Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe under the description “winrscmde”


  • This topic is locked This topic is locked
18 replies to this topic

#1 Louiep

Louiep

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 17 October 2011 - 11:13 AM

Hello. I am having a bad time of it. I would be very very grateful for any help. I recently resorted to a fresh install of windows on my Desktop to rid myself of malware. I would really like to avoid that on my laptop.

I have the virus where the globalroot\systemroot\svchost.exe under the description “winrscmde” eats cpu and sends and receives over the network.

I was using ZA Suite and was getting dll errors whcih went away when I uninstalled it. So I recently switched to AVG Free and Zone Alarm Free. I ran malewarebytes last night.

I have followed all of the steps in the ‘Preparation Guide’.

I will post my DDS log with this message and attach the attach.txt file. I will then post my GMER log in the next post.

I really appreciate any help you can offer. Thanks very much. Louis.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Louis at 11:56:56 on 2011-10-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5814.3015 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Users\Louis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\perfmon.exe
C:\Windows\System32\perfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://secure.kirchmeyer.com/default.asp
uDefault_Page_URL = hxxp://esupport.sony.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Louis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTray] C:\Program Files\ITknowledge24\uTray.exe -auto
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Louis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Louis\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Louis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\Users\Louis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RT-UPD~1.LNK - C:\Ross-Tech\VCDS\VCDS.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{34205B37-1385-4CA1-8809-91E6FE61AF91} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{34205B37-1385-4CA1-8809-91E6FE61AF91}\458656C456D6F6E64784F6573756 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{34205B37-1385-4CA1-8809-91E6FE61AF91}\74162716765602342756164796F6E637 : DhcpNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli c:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\s44s6nh6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Louis\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\Louis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Louis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-4-10 9663848]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-6 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-12-1 190496]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-9-1 259192]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-13 2337144]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-6 2320920]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-3 571248]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-9-1 44736]
S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-2-10 222720]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-25 136176]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [2011-2-13 544768]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-25 136176]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 RT-USB;Ross-Tech USB driver;C:\Windows\system32\drivers\RT-USB64.SYS --> C:\Windows\system32\drivers\RT-USB64.SYS [?]
S3 Ser2ph;Microsoft USB GPS driver;C:\Windows\system32\DRIVERS\ser2ph64.sys --> C:\Windows\system32\DRIVERS\ser2ph64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-12-1 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
.
=============== Created Last 30 ================
.
2011-10-17 14:44:32 -------- d-----w- C:\Users\Louis\AppData\Roaming\AVG2012
2011-10-17 14:42:56 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-17 14:42:48 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-10-17 14:41:03 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2011-10-17 14:41:03 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
2011-10-17 14:41:01 458840 ----a-w- C:\Windows\System32\drivers\~GLH0024.TMP
2011-10-17 14:40:59 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys
2011-10-17 14:15:03 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{358612CC-BAB2-45C5-A26C-A42ADF8D0BFE}\mpengine.dll
2011-10-17 03:32:42 -------- d-----w- C:\Users\Louis\AppData\Roaming\Malwarebytes
2011-10-17 03:32:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-17 03:32:34 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-17 03:32:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-17 01:00:41 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-10-17 00:55:58 -------- d-----w- C:\ProgramData\AVG2012
2011-10-17 00:55:45 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-17 00:42:16 -------- d--h--w- C:\ProgramData\Common Files
2011-10-17 00:34:41 -------- d-----w- C:\ProgramData\MFAData
2011-10-17 00:31:13 20480 ----a-w- C:\Windows\svchost.exe
2011-10-17 00:06:54 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-17 00:06:50 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-17 00:06:50 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-17 00:06:50 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-17 00:06:49 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-17 00:06:10 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-17 00:06:10 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-17 00:06:10 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-17 00:06:10 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-15 19:49:58 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-10-13 15:18:17 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-10-05 16:06:44 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP3.DLL
2011-10-05 16:06:44 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_CNBPP3.DLL
2011-10-04 04:38:09 -------- d-----w- C:\Windows\Internet Logs
2011-10-04 04:37:48 -------- d-----w- C:\Users\Louis\AppData\Roaming\CheckPoint
2011-10-04 04:37:47 -------- d-----w- C:\Program Files (x86)\zonealarm_security_suite
2011-10-04 04:37:34 -------- d-----w- C:\Program Files\CheckPoint
2011-10-04 04:13:33 -------- d-----w- C:\Program Files (x86)\CheckPoint
.
==================== Find3M ====================
.
2011-09-13 16:41:59 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys
2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-24 17:17:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-16 21:49:25 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 11:57:12.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 17 October 2011 - 11:15 AM

Here is the GMER log. Thanks again for looking. And helping I hope!


