install Manager
Atomaders
Audacity 1.3.12 (Unicode)
Berry Extract
Big Fish Games: Game Manager
Bonjour
Bubble Shooter Premium Edition
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
DivX Setup
Empress of the Deep - The Darkest Secret
eMusic Download Manager 4.1.4
EverQuest II Extended
Feelers
Fish Tycoon
FLV Player 2.0 (build 25)
Free YouTube to MP3 Converter version 3.10.15.1228
Freecorder 4
G.H.O.S.T. Hunters The Haunting of Majesty Manor
Google Talk Plugin
Google Update Helper
Haunted Hotel
Haunted Hotel II: Believe the Lies
Hidden Mysteries Vampire Secrets
ImTOO Video Converter Ultimate
Internet TV for Windows Media Center
IrfanView (remove only)
Island Wars 2
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Label@Once 1.0
Lexmark 3400 Series
Lexmark Toolbar
Magic Academy
magicJack
Mall-A-Palooza
Malwarebytes Anti-Malware version 1.61.0.1400
Massive Assault
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB973688)
My Life Story
MyToshiba
NetZero Launcher
Norton Internet Security
OpenAL
OpenOffice.org 3.3
Pando Media Booster
PlayReady PC Runtime x86
Quickbooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Search Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Launcher
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
vReveal
Westward
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
Wizard Land
World of Tanks v.0.6.3.11
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/23/2012 12:08:25 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
4/23/2012 12:08:25 AM, Error: atikmdag [43029] - Display is not active
4/23/2012 1:30:33 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/22/2012 9:53:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.
4/22/2012 3:04:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
4/20/2012 11:48:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/20/2012 1:15:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
4/19/2012 12:52:23 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/19/2012 12:50:23 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2012 8:05:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
4/16/2012 5:52:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2632503).
4/16/2012 5:52:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
4/16/2012 1:51:12 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
when aswMBR is double clicked, comp asks if I want to allow asw to make changes, clicked yes and nothing happens. Tried twice. Do you want me to continue on with Bootkit Remover, or wait for something else?
 
ok, finally got it to work. Took several tries.

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Broni, it found it and was curing the threat then I got a warning window open. Says:
Cant cure MBR. Write standard boot code?
If you have installed custom bootloader (eg Acronis, Grub, Lilo), you will need to reinstall them after treatment
Yes or No boxes

Also My norton threw up a red window saying a threat was stopped
 
22:34:31.0015 5612 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
22:34:33.0021 5612 ============================================================
22:34:33.0021 5612 Current date / time: 2012/04/23 22:34:33.0021
22:34:33.0021 5612 SystemInfo:
22:34:33.0021 5612
22:34:33.0021 5612 OS Version: 6.1.7600 ServicePack: 0.0
22:34:33.0021 5612 Product type: Workstation
22:34:33.0021 5612 ComputerName: JAY-PC
22:34:33.0021 5612 UserName: jay
22:34:33.0021 5612 Windows directory: C:\windows
22:34:33.0021 5612 System windows directory: C:\windows
22:34:33.0021 5612 Processor architecture: Intel x86
22:34:33.0021 5612 Number of processors: 1
22:34:33.0021 5612 Page size: 0x1000
22:34:33.0021 5612 Boot type: Normal boot
22:34:33.0021 5612 ============================================================
22:34:35.0079 5612 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:34:35.0079 5612 ============================================================
22:34:35.0079 5612 \Device\Harddisk0\DR0:
22:34:35.0079 5612 MBR partitions:
22:34:35.0079 5612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
22:34:35.0079 5612 ============================================================
22:34:35.0149 5612 C: <-> \Device\Harddisk0\DR0\Partition0
22:34:35.0179 5612 ============================================================
22:34:35.0179 5612 Initialize success
22:34:35.0179 5612 ============================================================
22:35:24.0827 2164 ============================================================
22:35:24.0827 2164 Scan started
22:35:24.0827 2164 Mode: Manual;
22:35:24.0827 2164 ============================================================
22:35:27.0315 2164 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
22:35:27.0315 2164 1394ohci - ok
22:35:27.0387 2164 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
22:35:27.0387 2164 ACPI - ok
22:35:27.0447 2164 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
22:35:27.0447 2164 AcpiPmi - ok
22:35:27.0539 2164 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:35:27.0559 2164 adp94xx - ok
22:35:27.0629 2164 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:35:27.0649 2164 adpahci - ok
22:35:27.0699 2164 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:35:27.0709 2164 adpu320 - ok
22:35:27.0801 2164 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
22:35:27.0801 2164 AeLookupSvc - ok
22:35:27.0901 2164 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
22:35:27.0911 2164 AFD - ok
22:35:28.0061 2164 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
22:35:28.0081 2164 AgereSoftModem - ok
22:35:28.0130 2164 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
22:35:28.0134 2164 agp440 - ok
22:35:28.0183 2164 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:35:28.0203 2164 aic78xx - ok
22:35:28.0283 2164 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
22:35:28.0283 2164 ALG - ok
22:35:28.0333 2164 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
22:35:28.0333 2164 aliide - ok
22:35:28.0413 2164 AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\windows\system32\atiesrxx.exe
22:35:28.0413 2164 AMD External Events Utility - ok
22:35:28.0485 2164 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
22:35:28.0485 2164 amdagp - ok
22:35:28.0545 2164 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
22:35:28.0545 2164 amdide - ok
22:35:28.0607 2164 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:35:28.0607 2164 AmdK8 - ok
22:35:28.0667 2164 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:35:28.0667 2164 AmdPPM - ok
22:35:28.0747 2164 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
22:35:28.0767 2164 amdsata - ok
22:35:28.0847 2164 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:35:28.0857 2164 amdsbs - ok
22:35:28.0917 2164 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
22:35:28.0917 2164 amdxata - ok
22:35:28.0977 2164 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
