Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System32 Trojan Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Troslle

Troslle

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 05 January 2012 - 06:17 PM

Hello, thank you for taking the time to read my issue.
I have what is believed to be a trojan horse infection in my system32 folder. The infection was discovered through AVG Free anti-virus however it was not removed due to it being a critical system file and whitelisted.

Whenever I run programs especially anti-virus/malware programs AVG gives me a threat notice:
c:\Windows\System32\drivers\netbt.sys is infected with a Trojan horse Agent_r.AWW
and says the process is the .exe of the program I started.
Soon after the initial detection of that file, AVG detected another trojan "Trojan horse Agent_r.AWW" with the path
c:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
however this one was successfully moved to the virus vault, but I have not permanently deleted it yet.


I have attempted a few times to solve my issue with Malware Bytes Anti-Malware, however it goes undetected in the full computer scan. (Usually MBAM solves all of my computer infection problems)

System Information:
- Windows Vista Home Basic SP2
- 32-bit OS
- I do not have the original windows CD as the OS came pre-installed on my computer.

If I do any attempts to fix this problem while waiting for a response it will only be:
(In safe-mode)
1) Run a "TDSSKiller" Antirootkit scan
2) Run Rkill
3) Run a full Malwarebyte's Anti-malware scan

Other resources inform me to delete the system32 file, which seems like poor judgement since usually when you start doing that you're computer doesn't start or something serious of the sort so I will wait for an educated response from you guys :thumbup2:

DDS Log
.DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19170
Run by User at 17:04:56 on 2012-01-05
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3061.1293 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090720
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090720
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 216.144.187.101 216.144.187.199
TCP: Interfaces\{B3655C1B-E705-412D-BDB8-D3CC0BA3B4DA} : DhcpNameServer = 216.144.187.101 216.144.187.199
TCP: Interfaces\{CBCC1598-71D6-4247-8202-5386C3DB3285} : DhcpNameServer = 216.144.187.101 216.144.187.199
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\qqwo8z01.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2009-8-4 73728]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-20 111616]
.
=============== Created Last 30 ================
.
2011-12-14 20:04:46	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M  ====================
.
2011-12-10 20:24:06	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 06:42:16	144	----a-w-	c:\users\user\appdata\roaming\tlzsmv3rq.bat
2011-11-08 14:42:19	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 06:22:04	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 06:17:38	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08	71680	----a-w-	c:\windows\system32\iesetup.dll
2011-11-03 06:17:08	109056	----a-w-	c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43	385024	----a-w-	c:\windows\system32\html.iec
2011-11-03 04:45:39	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-24 19:29:02	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-14 16:02:19	429056	----a-w-	c:\windows\system32\EncDec.dll
.
============= FINISH: 17:05:33.27 ===============


GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-05 17:53:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00
Running: b1ove4cz.exe; Driver: C:\Users\User\AppData\Local\Temp\pxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

?               C:\Users\User\AppData\Local\Temp\mbr.sys                                               The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5068] USER32.dll!SetWindowLongA  76EDE7CD 5 Bytes  JMP 65AC3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5068] USER32.dll!SetWindowLongW  76EE13B4 5 Bytes  JMP 65AC3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5068] USER32.dll!GetWindowInfo   76EE428E 5 Bytes  JMP 6586C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5068] USER32.dll!TrackPopupMenu  76EF14F3 5 Bytes  JMP 6586CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5316] ntdll.dll!LdrLoadDll                779393A8 5 Bytes  JMP 656EB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \Driver\00001057 \GLOBAL??\319d0de2                                                    87522880

---- Files - GMER 1.0.15 ----

File            C:\Windows\$NtUninstallKB15487$\3823347492                                             0 bytes
File            C:\Windows\$NtUninstallKB15487$\832376290                                              0 bytes
File            C:\Windows\$NtUninstallKB15487$\832376290\L                                            0 bytes
File            C:\Windows\$NtUninstallKB15487$\832376290\U                                            0 bytes

---- EOF - GMER 1.0.15 ----

Attached File  Attach.zip   2.88KB   1 downloads

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 07 January 2012 - 08:23 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Troslle

Troslle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 08 January 2012 - 02:44 PM

I tried using combofix but it was unsuccessful.
I disabled AVG, ran combofix...it extracted and backed up fine but then stayed on the scanning step and I gave it plenty of additional time.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 08 January 2012 - 03:38 PM

Hi,

Please try it again from the safe mode

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Troslle

Troslle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 09 January 2012 - 03:00 AM

Ok, did that. No log was produced, unless it saves elsewhere than desktop. I was just given a dialogue box that says:
"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/icp stack. This is a particularly difficult infection."