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-17 12:05:34
Windows 6.1.7601 Service Pack 1
Running: q0p7v0l4.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a1ff08
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313d94ead
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313d94ead@1ce2cc434045 0x9B 0xA6 0x4D 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a1ff08 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313d94ead (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313d94ead@1ce2cc434045 0x9B 0xA6 0x4D 0x34 ...

---- EOF - GMER 1.0.15 ----

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 22 October 2011 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#4 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 24 October 2011 - 10:26 AM

Thanks very much for the reply. I have followed your instructions and unfortunately the aswMBR.exe program gives me a blue screen. It appears to happen after the program encounters a driver in the iostor folder. It happens very quickly so it is difficult to discern.

Below is the log from TDSSKiller.exe after reboot and removal of the malware item which it found.

Again, I appreciate your help very much. If you require the other log and have any suggestions, I will try them promptly. I got the blue screen on each of 4 attempts.

10:23:27.0216 3868 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
10:23:28.0401 3868 ============================================================
10:23:28.0401 3868 Current date / time: 2011/10/24 10:23:28.0401
10:23:28.0401 3868 SystemInfo:
10:23:28.0401 3868
10:23:28.0401 3868 OS Version: 6.1.7601 ServicePack: 1.0
10:23:28.0401 3868 Product type: Workstation
10:23:28.0401 3868 ComputerName: SONYZ
10:23:28.0401 3868 UserName: Louis
10:23:28.0401 3868 Windows directory: C:\Windows
10:23:28.0401 3868 System windows directory: C:\Windows
10:23:28.0401 3868 Running under WOW64
10:23:28.0401 3868 Processor architecture: Intel x64
10:23:28.0401 3868 Number of processors: 4
10:23:28.0401 3868 Page size: 0x1000
10:23:28.0401 3868 Boot type: Normal boot
10:23:28.0401 3868 ============================================================
10:23:28.0604 3868 Initialize success
10:23:37.0730 3672 ============================================================
10:23:37.0730 3672 Scan started
10:23:37.0730 3672 Mode: Manual;
10:23:37.0730 3672 ============================================================
10:23:37.0824 3672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:23:37.0839 3672 1394ohci - ok
10:23:37.0839 3672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:23:37.0855 3672 ACPI - ok
10:23:37.0855 3672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:23:37.0855 3672 AcpiPmi - ok
10:23:37.0870 3672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:23:37.0886 3672 adp94xx - ok
10:23:37.0902 3672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:23:37.0902 3672 adpahci - ok
10:23:37.0917 3672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:23:37.0917 3672 adpu320 - ok
10:23:37.0933 3672 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:23:37.0933 3672 AFD - ok
10:23:37.0948 3672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:23:37.0948 3672 agp440 - ok
10:23:37.0948 3672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:23:37.0964 3672 aliide - ok
10:23:37.0964 3672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:23:37.0964 3672 amdide - ok
10:23:37.0980 3672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:23:37.0980 3672 AmdK8 - ok
10:23:37.0980 3672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:23:37.0980 3672 AmdPPM - ok
10:23:37.0995 3672 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
10:23:37.0995 3672 amdsata - ok
10:23:37.0995 3672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:23:38.0011 3672 amdsbs - ok
10:23:38.0011 3672 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
10:23:38.0011 3672 amdxata - ok
10:23:38.0011 3672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:23:38.0026 3672 AppID - ok
10:23:38.0042 3672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:23:38.0042 3672 arc - ok
10:23:38.0042 3672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:23:38.0042 3672 arcsas - ok
10:23:38.0058 3672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:23:38.0058 3672 AsyncMac - ok
10:23:38.0058 3672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:23:38.0058 3672 atapi - ok
10:23:38.0089 3672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:23:38.0089 3672 b06bdrv - ok
10:23:38.0104 3672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:23:38.0104 3672 b57nd60a - ok
10:23:38.0120 3672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:23:38.0120 3672 Beep - ok
10:23:38.0136 3672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:23:38.0136 3672 blbdrive - ok
10:23:38.0151 3672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:23:38.0151 3672 bowser - ok
10:23:38.0151 3672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:23:38.0151 3672 BrFiltLo - ok
10:23:38.0167 3672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:23:38.0167 3672 BrFiltUp - ok
10:23:38.0182 3672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:23:38.0182 3672 Brserid - ok
10:23:38.0182 3672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:23:38.0198 3672 BrSerWdm - ok