22:35:28.0977 2164 AppID - ok
22:35:29.0037 2164 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
22:35:29.0037 2164 AppIDSvc - ok
22:35:29.0086 2164 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
22:35:29.0090 2164 Appinfo - ok
22:35:29.0219 2164 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:35:29.0229 2164 Apple Mobile Device - ok
22:35:29.0289 2164 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:35:29.0299 2164 arc - ok
22:35:29.0353 2164 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:35:29.0357 2164 arcsas - ok
22:35:29.0481 2164 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\windows\System32\DRIVERS\ASPI32.sys
22:35:29.0481 2164 ASPI - ok
22:35:29.0541 2164 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:35:29.0551 2164 AsyncMac - ok
22:35:29.0581 2164 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
22:35:29.0581 2164 atapi - ok
22:35:30.0271 2164 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
22:35:30.0430 2164 atikmdag - ok
22:35:30.0585 2164 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
22:35:30.0597 2164 AtiPcie - ok
22:35:30.0687 2164 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
22:35:30.0687 2164 AudioEndpointBuilder - ok
22:35:30.0707 2164 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
22:35:30.0707 2164 Audiosrv - ok
22:35:30.0809 2164 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
22:35:30.0819 2164 AxInstSV - ok
22:35:30.0899 2164 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:35:30.0909 2164 b06bdrv - ok
22:35:30.0989 2164 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:35:30.0999 2164 b57nd60x - ok
22:35:31.0079 2164 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
22:35:31.0089 2164 BDESVC - ok
22:35:31.0139 2164 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:35:31.0139 2164 Beep - ok
22:35:31.0229 2164 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
22:35:31.0249 2164 BFE - ok
22:35:31.0521 2164 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
22:35:31.0541 2164 BHDrvx86 - ok
22:35:31.0623 2164 BITS (53f476476f55a27f580661bde09c4ec4) C:\windows\System32\qmgr.dll
22:35:31.0643 2164 BITS - ok
22:35:31.0703 2164 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:35:31.0713 2164 blbdrive - ok
22:35:31.0943 2164 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
22:35:31.0953 2164 Bonjour Service - ok
22:35:32.0025 2164 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
22:35:32.0025 2164 bowser - ok
22:35:32.0065 2164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:35:32.0065 2164 BrFiltLo - ok
22:35:32.0107 2164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:35:32.0127 2164 BrFiltUp - ok
22:35:32.0187 2164 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
22:35:32.0197 2164 Browser - ok
22:35:32.0277 2164 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:35:32.0287 2164 Brserid - ok
22:35:32.0334 2164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:35:32.0338 2164 BrSerWdm - ok
22:35:32.0389 2164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:35:32.0389 2164 BrUsbMdm - ok
22:35:32.0429 2164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:35:32.0429 2164 BrUsbSer - ok
22:35:32.0479 2164 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:35:32.0481 2164 BTHMODEM - ok
22:35:32.0561 2164 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
22:35:32.0591 2164 bthserv - ok
22:35:32.0643 2164 CASprint - ok
22:35:32.0739 2164 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\windows\system32\drivers\NIS\1307000.009\ccSetx86.sys
22:35:32.0743 2164 ccSet_NIS - ok
22:35:32.0817 2164 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:35:32.0821 2164 cdfs - ok
22:35:32.0885 2164 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
22:35:32.0895 2164 cdrom - ok
22:35:32.0955 2164 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
22:35:32.0955 2164 CertPropSvc - ok
22:35:33.0057 2164 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
22:35:33.0067 2164 cfWiMAXService - ok
22:35:33.0142 2164 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:35:33.0145 2164 circlass - ok
22:35:33.0208 2164 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:35:33.0216 2164 CLFS - ok
22:35:33.0409 2164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:35:33.0489 2164 clr_optimization_v2.0.50727_32 - ok
22:35:33.0631 2164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:35:33.0631 2164 clr_optimization_v4.0.30319_32 - ok
22:35:33.0683 2164 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:35:33.0683 2164 CmBatt - ok
22:35:33.0726 2164 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
22:35:33.0729 2164 cmdide - ok
22:35:33.0822 2164 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
22:35:33.0832 2164 CNG - ok
22:35:33.0912 2164 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:35:33.0915 2164 Compbatt - ok
22:35:33.0996 2164 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
22:35:33.0998 2164 CompositeBus - ok
22:35:34.0029 2164 COMSysApp - ok
22:35:34.0240 2164 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:35:34.0241 2164 ConfigFree Service - ok
22:35:34.0272 2164 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:35:34.0274 2164 crcdisk - ok
22:35:34.0475 2164 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\windows\system32\cryptsvc.dll
22:35:34.0475 2164 CryptSvc - ok
22:35:34.0535 2164 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
22:35:34.0545 2164 DcomLaunch - ok
22:35:34.0605 2164 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
22:35:34.0615 2164 defragsvc - ok
22:35:34.0685 2164 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
22:35:34.0695 2164 DfsC - ok
22:35:34.0765 2164 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
22:35:34.0775 2164 Dhcp - ok
22:35:34.0825 2164 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:35:34.0835 2164 discache - ok
22:35:34.0905 2164 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:35:34.0915 2164 Disk - ok
22:35:34.0977 2164 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
22:35:34.0987 2164 Dnscache - ok
22:35:35.0057 2164 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
22:35:35.0067 2164 dot3svc - ok
22:35:35.0118 2164 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
22:35:35.0124 2164 DPS - ok
22:35:35.0189 2164 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:35:35.0200 2164 drmkaud - ok
22:35:35.0311 2164 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
22:35:35.0321 2164 DXGKrnl - ok
22:35:35.0380 2164 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
22:35:35.0383 2164 EapHost - ok
22:35:35.0665 2164 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:35:35.0799 2164 ebdrv - ok
22:35:35.0969 2164 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:35:35.0979 2164 eeCtrl - ok
22:35:36.0129 2164 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
22:35:36.0129 2164 EFS - ok