Also now at random and when logging on, I get dialogue boxes that say the recycle bin drive is corrupt and asks if I want to clear the recycle bin drive.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 09 January 2012 - 11:00 PM

Hi,

Please do this and post the log, (or let me know if none was found).

Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Troslle

Troslle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 10 January 2012 - 02:13 AM

It is not found when I run "c:\combofix.txt"

(And yes my main drive is C)

Edited by Troslle, 10 January 2012 - 02:14 AM.


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 10 January 2012 - 10:38 PM

Troslle:

Thanks for checking. Please run this for me:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Troslle

Troslle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 11 January 2012 - 12:39 AM

Ok, did it. Nothing malicious was found and here is the log.

TDSSKiller Log
00:35:13.0195 1752 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
00:35:13.0460 1752 ============================================================
00:35:13.0460 1752 Current date / time: 2012/01/11 00:35:13.0460
00:35:13.0460 1752 SystemInfo:
00:35:13.0460 1752
00:35:13.0460 1752 OS Version: 6.0.6002 ServicePack: 2.0
00:35:13.0460 1752 Product type: Workstation
00:35:13.0460 1752 ComputerName: USER-PC
00:35:13.0460 1752 UserName: User
00:35:13.0460 1752 Windows directory: C:\Windows
00:35:13.0460 1752 System windows directory: C:\Windows
00:35:13.0460 1752 Processor architecture: Intel x86
00:35:13.0460 1752 Number of processors: 2
00:35:13.0460 1752 Page size: 0x1000
00:35:13.0460 1752 Boot type: Safe boot with network
00:35:13.0460 1752 ============================================================
00:35:14.0069 1752 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
00:35:14.0209 1752 Initialize success
00:35:22.0103 1848 ============================================================
00:35:22.0103 1848 Scan started
00:35:22.0103 1848 Mode: Manual;
00:35:22.0103 1848 ============================================================
00:35:22.0508 1848 .netbt - ok
00:35:22.0789 1848 42681013 - ok
00:35:22.0945 1848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:35:22.0945 1848 ACPI - ok
00:35:23.0117 1848 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:35:23.0117 1848 adp94xx - ok
00:35:23.0273 1848 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:35:23.0288 1848 adpahci - ok
00:35:23.0429 1848 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:35:23.0429 1848 adpu160m - ok
00:35:23.0569 1848 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:35:23.0569 1848 adpu320 - ok
00:35:23.0787 1848 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:35:23.0803 1848 AFD - ok
00:35:23.0943 1848 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:35:23.0943 1848 agp440 - ok
00:35:24.0115 1848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:35:24.0115 1848 aic78xx - ok
00:35:24.0255 1848 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:35:24.0255 1848 aliide - ok
00:35:24.0411 1848 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:35:24.0411 1848 amdagp - ok
00:35:24.0552 1848 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:35:24.0552 1848 amdide - ok
00:35:24.0708 1848 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:35:24.0708 1848 AmdK7 - ok
00:35:24.0848 1848 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:35:24.0864 1848 AmdK8 - ok
00:35:25.0004 1848 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:35:25.0004 1848 ApfiltrService - ok
00:35:25.0207 1848 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:35:25.0207 1848 arc - ok
00:35:25.0379 1848 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:35:25.0379 1848 arcsas - ok
00:35:25.0535 1848 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:35:25.0535 1848 AsyncMac - ok
00:35:25.0675 1848 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:35:25.0675 1848 atapi - ok
00:35:25.0847 1848 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
00:35:25.0847 1848 BCM42RLY - ok
00:35:26.0018 1848 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:35:26.0018 1848 BCM43XX - ok
00:35:26.0205 1848 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:35:26.0205 1848 Beep - ok
00:35:26.0361 1848 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:35:26.0361 1848 blbdrive - ok
00:35:26.0533 1848 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:35:26.0533 1848 bowser - ok
00:35:26.0689 1848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:35:26.0689 1848 BrFiltLo - ok
00:35:26.0829 1848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:35:26.0829 1848 BrFiltUp - ok
00:35:26.0985 1848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:35:26.0985 1848 Brserid - ok
00:35:27.0126 1848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:35:27.0126 1848 BrSerWdm - ok
00:35:27.0266 1848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:35:27.0266 1848 BrUsbMdm - ok