10:23:38.0198 3672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:23:38.0198 3672 BrUsbMdm - ok
10:23:38.0198 3672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:23:38.0198 3672 BrUsbSer - ok
10:23:38.0214 3672 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:23:38.0214 3672 BthEnum - ok
10:23:38.0214 3672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:23:38.0229 3672 BTHMODEM - ok
10:23:38.0229 3672 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:23:38.0229 3672 BthPan - ok
10:23:38.0245 3672 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:23:38.0260 3672 BTHPORT - ok
10:23:38.0276 3672 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:23:38.0276 3672 BTHUSB - ok
10:23:38.0276 3672 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
10:23:38.0276 3672 btusbflt - ok
10:23:38.0292 3672 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
10:23:38.0292 3672 btwaudio - ok
10:23:38.0292 3672 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
10:23:38.0292 3672 btwavdt - ok
10:23:38.0307 3672 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:23:38.0307 3672 btwl2cap - ok
10:23:38.0307 3672 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
10:23:38.0323 3672 btwrchid - ok
10:23:38.0323 3672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:23:38.0323 3672 cdfs - ok
10:23:38.0338 3672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:23:38.0338 3672 cdrom - ok
10:23:38.0338 3672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:23:38.0338 3672 circlass - ok
10:23:38.0354 3672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:23:38.0370 3672 CLFS - ok
10:23:38.0370 3672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:23:38.0385 3672 CmBatt - ok
10:23:38.0385 3672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:23:38.0385 3672 cmdide - ok
10:23:38.0401 3672 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:23:38.0401 3672 CNG - ok
10:23:38.0416 3672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:23:38.0416 3672 Compbatt - ok
10:23:38.0416 3672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:23:38.0416 3672 CompositeBus - ok
10:23:38.0448 3672 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
10:23:38.0448 3672 cpudrv64 - ok
10:23:38.0448 3672 cpuz130 - ok
10:23:38.0463 3672 cpuz134 - ok
10:23:38.0479 3672 cpuz135 - ok
10:23:38.0494 3672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:23:38.0494 3672 crcdisk - ok
10:23:38.0510 3672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:23:38.0526 3672 CSC - ok
10:23:38.0541 3672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:23:38.0541 3672 DfsC - ok
10:23:38.0557 3672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:23:38.0557 3672 discache - ok
10:23:38.0557 3672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:23:38.0572 3672 Disk - ok
10:23:38.0588 3672 dlkmd (5d5b9e1e45b1eb727efeab0f44c7e4ef) C:\Windows\system32\drivers\dlkmd.sys
10:23:38.0588 3672 dlkmd - ok
10:23:38.0588 3672 dlkmdldr (b701a03d4c256a288d89d615e139cb7c) C:\Windows\system32\drivers\dlkmdldr.sys
10:23:38.0588 3672 dlkmdldr - ok
10:23:38.0604 3672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:23:38.0604 3672 drmkaud - ok
10:23:38.0635 3672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:23:38.0635 3672 DXGKrnl - ok
10:23:38.0650 3672 DxkgFilter - ok
10:23:38.0650 3672 e1kexpress (fcd4e9eaa7682d5fa4acef433c3b42a8) C:\Windows\system32\DRIVERS\e1k62x64.sys
10:23:38.0666 3672 e1kexpress - ok
10:23:38.0728 3672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:23:38.0760 3672 ebdrv - ok
10:23:38.0791 3672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:23:38.0806 3672 elxstor - ok
10:23:38.0806 3672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:23:38.0806 3672 ErrDev - ok
10:23:38.0838 3672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:23:38.0838 3672 exfat - ok
10:23:38.0853 3672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:23:38.0853 3672 fastfat - ok
10:23:38.0853 3672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:23:38.0869 3672 fdc - ok
10:23:38.0869 3672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:23:38.0884 3672 FileInfo - ok
10:23:38.0884 3672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:23:38.0884 3672 Filetrace - ok
10:23:38.0900 3672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:23:38.0900 3672 flpydisk - ok
10:23:38.0916 3672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:23:38.0916 3672 FltMgr - ok
10:23:38.0931 3672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:23:38.0931 3672 FsDepends - ok
10:23:38.0931 3672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:23:38.0931 3672 Fs_Rec - ok
10:23:38.0947 3672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:23:38.0947 3672 fvevol - ok
10:23:38.0962 3672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:23:38.0962 3672 gagp30kx - ok
10:23:38.0978 3672 GPU-Z - ok
10:23:38.0994 3672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:23:38.0994 3672 hcw85cir - ok
10:23:39.0009 3672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:23:39.0009 3672 HdAudAddService - ok
10:23:39.0025 3672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:23:39.0025 3672 HDAudBus - ok
10:23:39.0025 3672 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
10:23:39.0025 3672 HECIx64 - ok