22:35:36.0249 2164 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
22:35:36.0279 2164 ehRecvr - ok
22:35:36.0339 2164 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
22:35:36.0371 2164 ehSched - ok
22:35:36.0488 2164 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:35:36.0499 2164 elxstor - ok
22:35:36.0723 2164 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:35:36.0723 2164 EraserUtilRebootDrv - ok
22:35:36.0743 2164 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
22:35:36.0771 2164 ErrDev - ok
22:35:36.0865 2164 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
22:35:36.0865 2164 EventSystem - ok
22:35:36.0927 2164 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:35:36.0927 2164 exfat - ok
22:35:36.0989 2164 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:35:36.0989 2164 fastfat - ok
22:35:37.0079 2164 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
22:35:37.0109 2164 Fax - ok
22:35:37.0149 2164 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:35:37.0159 2164 fdc - ok
22:35:37.0209 2164 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
22:35:37.0209 2164 fdPHost - ok
22:35:37.0249 2164 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
22:35:37.0263 2164 FDResPub - ok
22:35:37.0307 2164 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:35:37.0311 2164 FileInfo - ok
22:35:37.0361 2164 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:35:37.0361 2164 Filetrace - ok
22:35:37.0401 2164 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:35:37.0401 2164 flpydisk - ok
22:35:37.0473 2164 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:35:37.0483 2164 FltMgr - ok
22:35:37.0593 2164 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
22:35:37.0613 2164 FontCache - ok
22:35:37.0935 2164 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:35:37.0965 2164 FontCache3.0.0.0 - ok
22:35:38.0035 2164 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:35:38.0035 2164 FsDepends - ok
22:35:38.0107 2164 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
22:35:38.0127 2164 Fs_Rec - ok
22:35:38.0207 2164 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
22:35:38.0217 2164 fvevol - ok
22:35:38.0287 2164 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:35:38.0297 2164 gagp30kx - ok
22:35:38.0417 2164 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:35:38.0447 2164 GameConsoleService - ok
22:35:38.0527 2164 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
22:35:38.0557 2164 gpsvc - ok
22:35:38.0669 2164 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:35:38.0669 2164 gupdate - ok
22:35:38.0729 2164 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:35:38.0729 2164 gupdatem - ok
22:35:38.0781 2164 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:35:38.0781 2164 hcw85cir - ok
22:35:38.0851 2164 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
22:35:38.0871 2164 HdAudAddService - ok
22:35:38.0931 2164 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
22:35:38.0931 2164 HDAudBus - ok
22:35:38.0979 2164 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:35:38.0983 2164 HidBatt - ok
22:35:39.0041 2164 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:35:39.0043 2164 HidBth - ok
22:35:39.0113 2164 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:35:39.0113 2164 HidIr - ok
22:35:39.0175 2164 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
22:35:39.0175 2164 hidserv - ok
22:35:39.0255 2164 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
22:35:39.0265 2164 HidUsb - ok
22:35:39.0325 2164 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
22:35:39.0325 2164 hkmsvc - ok
22:35:39.0390 2164 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
22:35:39.0397 2164 HomeGroupListener - ok
22:35:39.0443 2164 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
22:35:39.0452 2164 HomeGroupProvider - ok
22:35:39.0509 2164 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
22:35:39.0519 2164 HpSAMD - ok
22:35:39.0599 2164 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
22:35:39.0629 2164 HTTP - ok
22:35:39.0659 2164 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
22:35:39.0659 2164 hwpolicy - ok
22:35:39.0741 2164 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
22:35:39.0741 2164 i8042prt - ok
22:35:39.0851 2164 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
22:35:39.0861 2164 iaStorV - ok
22:35:40.0043 2164 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:35:40.0083 2164 IDriverT - ok
22:35:40.0235 2164 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:35:40.0275 2164 idsvc - ok
22:35:40.0537 2164 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120423.001\IDSvix86.sys
22:35:40.0547 2164 IDSVix86 - ok
22:35:40.0707 2164 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:35:40.0707 2164 iirsp - ok
22:35:40.0827 2164 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
22:35:40.0847 2164 IKEEXT - ok
22:35:41.0130 2164 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
22:35:41.0216 2164 IntcAzAudAddService - ok
22:35:41.0388 2164 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
22:35:41.0391 2164 intelide - ok
22:35:41.0432 2164 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:35:41.0433 2164 intelppm - ok
22:35:41.0453 2164 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
22:35:41.0463 2164 IPBusEnum - ok
22:35:41.0508 2164 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:35:41.0530 2164 IpFilterDriver - ok
22:35:41.0595 2164 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
22:35:41.0605 2164 iphlpsvc - ok
22:35:41.0635 2164 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:35:41.0635 2164 IPMIDRV - ok
22:35:41.0675 2164 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:35:41.0685 2164 IPNAT - ok
22:35:41.0725 2164 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:35:41.0725 2164 IRENUM - ok
22:35:41.0765 2164 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
22:35:41.0775 2164 isapnp - ok
22:35:41.0832 2164 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
22:35:41.0857 2164 iScsiPrt - ok
22:35:41.0927 2164 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
22:35:41.0927 2164 kbdclass - ok
22:35:41.0999 2164 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
22:35:41.0999 2164 kbdhid - ok
22:35:42.0061 2164 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:35:42.0061 2164 KeyIso - ok
22:35:42.0101 2164 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
22:35:42.0117 2164 KSecDD - ok
22:35:42.0158 2164 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
22:35:42.0173 2164 KSecPkg - ok
22:35:42.0248 2164 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
22:35:42.0260 2164 KtmRm - ok
22:35:42.0345 2164 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
22:35:42.0355 2164 LanmanServer - ok
22:35:42.0425 2164 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