00:35:27.0407 1848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:35:27.0407 1848 BrUsbSer - ok
00:35:27.0563 1848 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:35:27.0563 1848 BTHMODEM - ok
00:35:27.0656 1848 catchme - ok
00:35:27.0797 1848 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:35:27.0797 1848 cdfs - ok
00:35:27.0921 1848 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:35:27.0937 1848 cdrom - ok
00:35:28.0093 1848 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:35:28.0093 1848 circlass - ok
00:35:28.0218 1848 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:35:28.0218 1848 CLFS - ok
00:35:28.0374 1848 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:35:28.0374 1848 CmBatt - ok
00:35:28.0530 1848 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:35:28.0530 1848 cmdide - ok
00:35:28.0655 1848 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:35:28.0670 1848 Compbatt - ok
00:35:28.0811 1848 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:35:28.0811 1848 crcdisk - ok
00:35:28.0935 1848 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:35:28.0935 1848 Crusoe - ok
00:35:29.0123 1848 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:35:29.0123 1848 DfsC - ok
00:35:29.0357 1848 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:35:29.0357 1848 disk - ok
00:35:29.0544 1848 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
00:35:29.0544 1848 Dot4 - ok
00:35:29.0669 1848 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:35:29.0669 1848 Dot4Print - ok
00:35:29.0809 1848 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
00:35:29.0809 1848 dot4usb - ok
00:35:29.0965 1848 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:35:29.0965 1848 drmkaud - ok
00:35:30.0105 1848 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
00:35:30.0105 1848 DXGKrnl - ok
00:35:30.0308 1848 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
00:35:30.0308 1848 e1express - ok
00:35:30.0449 1848 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:35:30.0449 1848 E1G60 - ok
00:35:30.0605 1848 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:35:30.0605 1848 Ecache - ok
00:35:30.0761 1848 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:35:30.0761 1848 elxstor - ok
00:35:30.0917 1848 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
00:35:30.0917 1848 ErrDev - ok
00:35:31.0104 1848 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:35:31.0104 1848 exfat - ok
00:35:31.0244 1848 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:35:31.0244 1848 fastfat - ok
00:35:31.0400 1848 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:35:31.0400 1848 fdc - ok
00:35:31.0556 1848 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:35:31.0556 1848 FileInfo - ok
00:35:31.0697 1848 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:35:31.0697 1848 Filetrace - ok
00:35:31.0853 1848 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:35:31.0853 1848 flpydisk - ok
00:35:31.0977 1848 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:35:31.0977 1848 FltMgr - ok
00:35:32.0133 1848 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:35:32.0133 1848 Fs_Rec - ok
00:35:32.0258 1848 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:35:32.0274 1848 gagp30kx - ok
00:35:32.0430 1848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:35:32.0430 1848 GEARAspiWDM - ok
00:35:32.0570 1848 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:35:32.0570 1848 HdAudAddService - ok
00:35:32.0726 1848 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:35:32.0726 1848 HDAudBus - ok
00:35:32.0867 1848 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:35:32.0867 1848 HidBth - ok
00:35:33.0007 1848 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:35:33.0007 1848 HidIr - ok
00:35:33.0147 1848 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:35:33.0147 1848 HidUsb - ok
00:35:33.0288 1848 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:35:33.0288 1848 HpCISSs - ok
00:35:33.0459 1848 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:35:33.0475 1848 HSF_DPV - ok
00:35:33.0600 1848 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:35:33.0615 1848 HSXHWAZL - ok
00:35:33.0756 1848 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
00:35:33.0756 1848 HTTP - ok
00:35:33.0881 1848 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:35:33.0881 1848 i2omp - ok
00:35:34.0021 1848 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:35:34.0037 1848 i8042prt - ok
00:35:34.0177 1848 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
00:35:34.0177 1848 iaStor - ok
00:35:34.0317 1848 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:35:34.0333 1848 iaStorV - ok
00:35:34.0520 1848 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:35:34.0583 1848 igfx - ok
00:35:34.0707 1848 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:35:34.0707 1848 iirsp - ok
00:35:34.0879 1848 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
00:35:34.0895 1848 IntcHdmiAddService - ok