10:23:39.0040 3672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:23:39.0040 3672 HidBatt - ok
10:23:39.0056 3672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:23:39.0056 3672 HidBth - ok
10:23:39.0056 3672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:23:39.0056 3672 HidIr - ok
10:23:39.0072 3672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:23:39.0072 3672 HidUsb - ok
10:23:39.0087 3672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:23:39.0103 3672 HpSAMD - ok
10:23:39.0118 3672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:23:39.0134 3672 HTTP - ok
10:23:39.0134 3672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:23:39.0134 3672 hwpolicy - ok
10:23:39.0150 3672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:23:39.0150 3672 i8042prt - ok
10:23:39.0165 3672 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
10:23:39.0165 3672 iaStor - ok
10:23:39.0181 3672 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
10:23:39.0196 3672 iaStorV - ok
10:23:39.0212 3672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:23:39.0212 3672 iirsp - ok
10:23:39.0228 3672 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
10:23:39.0228 3672 Impcd - ok
10:23:39.0290 3672 IntcAzAudAddService (9aa1e982bc10176ce316aadfbd5c28f5) C:\Windows\system32\drivers\RTKVHD64.sys
10:23:39.0306 3672 IntcAzAudAddService - ok
10:23:39.0321 3672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:23:39.0321 3672 intelide - ok
10:23:39.0321 3672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
10:23:39.0321 3672 intelppm - ok
10:23:39.0337 3672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:23:39.0337 3672 IpFilterDriver - ok
10:23:39.0352 3672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:23:39.0352 3672 IPMIDRV - ok
10:23:39.0368 3672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:23:39.0368 3672 IPNAT - ok
10:23:39.0368 3672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:23:39.0368 3672 IRENUM - ok
10:23:39.0384 3672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:23:39.0384 3672 isapnp - ok
10:23:39.0399 3672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:23:39.0399 3672 iScsiPrt - ok
10:23:39.0399 3672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:23:39.0399 3672 kbdclass - ok
10:23:39.0415 3672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:23:39.0415 3672 kbdhid - ok
10:23:39.0430 3672 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:23:39.0430 3672 KSecDD - ok
10:23:39.0446 3672 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:23:39.0446 3672 KSecPkg - ok
10:23:39.0446 3672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:23:39.0446 3672 ksthunk - ok
10:23:39.0477 3672 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:23:39.0477 3672 LEqdUsb - ok
10:23:39.0493 3672 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:23:39.0493 3672 LHidEqd - ok
10:23:39.0493 3672 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:23:39.0493 3672 LHidFilt - ok
10:23:39.0508 3672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:23:39.0508 3672 lltdio - ok
10:23:39.0524 3672 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:23:39.0524 3672 LMouFilt - ok
10:23:39.0540 3672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:23:39.0540 3672 LSI_FC - ok
10:23:39.0555 3672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:23:39.0555 3672 LSI_SAS - ok
10:23:39.0571 3672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:23:39.0571 3672 LSI_SAS2 - ok
10:23:39.0571 3672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:23:39.0586 3672 LSI_SCSI - ok
10:23:39.0586 3672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:23:39.0586 3672 luafv - ok
10:23:39.0602 3672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:23:39.0602 3672 megasas - ok
10:23:39.0618 3672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:23:39.0618 3672 MegaSR - ok
10:23:39.0633 3672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:23:39.0633 3672 Modem - ok
10:23:39.0649 3672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:23:39.0649 3672 monitor - ok
10:23:39.0649 3672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:23:39.0649 3672 mouclass - ok
10:23:39.0664 3672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:23:39.0664 3672 mouhid - ok
10:23:39.0680 3672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:23:39.0680 3672 mountmgr - ok
10:23:39.0680 3672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:23:39.0696 3672 mpio - ok
10:23:39.0696 3672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:23:39.0696 3672 mpsdrv - ok
10:23:39.0711 3672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:23:39.0711 3672 MRxDAV - ok
10:23:39.0727 3672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:23:39.0727 3672 mrxsmb - ok
10:23:39.0742 3672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:23:39.0742 3672 mrxsmb10 - ok
10:23:39.0758 3672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:23:39.0758 3672 mrxsmb20 - ok
10:23:39.0774 3672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:23:39.0774 3672 msahci - ok
10:23:39.0774 3672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:23:39.0789 3672 msdsm - ok
10:23:39.0805 3672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:23:39.0805 3672 Msfs - ok