22:35:42.0435 2164 LanmanWorkstation - ok
22:35:42.0509 2164 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:35:42.0513 2164 lltdio - ok
22:35:42.0577 2164 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
22:35:42.0587 2164 lltdsvc - ok
22:35:42.0628 2164 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
22:35:42.0633 2164 lmhosts - ok
22:35:42.0689 2164 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
22:35:42.0709 2164 LPCFilter - ok
22:35:42.0781 2164 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:35:42.0791 2164 LSI_FC - ok
22:35:42.0841 2164 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:35:42.0851 2164 LSI_SAS - ok
22:35:42.0901 2164 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:35:42.0901 2164 LSI_SAS2 - ok
22:35:42.0963 2164 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:35:42.0973 2164 LSI_SCSI - ok
22:35:43.0022 2164 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:35:43.0027 2164 luafv - ok
22:35:43.0060 2164 lxcy_device - ok
22:35:43.0125 2164 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
22:35:43.0125 2164 MBAMSwissArmy - ok
22:35:43.0302 2164 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
22:35:43.0310 2164 McciCMService - ok
22:35:43.0367 2164 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
22:35:43.0387 2164 Mcx2Svc - ok
22:35:43.0437 2164 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:35:43.0437 2164 megasas - ok
22:35:43.0497 2164 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:35:43.0505 2164 MegaSR - ok
22:35:43.0559 2164 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
22:35:43.0569 2164 MMCSS - ok
22:35:43.0621 2164 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:35:43.0621 2164 Modem - ok
22:35:43.0681 2164 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:35:43.0681 2164 monitor - ok
22:35:43.0741 2164 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
22:35:43.0741 2164 mouclass - ok
22:35:43.0797 2164 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:35:43.0803 2164 mouhid - ok
22:35:43.0863 2164 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
22:35:43.0863 2164 mountmgr - ok
22:35:43.0908 2164 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
22:35:43.0914 2164 mpio - ok
22:35:43.0948 2164 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:35:43.0952 2164 mpsdrv - ok
22:35:44.0035 2164 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
22:35:44.0065 2164 MpsSvc - ok
22:35:44.0227 2164 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:35:44.0227 2164 MREMP50 - ok
22:35:44.0267 2164 MREMPR5 - ok
22:35:44.0297 2164 MRENDIS5 - ok
22:35:44.0369 2164 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:35:44.0379 2164 MRESP50 - ok
22:35:44.0421 2164 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
22:35:44.0426 2164 MRxDAV - ok
22:35:44.0491 2164 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
22:35:44.0501 2164 mrxsmb - ok
22:35:44.0571 2164 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:35:44.0581 2164 mrxsmb10 - ok
22:35:44.0653 2164 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:35:44.0653 2164 mrxsmb20 - ok
22:35:44.0710 2164 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
22:35:44.0714 2164 msahci - ok
22:35:44.0760 2164 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
22:35:44.0765 2164 msdsm - ok
22:35:44.0827 2164 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
22:35:44.0827 2164 MSDTC - ok
22:35:44.0901 2164 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:35:44.0904 2164 Msfs - ok
22:35:44.0955 2164 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:35:44.0958 2164 mshidkmdf - ok
22:35:44.0989 2164 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
22:35:44.0989 2164 msisadrv - ok
22:35:45.0061 2164 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
22:35:45.0091 2164 MSiSCSI - ok
22:35:45.0111 2164 msiserver - ok
22:35:45.0163 2164 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:35:45.0173 2164 MSKSSRV - ok
22:35:45.0215 2164 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:35:45.0225 2164 MSPCLOCK - ok
22:35:45.0275 2164 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:35:45.0275 2164 MSPQM - ok
22:35:45.0337 2164 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:35:45.0337 2164 MsRPC - ok
22:35:45.0398 2164 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
22:35:45.0400 2164 mssmbios - ok
22:35:45.0449 2164 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:35:45.0463 2164 MSTEE - ok
22:35:45.0501 2164 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:35:45.0511 2164 MTConfig - ok
22:35:45.0552 2164 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:35:45.0556 2164 Mup - ok
22:35:45.0623 2164 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
22:35:45.0633 2164 napagent - ok
22:35:45.0716 2164 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:35:45.0724 2164 NativeWifiP - ok
22:35:45.0955 2164 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120423.018\NAVENG.SYS
22:35:45.0965 2164 NAVENG - ok
22:35:46.0142 2164 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120423.018\NAVEX15.SYS
22:35:46.0175 2164 NAVEX15 - ok
22:35:46.0367 2164 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
22:35:46.0377 2164 NDIS - ok
22:35:46.0449 2164 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:35:46.0469 2164 NdisCap - ok
22:35:46.0512 2164 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:35:46.0516 2164 NdisTapi - ok
22:35:46.0571 2164 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
22:35:46.0581 2164 Ndisuio - ok
22:35:46.0625 2164 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
22:35:46.0632 2164 NdisWan - ok
22:35:46.0672 2164 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
22:35:46.0673 2164 NDProxy - ok
22:35:46.0743 2164 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:35:46.0756 2164 NetBIOS - ok
22:35:46.0805 2164 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
22:35:46.0805 2164 NetBT - ok
22:35:46.0875 2164 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:35:46.0875 2164 Netlogon - ok
22:35:46.0955 2164 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
22:35:46.0975 2164 Netman - ok
22:35:47.0037 2164 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
22:35:47.0057 2164 netprofm - ok
22:35:47.0157 2164 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:35:47.0167 2164 NetTcpPortSharing - ok
22:35:47.0213 2164 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:35:47.0217 2164 nfrd960 - ok
22:35:47.0471 2164 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
22:35:47.0481 2164 NIS - ok
22:35:47.0531 2164 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
22:35:47.0541 2164 NlaSvc - ok
22:35:47.0609 2164 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\windows\system32\DRIVERS\pctnullport.sys
22:35:47.0632 2164 Nmea - ok
22:35:47.0663 2164 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:35:47.0663 2164 Npfs - ok