00:35:35.0035 1848 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
00:35:35.0035 1848 intelide - ok
00:35:35.0175 1848 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:35:35.0175 1848 intelppm - ok
00:35:35.0331 1848 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:35:35.0331 1848 IpFilterDriver - ok
00:35:35.0441 1848 IpInIp - ok
00:35:35.0581 1848 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:35:35.0581 1848 IPMIDRV - ok
00:35:35.0706 1848 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:35:35.0706 1848 IPNAT - ok
00:35:35.0846 1848 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:35:35.0846 1848 IRENUM - ok
00:35:35.0987 1848 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:35:35.0987 1848 isapnp - ok
00:35:36.0127 1848 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:35:36.0127 1848 iScsiPrt - ok
00:35:36.0252 1848 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:35:36.0252 1848 iteatapi - ok
00:35:36.0392 1848 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:35:36.0392 1848 iteraid - ok
00:35:36.0533 1848 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:35:36.0533 1848 kbdclass - ok
00:35:36.0657 1848 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:35:36.0657 1848 kbdhid - ok
00:35:36.0798 1848 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:35:36.0813 1848 KSecDD - ok
00:35:36.0954 1848 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:35:36.0954 1848 lltdio - ok
00:35:37.0094 1848 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:35:37.0094 1848 LSI_FC - ok
00:35:37.0235 1848 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:35:37.0235 1848 LSI_SAS - ok
00:35:37.0375 1848 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:35:37.0375 1848 LSI_SCSI - ok
00:35:37.0500 1848 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:35:37.0500 1848 luafv - ok
00:35:37.0640 1848 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:35:37.0640 1848 mdmxsdk - ok
00:35:37.0796 1848 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:35:37.0796 1848 megasas - ok
00:35:37.0952 1848 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:35:37.0952 1848 MegaSR - ok
00:35:38.0093 1848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:35:38.0093 1848 Modem - ok
00:35:38.0217 1848 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:35:38.0217 1848 monitor - ok
00:35:38.0342 1848 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:35:38.0342 1848 mouclass - ok
00:35:38.0483 1848 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:35:38.0483 1848 mouhid - ok
00:35:38.0623 1848 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:35:38.0623 1848 MountMgr - ok
00:35:38.0748 1848 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:35:38.0763 1848 mpio - ok
00:35:38.0888 1848 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:35:38.0888 1848 mpsdrv - ok
00:35:39.0029 1848 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:35:39.0029 1848 Mraid35x - ok
00:35:39.0169 1848 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:35:39.0169 1848 MRxDAV - ok
00:35:39.0325 1848 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:35:39.0325 1848 mrxsmb - ok
00:35:39.0465 1848 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:35:39.0465 1848 mrxsmb10 - ok
00:35:39.0637 1848 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:35:39.0637 1848 mrxsmb20 - ok
00:35:39.0746 1848 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
00:35:39.0746 1848 msahci - ok
00:35:39.0887 1848 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:35:39.0887 1848 msdsm - ok
00:35:40.0027 1848 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:35:40.0027 1848 Msfs - ok
00:35:40.0152 1848 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:35:40.0152 1848 msisadrv - ok
00:35:40.0292 1848 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:35:40.0308 1848 MSKSSRV - ok
00:35:40.0448 1848 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:35:40.0448 1848 MSPCLOCK - ok
00:35:40.0573 1848 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:35:40.0573 1848 MSPQM - ok
00:35:40.0713 1848 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:35:40.0713 1848 MsRPC - ok
00:35:40.0869 1848 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:35:40.0869 1848 mssmbios - ok
00:35:40.0994 1848 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:35:40.0994 1848 MSTEE - ok
00:35:41.0135 1848 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:35:41.0135 1848 Mup - ok
00:35:41.0275 1848 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:35:41.0291 1848 NativeWifiP - ok
00:35:41.0431 1848 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:35:41.0447 1848 NDIS - ok
00:35:41.0571 1848 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:35:41.0571 1848 NdisTapi - ok
00:35:41.0696 1848 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:35:41.0696 1848 Ndisuio - ok
00:35:41.0837 1848 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:35:41.0837 1848 NdisWan - ok