10:23:39.0805 3672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:23:39.0805 3672 mshidkmdf - ok
10:23:39.0820 3672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:23:39.0820 3672 msisadrv - ok
10:23:39.0836 3672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:23:39.0836 3672 MSKSSRV - ok
10:23:39.0852 3672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:23:39.0852 3672 MSPCLOCK - ok
10:23:39.0852 3672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:23:39.0852 3672 MSPQM - ok
10:23:39.0867 3672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:23:39.0883 3672 MsRPC - ok
10:23:39.0883 3672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:23:39.0883 3672 mssmbios - ok
10:23:39.0898 3672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:23:39.0898 3672 MSTEE - ok
10:23:39.0914 3672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:23:39.0914 3672 MTConfig - ok
10:23:39.0914 3672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:23:39.0930 3672 Mup - ok
10:23:39.0930 3672 NAL (1ad461d0f9a490da5fec2fb0ed5695e9) C:\Windows\system32\Drivers\iqvw64e.sys
10:23:39.0930 3672 NAL - ok
10:23:39.0961 3672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:23:39.0961 3672 NativeWifiP - ok
10:23:39.0992 3672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:23:39.0992 3672 NDIS - ok
10:23:40.0008 3672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:23:40.0008 3672 NdisCap - ok
10:23:40.0023 3672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:23:40.0023 3672 NdisTapi - ok
10:23:40.0023 3672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:23:40.0023 3672 Ndisuio - ok
10:23:40.0039 3672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:23:40.0039 3672 NdisWan - ok
10:23:40.0054 3672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:23:40.0054 3672 NDProxy - ok
10:23:40.0070 3672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:23:40.0070 3672 NetBIOS - ok
10:23:40.0086 3672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:23:40.0086 3672 NetBT - ok
10:23:40.0210 3672 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
10:23:40.0288 3672 NETw5s64 - ok
10:23:40.0429 3672 NETwNs64 (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
10:23:40.0522 3672 NETwNs64 - ok
10:23:40.0522 3672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:23:40.0522 3672 nfrd960 - ok
10:23:40.0538 3672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:23:40.0538 3672 Npfs - ok
10:23:40.0554 3672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:23:40.0554 3672 nsiproxy - ok
10:23:40.0600 3672 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
10:23:40.0632 3672 Ntfs - ok
10:23:40.0632 3672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:23:40.0632 3672 Null - ok
10:23:40.0647 3672 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys
10:23:40.0647 3672 NVHDA - ok
10:23:40.0834 3672 nvlddmkm (b6eb581314bb82acd5784eee38694855) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:23:40.0975 3672 nvlddmkm - ok
10:23:40.0990 3672 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
10:23:40.0990 3672 nvraid - ok
10:23:41.0006 3672 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
10:23:41.0006 3672 nvstor - ok
10:23:41.0022 3672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:23:41.0022 3672 nv_agp - ok
10:23:41.0037 3672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:23:41.0053 3672 ohci1394 - ok
10:23:41.0068 3672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:23:41.0068 3672 Parport - ok
10:23:41.0084 3672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:23:41.0084 3672 partmgr - ok
10:23:41.0100 3672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:23:41.0100 3672 pci - ok
10:23:41.0115 3672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:23:41.0115 3672 pciide - ok
10:23:41.0131 3672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:23:41.0131 3672 pcmcia - ok
10:23:41.0146 3672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:23:41.0146 3672 pcw - ok
10:23:41.0162 3672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:23:41.0178 3672 PEAUTH - ok
10:23:41.0209 3672 pneteth (8ac5649c9070674d4607301c180ab10b) C:\Windows\system32\DRIVERS\pneteth.sys
10:23:41.0224 3672 pneteth - ok
10:23:41.0224 3672 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
10:23:41.0224 3672 pnetmdm - ok
10:23:41.0256 3672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:23:41.0271 3672 PptpMiniport - ok
10:23:41.0271 3672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:23:41.0271 3672 Processor - ok
10:23:41.0302 3672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:23:41.0302 3672 Psched - ok
10:23:41.0302 3672 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
10:23:41.0302 3672 PxHlpa64 - ok
10:23:41.0334 3672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:23:41.0365 3672 ql2300 - ok
10:23:41.0365 3672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:23:41.0380 3672 ql40xx - ok
10:23:41.0380 3672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:23:41.0396 3672 QWAVEdrv - ok
10:23:41.0396 3672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:23:41.0396 3672 RasAcd - ok
10:23:41.0412 3672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:23:41.0412 3672 RasAgileVpn - ok
10:23:41.0427 3672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:23:41.0427 3672 Rasl2tp - ok