22:35:47.0693 2164 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
22:35:47.0709 2164 nsi - ok
22:35:47.0737 2164 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:35:47.0743 2164 nsiproxy - ok
22:35:47.0875 2164 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
22:35:47.0895 2164 Ntfs - ok
22:35:47.0935 2164 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:35:47.0935 2164 Null - ok
22:35:47.0985 2164 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
22:35:48.0015 2164 nvraid - ok
22:35:48.0057 2164 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
22:35:48.0064 2164 nvstor - ok
22:35:48.0117 2164 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
22:35:48.0122 2164 nv_agp - ok
22:35:48.0167 2164 NWADI (0973c0c696780161f4526586d5eac422) C:\windows\system32
 
\DRIVERS\NWADIenum.sys
22:35:48.0173 2164 NWADI - ok
22:35:48.0307 2164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:35:48.0337 2164 odserv - ok
22:35:48.0387 2164 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
22:35:48.0397 2164 ohci1394 - ok
22:35:48.0467 2164 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:35:48.0487 2164 ose - ok
22:35:48.0567 2164 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
22:35:48.0577 2164 p2pimsvc - ok
22:35:48.0639 2164 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
22:35:48.0649 2164 p2psvc - ok
22:35:48.0709 2164 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:35:48.0709 2164 Parport - ok
22:35:48.0749 2164 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
22:35:48.0776 2164 partmgr - ok
22:35:48.0821 2164 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:35:48.0821 2164 Parvdm - ok
22:35:48.0893 2164 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
22:35:48.0903 2164 PcaSvc - ok
22:35:48.0958 2164 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
22:35:48.0964 2164 pci - ok
22:35:49.0020 2164 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
22:35:49.0024 2164 pciide - ok
22:35:49.0099 2164 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:35:49.0108 2164 pcmcia - ok
22:35:49.0122 2164 PCTINDIS5 - ok
22:35:49.0161 2164 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:35:49.0163 2164 pcw - ok
22:35:49.0229 2164 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:35:49.0238 2164 PEAUTH - ok
22:35:49.0402 2164 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
22:35:49.0451 2164 pla - ok
22:35:49.0595 2164 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
22:35:49.0615 2164 PlugPlay - ok
22:35:49.0675 2164 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
22:35:49.0695 2164 PNRPAutoReg - ok
22:35:49.0767 2164 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
22:35:49.0777 2164 PNRPsvc - ok
22:35:49.0859 2164 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
22:35:49.0869 2164 PolicyAgent - ok
22:35:49.0951 2164 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
22:35:49.0961 2164 Power - ok
22:35:50.0043 2164 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:35:50.0063 2164 PptpMiniport - ok
22:35:50.0103 2164 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:35:50.0103 2164 Processor - ok
22:35:50.0163 2164 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\windows\system32\profsvc.dll
22:35:50.0173 2164 ProfSvc - ok
22:35:50.0232 2164 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:35:50.0235 2164 ProtectedStorage - ok
22:35:50.0295 2164 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:35:50.0305 2164 Psched - ok
22:35:50.0437 2164 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:35:50.0477 2164 ql2300 - ok
22:35:50.0619 2164 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:35:50.0619 2164 ql40xx - ok
22:35:50.0689 2164 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
22:35:50.0699 2164 QWAVE - ok
22:35:50.0739 2164 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:35:50.0751 2164 QWAVEdrv - ok
22:35:50.0805 2164 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:35:50.0808 2164 RasAcd - ok
22:35:50.0861 2164 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:35:50.0871 2164 RasAgileVpn - ok
22:35:50.0931 2164 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
22:35:50.0933 2164 RasAuto - ok
22:35:51.0003 2164 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:35:51.0013 2164 Rasl2tp - ok
22:35:51.0093 2164 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
22:35:51.0113 2164 RasMan - ok
22:35:51.0153 2164 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:35:51.0163 2164 RasPppoe - ok
22:35:51.0213 2164 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:35:51.0223 2164 RasSstp - ok
22:35:51.0273 2164 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
22:35:51.0283 2164 rdbss - ok
22:35:51.0343 2164 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:35:51.0343 2164 rdpbus - ok
22:35:51.0373 2164 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
22:35:51.0383 2164 RDPCDD - ok
22:35:51.0455 2164 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:35:51.0455 2164 RDPENCDD - ok
22:35:51.0524 2164 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:35:51.0527 2164 RDPREFMP - ok
22:35:51.0597 2164 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\windows\system32\drivers\RDPWD.sys
22:35:51.0597 2164 RDPWD - ok
22:35:51.0657 2164 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
22:35:51.0667 2164 rdyboost - ok
22:35:51.0717 2164 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
22:35:51.0717 2164 RemoteAccess - ok
22:35:51.0771 2164 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
22:35:51.0809 2164 RemoteRegistry - ok
22:35:51.0839 2164 RimUsb - ok
22:35:51.0941 2164 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
22:35:51.0961 2164 RimVSerPort - ok
22:35:52.0021 2164 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
22:35:52.0031 2164 ROOTMODEM - ok
22:35:52.0143 2164 RoxLiveShare9 - ok
22:35:52.0193 2164 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
22:35:52.0203 2164 RpcEptMapper - ok
22:35:52.0255 2164 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
22:35:52.0274 2164 RpcLocator - ok
22:35:52.0345 2164 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
22:35:52.0355 2164 RpcSs - ok
22:35:52.0395 2164 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:35:52.0395 2164 rspndr - ok
22:35:52.0445 2164 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
22:35:52.0475 2164 RSUSBSTOR - ok
22:35:52.0525 2164 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
22:35:52.0535 2164 RTL8167 - ok
22:35:52.0606 2164 RTL8187Se (5bd298bdf62e6a8a0fc69f73a82a52bb) C:\windows\system32\DRIVERS\RTL8187Se.sys
22:35:52.0637 2164 RTL8187Se - ok
22:35:52.0667 2164 RtsUIR - ok
22:35:52.0729 2164 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:35:52.0729 2164 SamSs - ok
22:35:52.0789 2164 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