00:35:41.0961 1848 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:35:41.0961 1848 NDProxy - ok
00:35:42.0117 1848 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:35:42.0117 1848 NetBIOS - ok
00:35:42.0227 1848 netbt - ok
00:35:42.0383 1848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:35:42.0383 1848 nfrd960 - ok
00:35:42.0523 1848 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:35:42.0523 1848 Npfs - ok
00:35:42.0648 1848 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:35:42.0648 1848 nsiproxy - ok
00:35:42.0835 1848 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:35:42.0835 1848 Ntfs - ok
00:35:42.0960 1848 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:35:42.0975 1848 ntrigdigi - ok
00:35:43.0116 1848 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:35:43.0116 1848 Null - ok
00:35:43.0241 1848 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:35:43.0256 1848 nvraid - ok
00:35:43.0381 1848 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:35:43.0381 1848 nvstor - ok
00:35:43.0506 1848 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:35:43.0506 1848 nv_agp - ok
00:35:43.0615 1848 NwlnkFlt - ok
00:35:43.0740 1848 NwlnkFwd - ok
00:35:43.0865 1848 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:35:43.0865 1848 ohci1394 - ok
00:35:44.0005 1848 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:35:44.0005 1848 Parport - ok
00:35:44.0145 1848 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:35:44.0145 1848 partmgr - ok
00:35:44.0270 1848 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:35:44.0270 1848 Parvdm - ok
00:35:44.0426 1848 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:35:44.0426 1848 pci - ok
00:35:44.0567 1848 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:35:44.0567 1848 pciide - ok
00:35:44.0691 1848 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:35:44.0707 1848 pcmcia - ok
00:35:44.0863 1848 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:35:44.0879 1848 PEAUTH - ok
00:35:45.0066 1848 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:35:45.0066 1848 PptpMiniport - ok
00:35:45.0191 1848 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:35:45.0191 1848 Processor - ok
00:35:45.0347 1848 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:35:45.0347 1848 PSched - ok
00:35:45.0503 1848 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
00:35:45.0503 1848 PxHelp20 - ok
00:35:45.0659 1848 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:35:45.0674 1848 ql2300 - ok
00:35:45.0830 1848 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:35:45.0830 1848 ql40xx - ok
00:35:45.0955 1848 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:35:45.0955 1848 QWAVEdrv - ok
00:35:46.0142 1848 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
00:35:46.0205 1848 R300 - ok
00:35:46.0329 1848 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:35:46.0329 1848 RasAcd - ok
00:35:46.0485 1848 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:35:46.0485 1848 Rasl2tp - ok
00:35:46.0626 1848 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:35:46.0626 1848 RasPppoe - ok
00:35:46.0766 1848 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:35:46.0766 1848 RasSstp - ok
00:35:46.0907 1848 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:35:46.0907 1848 rdbss - ok
00:35:47.0031 1848 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:35:47.0031 1848 RDPCDD - ok
00:35:47.0172 1848 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:35:47.0172 1848 rdpdr - ok
00:35:47.0312 1848 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:35:47.0312 1848 RDPENCDD - ok
00:35:47.0453 1848 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:35:47.0453 1848 RDPWD - ok
00:35:47.0609 1848 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:35:47.0609 1848 rimmptsk - ok
00:35:47.0749 1848 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:35:47.0749 1848 rimsptsk - ok
00:35:47.0874 1848 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:35:47.0889 1848 rismxdp - ok
00:35:48.0030 1848 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:35:48.0030 1848 rspndr - ok
00:35:48.0170 1848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:35:48.0170 1848 sbp2port - ok
00:35:48.0311 1848 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:35:48.0311 1848 sdbus - ok
00:35:48.0451 1848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:35:48.0451 1848 secdrv - ok
00:35:48.0576 1848 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:35:48.0576 1848 Serenum - ok
00:35:48.0716 1848 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:35:48.0716 1848 Serial - ok
00:35:48.0841 1848 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:35:48.0841 1848 sermouse - ok
00:35:48.0997 1848 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
00:35:48.0997 1848 sffdisk - ok
00:35:49.0122 1848 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:35:49.0122 1848 sffp_mmc - ok
00:35:49.0262 1848 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:35:49.0262 1848 sffp_sd - ok