10:23:41.0443 3672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:23:41.0443 3672 RasPppoe - ok
10:23:41.0458 3672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:23:41.0458 3672 RasSstp - ok
10:23:41.0474 3672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:23:41.0474 3672 rdbss - ok
10:23:41.0490 3672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:23:41.0490 3672 rdpbus - ok
10:23:41.0505 3672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:23:41.0505 3672 RDPCDD - ok
10:23:41.0521 3672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:23:41.0521 3672 RDPDR - ok
10:23:41.0536 3672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:23:41.0536 3672 RDPENCDD - ok
10:23:41.0552 3672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:23:41.0552 3672 RDPREFMP - ok
10:23:41.0552 3672 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:23:41.0568 3672 RDPWD - ok
10:23:41.0583 3672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:23:41.0583 3672 rdyboost - ok
10:23:41.0599 3672 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:23:41.0614 3672 RFCOMM - ok
10:23:41.0614 3672 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
10:23:41.0614 3672 rimspci - ok
10:23:41.0630 3672 risdsnpe (aa7b4ac7cb1281349cd61de067f00d5d) C:\Windows\system32\drivers\risdsne64.sys
10:23:41.0630 3672 risdsnpe - ok
10:23:41.0646 3672 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
10:23:41.0646 3672 ROOTMODEM - ok
10:23:41.0677 3672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:23:41.0677 3672 rspndr - ok
10:23:41.0692 3672 RT-USB (5bdaf690fe82d8e531328de7e766fb7a) C:\Windows\system32\drivers\RT-USB64.SYS
10:23:41.0692 3672 RT-USB - ok
10:23:41.0708 3672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:23:41.0708 3672 s3cap - ok
10:23:41.0724 3672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:23:41.0739 3672 sbp2port - ok
10:23:41.0755 3672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:23:41.0755 3672 scfilter - ok
10:23:41.0770 3672 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:23:41.0770 3672 sdbus - ok
10:23:41.0786 3672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:23:41.0786 3672 secdrv - ok
10:23:41.0817 3672 Ser2ph (de3135e7ed559fc1c1b92aa7ba52ccdb) C:\Windows\system32\DRIVERS\ser2ph64.sys
10:23:41.0817 3672 Ser2ph - ok
10:23:41.0833 3672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:23:41.0833 3672 Serenum - ok
10:23:41.0833 3672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:23:41.0848 3672 Serial - ok
10:23:41.0848 3672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:23:41.0848 3672 sermouse - ok
10:23:41.0880 3672 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
10:23:41.0880 3672 SFEP - ok
10:23:41.0895 3672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:23:41.0895 3672 sffdisk - ok
10:23:41.0911 3672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:23:41.0911 3672 sffp_mmc - ok
10:23:41.0926 3672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:23:41.0926 3672 sffp_sd - ok
10:23:41.0926 3672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:23:41.0926 3672 sfloppy - ok
10:23:41.0958 3672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:23:41.0958 3672 SiSRaid2 - ok
10:23:41.0973 3672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:23:41.0973 3672 SiSRaid4 - ok
10:23:41.0973 3672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:23:41.0989 3672 Smb - ok
10:23:42.0004 3672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:23:42.0004 3672 spldr - ok
10:23:42.0036 3672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:23:42.0051 3672 srv - ok
10:23:42.0067 3672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:23:42.0067 3672 srv2 - ok
10:23:42.0082 3672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:23:42.0082 3672 srvnet - ok
10:23:42.0098 3672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:23:42.0114 3672 stexstor - ok
10:23:42.0129 3672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:23:42.0129 3672 storflt - ok
10:23:42.0145 3672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:23:42.0145 3672 storvsc - ok
10:23:42.0160 3672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:23:42.0160 3672 swenum - ok
10:23:42.0176 3672 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
10:23:42.0176 3672 SynTP - ok
10:23:42.0238 3672 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
10:23:42.0270 3672 Tcpip - ok
10:23:42.0301 3672 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
10:23:42.0316 3672 TCPIP6 - ok
10:23:42.0332 3672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:23:42.0332 3672 tcpipreg - ok
10:23:42.0348 3672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:23:42.0348 3672 TDPIPE - ok
10:23:42.0363 3672 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:23:42.0363 3672 TDTCP - ok
10:23:42.0379 3672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:23:42.0379 3672 tdx - ok
10:23:42.0394 3672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:23:42.0394 3672 TermDD - ok
10:23:42.0426 3672 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
10:23:42.0426 3672 TPM - ok
10:23:42.0457 3672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:23:42.0457 3672 tssecsrv - ok
10:23:42.0472 3672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:23:42.0472 3672 TsUsbFlt - ok