22:35:52.0809 2164 sbp2port - ok
22:35:52.0869 2164 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
22:35:52.0879 2164 SCardSvr - ok
22:35:52.0921 2164 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
22:35:52.0925 2164 scfilter - ok
22:35:53.0011 2164 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
22:35:53.0031 2164 Schedule - ok
22:35:53.0093 2164 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
22:35:53.0098 2164 SCPolicySvc - ok
22:35:53.0153 2164 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
22:35:53.0183 2164 SDRSVC - ok
22:35:53.0253 2164 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:35:53.0253 2164 secdrv - ok
22:35:53.0303 2164 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
22:35:53.0313 2164 seclogon - ok
22:35:53.0385 2164 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
22:35:53.0392 2164 SENS - ok
22:35:53.0435 2164 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
22:35:53.0445 2164 SensrSvc - ok
22:35:53.0505 2164 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:35:53.0507 2164 Serenum - ok
22:35:53.0547 2164 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:35:53.0561 2164 Serial - ok
22:35:53.0609 2164 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:35:53.0609 2164 sermouse - ok
22:35:53.0711 2164 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
22:35:53.0721 2164 SessionEnv - ok
22:35:53.0765 2164 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
22:35:53.0769 2164 sffdisk - ok
22:35:53.0833 2164 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:35:53.0833 2164 sffp_mmc - ok
22:35:53.0873 2164 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
22:35:53.0901 2164 sffp_sd - ok
22:35:53.0945 2164 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:35:53.0945 2164 sfloppy - ok
22:35:54.0017 2164 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
22:35:54.0027 2164 SharedAccess - ok
22:35:54.0099 2164 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
22:35:54.0109 2164 ShellHWDetection - ok
22:35:54.0156 2164 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
22:35:54.0160 2164 sisagp - ok
22:35:54.0211 2164 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:35:54.0221 2164 SiSRaid2 - ok
22:35:54.0270 2164 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:35:54.0275 2164 SiSRaid4 - ok
22:35:54.0343 2164 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:35:54.0343 2164 Smb - ok
22:35:54.0435 2164 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
22:35:54.0443 2164 SNMPTRAP - ok
22:35:54.0478 2164 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:35:54.0481 2164 spldr - ok
22:35:54.0565 2164 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
22:35:54.0585 2164 Spooler - ok
22:35:54.0847 2164 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
22:35:54.0954 2164 sppsvc - ok
22:35:55.0081 2164 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
22:35:55.0091 2164 sppuinotify - ok
22:35:55.0150 2164 SprintRcAppSvc - ok
22:35:55.0323 2164 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\windows\System32\Drivers\NIS\1306020.00A\SRTSP.SYS
22:35:55.0333 2164 SRTSP - ok
22:35:55.0455 2164 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\windows\system32\drivers\NIS\1307000.009\SRTSPX.SYS
22:35:55.0485 2164 SRTSPX - ok
22:35:55.0557 2164 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
22:35:55.0577 2164 srv - ok
22:35:55.0672 2164 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
22:35:55.0683 2164 srv2 - ok
22:35:55.0743 2164 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
22:35:55.0749 2164 srvnet - ok
22:35:55.0829 2164 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
22:35:55.0829 2164 sscdbus - ok
22:35:55.0911 2164 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
22:35:55.0921 2164 SSDPSRV - ok
22:35:55.0973 2164 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
22:35:55.0981 2164 SstpSvc - ok
22:35:56.0027 2164 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:35:56.0031 2164 stexstor - ok
22:35:56.0113 2164 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
22:35:56.0133 2164 StiSvc - ok
22:35:56.0187 2164 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
22:35:56.0190 2164 swenum - ok
22:35:56.0275 2164 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\windows\System32\drivers\swmsflt.sys
22:35:56.0285 2164 swmsflt - ok
22:35:56.0345 2164 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\windows\system32\DRIVERS\swmx00.sys
22:35:56.0355 2164 swmx00 - ok
22:35:56.0425 2164 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\windows\system32\DRIVERS\SWNC5E00.sys
22:35:56.0435 2164 SWNC5E00 - ok
22:35:56.0515 2164 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
22:35:56.0527 2164 swprv - ok
22:35:56.0667 2164 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\windows\system32\drivers\NIS\1307000.009\SYMDS.SYS
22:35:56.0677 2164 SymDS - ok
22:35:56.0819 2164 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS
22:35:56.0839 2164 SymEFA - ok
22:35:56.0931 2164 SymEvent (74e2521e96176a4449570e50be91954d) C:\windows\system32\Drivers\SYMEVENT.SYS
22:35:56.0931 2164 SymEvent - ok
22:35:57.0031 2164 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\windows\system32\drivers\NIS\1307000.009\Ironx86.SYS
22:35:57.0031 2164 SymIRON - ok
22:35:57.0163 2164 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\windows\System32\Drivers\NIS\1306020.00A\SYMNETS.SYS
22:35:57.0163 2164 SymNetS - ok
22:35:57.0245 2164 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
22:35:57.0255 2164 SynTP - ok
22:35:57.0375 2164 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
22:35:57.0405 2164 SysMain - ok
22:35:57.0453 2164 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
22:35:57.0457 2164 TabletInputService - ok
22:35:57.0519 2164 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
22:35:57.0539 2164 TapiSrv - ok
22:35:57.0583 2164 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
22:35:57.0591 2164 TBS - ok
22:35:57.0761 2164 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
22:35:57.0781 2164 Tcpip - ok
22:35:57.0873 2164 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
22:35:57.0897 2164 TCPIP6 - ok
22:35:57.0975 2164 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
22:35:57.0985 2164 tcpipreg - ok
22:35:58.0067 2164 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:35:58.0067 2164 tdcmdpst - ok
22:35:58.0119 2164 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
22:35:58.0119 2164 TDPIPE - ok
22:35:58.0179 2164 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
22:35:58.0179 2164 TDTCP - ok
22:35:58.0251 2164 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
22:35:58.0271 2164 tdx - ok
22:35:58.0331 2164 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
22:35:58.0351 2164 TermDD - ok
22:35:58.0441 2164 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
22:35:58.0451 2164 TermService - ok
22:35:58.0491 2164 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
22:35:58.0503 2164 Themes - ok
22:35:58.0553 2164 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
22:35:58.0557 2164 THREADORDER - ok
22:35:58.0663 2164 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:35:58.0663 2164 TMachInfo - ok
22:35:58.0743 2164 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
22:35:58.0743 2164 TODDSrv - ok
22:35:58.0875 2164 TosCoSrv (451b09ba1a0d019ba0b5a27229559d55) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:35:58.0885 2164 TosCoSrv - ok
22:35:58.0947 2164 TOSHIBA HDD SSD Alert Service (94ecabe1ba3559214fe6c3ce6c9677eb) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:35:58.0977 2164 TOSHIBA HDD SSD Alert Service - ok
22:35:59.0077 2164 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
22:35:59.0087 2164 tos_sps32 - ok
22:35:59.0157 2164 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
22:35:59.0167 2164 TrkWks - ok
22:35:59.0249 2164 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
22:35:59.0259 2164 TrustedInstaller - ok
22:35:59.0329 2164 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
22:35:59.0331 2164 tssecsrv - ok
22:35:59.0391 2164 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
22:35:59.0401 2164 tunnel - ok
22:35:59.0463 2164 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:35:59.0463 2164 TVALZ - ok
22:35:59.0522 2164 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:35:59.0525 2164 uagp35 - ok
22:35:59.0583 2164 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
22:35:59.0587 2164 udfs - ok
22:35:59.0678 2164 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
22:35:59.0699 2164 UI0Detect - ok
22:35:59.0769 2164 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
22:35:59.0769 2164 uliagpkx - ok
22:35:59.0829 2164 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
22:35:59.0839 2164 umbus - ok
22:35:59.0899 2164 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:35:59.0909 2164 UmPass - ok
22:35:59.0971 2164 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
22:35:59.0981 2164 upnphost - ok
22:36:00.0061 2164 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
22:36:00.0071 2164 usbaudio - ok
22:36:00.0116 2164 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
22:36:00.0122 2164 usbccgp - ok
22:36:00.0153 2164 USBCCID - ok
22:36:00.0223 2164 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
22:36:00.0243 2164 usbcir - ok
22:36:00.0305 2164 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
22:36:00.0305 2164 usbehci - ok
22:36:00.0365 2164 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
22:36:00.0375 2164 usbhub - ok
22:36:00.0425 2164 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\DRIVERS\usbohci.sys
22:36:00.0425 2164 usbohci - ok
22:36:00.0497 2164 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:36:00.0497 2164 usbprint - ok
22:36:00.0547 2164 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
22:36:00.0557 2164 usbscan - ok
22:36:00.0619 2164 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:36:00.0629 2164 USBSTOR - ok
22:36:00.0689 2164 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
22:36:00.0689 2164 usbuhci - ok
22:36:00.0761 2164 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
22:36:00.0771 2164 UxSms - ok
22:36:00.0833 2164 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
22:36:00.0833 2164 VaultSvc - ok
22:36:00.0893 2164 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
22:36:00.0903 2164 vdrvroot - ok
22:36:00.0993 2164 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
22:36:01.0013 2164 vds - ok
22:36:01.0075 2164 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:36:01.0095 2164 vga - ok
22:36:01.0135 2164 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:36:01.0135 2164 VgaSave - ok
22:36:01.0187 2164 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
22:36:01.0197 2164 vhdmp - ok
22:36:01.0242 2164 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
22:36:01.0248 2164 viaagp - ok
22:36:01.0299 2164 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:36:01.0299 2164 ViaC7 - ok
22:36:01.0339 2164 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
22:36:01.0353 2164 viaide - ok
22:36:01.0398 2164 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
22:36:01.0401 2164 volmgr - ok
22:36:01.0471 2164 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:36:01.0471 2164 volmgrx - ok
22:36:01.0543 2164 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
22:36:01.0553 2164 volsnap - ok
22:36:01.0623 2164 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:36:01.0633 2164 vsmraid - ok
22:36:01.0753 2164 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
22:36:01.0795 2164 VSS - ok
22:36:01.0865 2164 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:36:01.0875 2164 vwifibus - ok
22:36:01.0922 2164 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:36:01.0927 2164 vwififlt - ok
22:36:01.0987 2164 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
22:36:01.0987 2164 vwifimp - ok
22:36:02.0069 2164 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
22:36:02.0079 2164 W32Time - ok
22:36:02.0129 2164 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:36:02.0133 2164 WacomPen - ok
22:36:02.0171 2164 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:36:02.0181 2164 WANARP - ok
22:36:02.0201 2164 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:36:02.0201 2164 Wanarpv6 - ok
22:36:02.0383 2164 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
22:36:02.0403 2164 WatAdminSvc - ok
22:36:02.0535 2164 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
22:36:02.0575 2164 wbengine - ok
22:36:02.0631 2164 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
22:36:02.0642 2164 WbioSrvc - ok
22:36:02.0707 2164 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
22:36:02.0727 2164 wcncsvc - ok
22:36:02.0780 2164 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
22:36:02.0789 2164 WcsPlugInService - ok
22:36:02.0859 2164 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:36:02.0859 2164 Wd - ok
22:36:02.0931 2164 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:36:02.0941 2164 Wdf01000 - ok
22:36:02.0991 2164 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
22:36:03.0001 2164 WdiServiceHost - ok
22:36:03.0021 2164 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
22:36:03.0031 2164 WdiSystemHost - ok
22:36:03.0113 2164 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
22:36:03.0123 2164 WebClient - ok
22:36:03.0190 2164 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
22:36:03.0195 2164 Wecsvc - ok
22:36:03.0235 2164 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
22:36:03.0235 2164 wercplsupport - ok
22:36:03.0297 2164 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
22:36:03.0307 2164 WerSvc - ok
22:36:03.0371 2164 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:36:03.0375 2164 WfpLwf - ok