10:23:42.0488 3672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:23:42.0488 3672 tunnel - ok
10:23:42.0504 3672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:23:42.0504 3672 uagp35 - ok
10:23:42.0519 3672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:23:42.0535 3672 udfs - ok
10:23:42.0550 3672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:23:42.0566 3672 uliagpkx - ok
10:23:42.0566 3672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:23:42.0566 3672 umbus - ok
10:23:42.0582 3672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:23:42.0582 3672 UmPass - ok
10:23:42.0613 3672 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
10:23:42.0613 3672 usbccgp - ok
10:23:42.0628 3672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:23:42.0628 3672 usbcir - ok
10:23:42.0644 3672 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
10:23:42.0644 3672 usbehci - ok
10:23:42.0660 3672 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
10:23:42.0660 3672 usbhub - ok
10:23:42.0675 3672 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
10:23:42.0675 3672 usbohci - ok
10:23:42.0691 3672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
10:23:42.0691 3672 usbprint - ok
10:23:42.0706 3672 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:23:42.0706 3672 USBSTOR - ok
10:23:42.0722 3672 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
10:23:42.0722 3672 usbuhci - ok
10:23:42.0738 3672 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:23:42.0738 3672 usbvideo - ok
10:23:42.0784 3672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:23:42.0784 3672 vdrvroot - ok
10:23:42.0800 3672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:23:42.0816 3672 vga - ok
10:23:42.0816 3672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:23:42.0816 3672 VgaSave - ok
10:23:42.0831 3672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:23:42.0847 3672 vhdmp - ok
10:23:42.0847 3672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:23:42.0847 3672 viaide - ok
10:23:42.0862 3672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:23:42.0862 3672 vmbus - ok
10:23:42.0878 3672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:23:42.0878 3672 VMBusHID - ok
10:23:42.0894 3672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:23:42.0894 3672 volmgr - ok
10:23:42.0909 3672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:23:42.0909 3672 volmgrx - ok
10:23:42.0940 3672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:23:42.0940 3672 volsnap - ok
10:23:42.0956 3672 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
10:23:42.0972 3672 Vsdatant - ok
10:23:42.0987 3672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:23:42.0987 3672 vsmraid - ok
10:23:43.0018 3672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:23:43.0018 3672 vwifibus - ok
10:23:43.0034 3672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:23:43.0034 3672 vwififlt - ok
10:23:43.0034 3672 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:23:43.0050 3672 vwifimp - ok
10:23:43.0081 3672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:23:43.0081 3672 WacomPen - ok
10:23:43.0096 3672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:23:43.0096 3672 WANARP - ok
10:23:43.0096 3672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:23:43.0096 3672 Wanarpv6 - ok
10:23:43.0143 3672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:23:43.0143 3672 Wd - ok
10:23:43.0174 3672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:23:43.0190 3672 Wdf01000 - ok
10:23:43.0237 3672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:23:43.0237 3672 WfpLwf - ok
10:23:43.0252 3672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:23:43.0252 3672 WIMMount - ok
10:23:43.0315 3672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
10:23:43.0315 3672 WinUsb - ok
10:23:43.0330 3672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:23:43.0330 3672 WmiAcpi - ok
10:23:43.0393 3672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:23:43.0393 3672 ws2ifsl - ok
10:23:43.0440 3672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:23:43.0440 3672 WudfPf - ok
10:23:43.0455 3672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:23:43.0455 3672 WUDFRd - ok
10:23:43.0518 3672 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0
10:23:43.0518 3672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:23:43.0518 3672 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:23:43.0533 3672 Boot (0x1200) (c89ae6cf7a9490f1eb3b0ec1ba1723f8) \Device\Harddisk0\DR0\Partition0
10:23:43.0533 3672 \Device\Harddisk0\DR0\Partition0 - ok
10:23:43.0533 3672 Boot (0x1200) (1c02e759915a67183f1226b67dc97793) \Device\Harddisk0\DR0\Partition1
10:23:43.0533 3672 \Device\Harddisk0\DR0\Partition1 - ok
10:23:43.0533 3672 ============================================================
10:23:43.0533 3672 Scan finished
10:23:43.0533 3672 ============================================================
10:23:43.0549 8036 Detected object count: 1
10:23:43.0549 8036 Actual detected object count: 1
10:24:11.0847 8036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:24:11.0847 8036 \Device\Harddisk0\DR0 - ok
10:24:11.0847 8036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:24:14.0016 0372 Deinitialize success

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 25 October 2011 - 09:52 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please let me know what problem persists.

#6 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 October 2011 - 11:50 PM

Thanks again. I disabled zone alarm (free firewall) and ensured windows' firewall was also disabled; no anti-virus to disable(AVG has mysteriously disappeared). I then ran combofix from the desktop, log attached.

I then turned on the firewall again so that I could safely connect to the internet to check for my primary symptom (globalroot\systemroot\svchost.exe trying to connect). The symptom remains. Also, the computer will return from standby, but when trying to turn on after hibernating, the computer will not start. I am asked if I want to start normally or in safe mode. If I choose normal, the startup fails until the windows recovery program loads and runs and the computer restarts, successfully. Is my description comprehensible? If not, I can try to provide more details.

So presently the symptoms are:
1) globalroot\systemroot\svchost.exe trying to connect to the internet
2) faliure to start after hibernate (every time)
3) AVG uninstalled without permission (maybe this is because after the startup failure, I am being restored to pre-AVG)
4) aswMBR.exe results in BSOD (blue screen)

That is all I have for now. I am certainly happy to do more, please let me know... And thanks again for your time.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 26 October 2011 - 07:52 AM

ComboFix shows that the file in bold was deleted

c:\windows\svchost.exe

A rootkit infection was removed by the TDSSKiller tool.

Can you please try to run the aswMBR.exe tool and submit the log if you can.

Run ComboFix again and post the log for my review.

#8 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 26 October 2011 - 10:51 AM

I noticed that action had been taken on the the rootkit and a few files (the C:\Windows\Roaming folder was also deleted by ComboFix if I recall correctly).

aswMBR.exe will now run. Log and Data attached.

I am sorry to possibly be annoying, but I did not run ComboFix a second time in case you wish to take action on the aswMBR results first.

I will wait for your reply. Thanks very much for your continued assistance.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 26 October 2011 - 01:37 PM

You still have a rootkit infection.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Run the aswMBR again and post the log.

#10 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 26 October 2011 - 04:58 PM

I have attached the log file from TDSSKiller

I cannot run aswMBR presently, I get the blue screen again.

I think last time I was able to run aswMBR after I ran comboFix.

Thanks again! Louis.

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 27 October 2011 - 08:56 AM

Did your try to run the aswMBR after the TDSSKiller run which removed the rootkit?

If not try it and post the log.

Is the problem persisting?

#12 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 27 October 2011 - 07:58 PM

Yes, I attempted aswMBR just after running TDSS Killer.

I will try again now... It got to this line: "Device \Driver\iaStor -> MajorFunction fffffa80082455c4" and no BSOD, the screen just froze, the computer would not respond to any input even after left for 30 minutes.

The following problems still exist

1) globalroot\systemroot\svchost.exe trying to connect to the internet
2) faliure to start after hibernate (every time)
3) AVG uninstalled without permission (maybe this is because after the startup failure, I am being restored to pre-AVG)
4) aswMBR.exe results in BSOD (blue screen)
5) the executable tools which I have been instructed to use keep disappearing from my desktop where I have placed them, this could be because the computer fails to start and windows attempts to resolve the problem. Does windows use a restore point to resolve the problem? Would this remove the files?

Thanks again. Please let me know what more I can do. Louis.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 28 October 2011 - 07:32 AM

Looks like your IaStor.sys file is corrupted.

Let see if we can find a good copy.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    IaStor.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 October 2011 - 11:28 PM

The log is below. I also found that I have these three files on my computer:

C:\Users\Louis\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\110213162738173.rsc
C:\Users\Louis\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\110213191047666.rsc
C:\Users\Louis\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\110213191151578.rsc

Similar files are mentioned in this thread: http://www.bleepingcomputer.com/forums/topic370008.html -See posts #3 and #4

Thanks again for your help!

---------------------------------------------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 00:22 on 29/10/2011 by Louis
Administrator - Elevation successful

========== filefind ==========

Searching for "IaStor.sys"
C:\Windows\System32\drivers\iaStor.sys --a---- 540696 bytes [19:51 01/12/2010] [00:51 04/03/2010] ABBF174CB394F5C437410A788B7E404A
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_59158fde2592da5a\iaStor.sys --a---- 537112 bytes [00:38 07/02/2010] [23:09 20/11/2009] 073A606333B6F7BBF20AA856DF7F0997
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys --a---- 540696 bytes [19:51 01/12/2010] [00:51 04/03/2010] ABBF174CB394F5C437410A788B7E404A

-= EOF =-

#15 Louiep

Louiep
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 October 2011 - 11:29 PM

CORRECTION - I should have said posts #5 and #6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users