22:36:03.0429 2164 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:36:03.0429 2164 WIMMount - ok
22:36:03.0469 2164 WinHttpAutoProxySvc - ok
22:36:03.0551 2164 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
22:36:03.0551 2164 Winmgmt - ok
22:36:03.0682 2164 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
22:36:03.0711 2164 WinRM - ok
22:36:03.0833 2164 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
22:36:03.0843 2164 WinUsb - ok
22:36:03.0963 2164 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
22:36:03.0993 2164 Wlansvc - ok
22:36:04.0045 2164 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
22:36:04.0045 2164 WmiAcpi - ok
22:36:04.0137 2164 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
22:36:04.0137 2164 wmiApSrv - ok
22:36:04.0307 2164 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:36:04.0327 2164 WMPNetworkSvc - ok
22:36:04.0387 2164 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
22:36:04.0398 2164 WPCSvc - ok
22:36:04.0438 2164 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
22:36:04.0448 2164 WPDBusEnum - ok
22:36:04.0519 2164 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:36:04.0519 2164 ws2ifsl - ok
22:36:04.0539 2164 WSearch - ok
22:36:04.0733 2164 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\windows\system32\wuaueng.dll
22:36:04.0761 2164 wuauserv - ok
22:36:04.0881 2164 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
22:36:04.0891 2164 WudfPf - ok
22:36:04.0931 2164 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
22:36:04.0931 2164 wudfsvc - ok
22:36:04.0971 2164 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
22:36:05.0001 2164 WwanSvc - ok
22:36:05.0193 2164 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:36:05.0223 2164 YahooAUService - ok
22:36:05.0357 2164 MBR (0x1B8) (f3c579bffdc2fabb0a2300421fc3ad48) \Device\Harddisk0\DR0
22:36:05.0377 2164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
22:36:05.0377 2164 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
22:36:05.0427 2164 Boot (0x1200) (3e2d8ff930a548fe6bfa83167efb82c4) \Device\Harddisk0\DR0\Partition0
22:36:05.0437 2164 \Device\Harddisk0\DR0\Partition0 - ok
22:36:05.0447 2164 ============================================================
22:36:05.0447 2164 Scan finished
22:36:05.0447 2164 ============================================================
22:36:05.0493 4256 Detected object count: 1
22:36:05.0493 4256 Actual detected object count: 1
22:36:23.0599 4256 \Device\Harddisk0\DR0\# - copied to quarantine
22:36:23.0599 4256 \Device\Harddisk0\DR0 - copied to quarantine
22:36:23.0639 4256 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:36:23.0649 4256 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
22:36:23.0649 4256 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
22:36:23.0659 4256 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
22:36:23.0659 4256 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
22:36:23.0669 4256 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
22:36:23.0701 4256 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
22:36:23.0711 4256 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
22:36:23.0711 4256 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
22:36:23.0721 4256 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:36:23.0731 4256 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:36:23.0741 4256 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:36:23.0754 4256 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:36:23.0760 4256 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
22:36:23.0766 4256 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
22:36:23.0789 4256 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
22:36:23.0796 4256 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
22:36:23.0853 4256 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
22:36:23.0913 4256 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
22:36:23.0963 4256 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
22:36:23.0973 4256 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
22:36:24.0227 4256 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
22:36:24.0287 4256 \Device\Harddisk0\DR0 - processing error
22:42:39.0801 4256 \Device\Harddisk0\DR0 - will be restored on reboot
22:42:39.0991 4256 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
22:43:03.0255 5112 Deinitialize success
 
asw has been running, but is it supposed to say anything when done? It was scanning and looks like it just stopped mid scan... here is the log anyhow.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 23:04:55
-----------------------------
23:04:55.096 OS Version: Windows 6.1.7600
23:04:55.096 Number of processors: 1 586 0x301
23:04:55.096 ComputerName: JAY-PC UserName: jay
23:05:10.103 Initialize success
23:07:08.155 AVAST engine defs: 12042301
23:07:25.393 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:07:25.409 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11
23:07:25.424 Disk 0 MBR read successfully
23:07:25.440 Disk 0 MBR scan
23:07:25.440 Disk 0 Windows XP default MBR code
23:07:25.456 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:07:25.487 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
23:07:25.518 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
23:07:25.565 Disk 0 scanning sectors +488396800
23:07:25.877 Disk 0 scanning C:\windows\system32\drivers
23:07:43.068 Service scanning
23:08:45.499 Modules scanning
23:09:09.711 Disk 0 trace - called modules:
23:09:09.773 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
23:09:09.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e6bac8]
23:09:09.804 3 CLASSPNP.SYS[88ce759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85e5f340]
23:09:10.771 AVAST engine scan C:\windows
23:09:13.891 AVAST engine scan C:\windows\system32
23:14:02.710 AVAST engine scan C:\windows\system32\drivers
23:14:23.053 AVAST engine scan C:\Users\jay
23:18:09.188 Disk 0 MBR has been saved successfully to "C:\Users\jay\Desktop\MBR.dat"
23:18:09.203 The log file has been saved successfully to "C:\Users\jay\Desktop\aswMBR.txt"
 
Very good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni, it froze up in mid scan I got an error Freeware implimentation of xclacls has stopped working.
 
I also apologize, I am exhausted... and have to get up in a few hours. Would you mind if we finished this up tomorrow night about 9pm?
 
Apologies Broni, unexpected work schedule is keeping me away from finishing up. Please don't close my thread. Should get back with you on Monday... Tuesday at latest. Thanks
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
544
Mark Fuller
M
R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
Squid Surprise
Threadripper 7980x Build - occasional black screen?
Replies
5
Views
208
Squid Surprise
Squid Surprise

Latest posts

Back