00:35:49.0387 1848 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:35:49.0387 1848 sfloppy - ok
00:35:49.0543 1848 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:35:49.0559 1848 sisagp - ok
00:35:49.0683 1848 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:35:49.0683 1848 SiSRaid2 - ok
00:35:49.0824 1848 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:35:49.0824 1848 SiSRaid4 - ok
00:35:49.0964 1848 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:35:49.0964 1848 Smb - ok
00:35:50.0105 1848 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:35:50.0105 1848 spldr - ok
00:35:50.0245 1848 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:35:50.0261 1848 srv - ok
00:35:50.0401 1848 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:35:50.0401 1848 srv2 - ok
00:35:50.0557 1848 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:35:50.0557 1848 srvnet - ok
00:35:50.0697 1848 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\Windows\system32\DRIVERS\ss_bus.sys
00:35:50.0697 1848 ss_bus - ok
00:35:50.0838 1848 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\Windows\system32\DRIVERS\ss_mdfl.sys
00:35:50.0838 1848 ss_mdfl - ok
00:35:50.0994 1848 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\Windows\system32\DRIVERS\ss_mdm.sys
00:35:50.0994 1848 ss_mdm - ok
00:35:51.0150 1848 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
00:35:51.0165 1848 STHDA - ok
00:35:51.0321 1848 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:35:51.0321 1848 swenum - ok
00:35:51.0446 1848 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:35:51.0446 1848 Symc8xx - ok
00:35:51.0587 1848 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:35:51.0587 1848 Sym_hi - ok
00:35:51.0727 1848 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:35:51.0727 1848 Sym_u3 - ok
00:35:51.0930 1848 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:35:51.0930 1848 Tcpip - ok
00:35:52.0117 1848 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:35:52.0117 1848 Tcpip6 - ok
00:35:52.0257 1848 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:35:52.0257 1848 tcpipreg - ok
00:35:52.0382 1848 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:35:52.0382 1848 TDPIPE - ok
00:35:52.0523 1848 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:35:52.0523 1848 TDTCP - ok
00:35:52.0663 1848 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:35:52.0663 1848 tdx - ok
00:35:52.0803 1848 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:35:52.0803 1848 TermDD - ok
00:35:52.0991 1848 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:35:52.0991 1848 tssecsrv - ok
00:35:53.0131 1848 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:35:53.0131 1848 tunmp - ok
00:35:53.0271 1848 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:35:53.0271 1848 tunnel - ok
00:35:53.0412 1848 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:35:53.0412 1848 uagp35 - ok
00:35:53.0568 1848 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:35:53.0568 1848 udfs - ok
00:35:53.0724 1848 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:35:53.0724 1848 uliagpkx - ok
00:35:53.0864 1848 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:35:53.0864 1848 uliahci - ok
00:35:54.0005 1848 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:35:54.0005 1848 UlSata - ok
00:35:54.0145 1848 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:35:54.0161 1848 ulsata2 - ok
00:35:54.0285 1848 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:35:54.0285 1848 umbus - ok
00:35:54.0426 1848 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:35:54.0426 1848 USBAAPL - ok
00:35:54.0582 1848 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:35:54.0582 1848 usbaudio - ok
00:35:54.0738 1848 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:35:54.0738 1848 usbccgp - ok
00:35:54.0878 1848 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:35:54.0894 1848 usbcir - ok
00:35:55.0034 1848 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:35:55.0034 1848 usbehci - ok
00:35:55.0175 1848 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:35:55.0175 1848 usbhub - ok
00:35:55.0315 1848 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:35:55.0315 1848 usbohci - ok
00:35:55.0455 1848 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:35:55.0455 1848 usbprint - ok
00:35:55.0596 1848 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:35:55.0596 1848 USBSTOR - ok
00:35:55.0736 1848 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:35:55.0736 1848 usbuhci - ok
00:35:55.0892 1848 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:35:55.0892 1848 vga - ok
00:35:56.0017 1848 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:35:56.0017 1848 VgaSave - ok
00:35:56.0142 1848 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:35:56.0142 1848 viaagp - ok
00:35:56.0282 1848 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:35:56.0282 1848 ViaC7 - ok
00:35:56.0407 1848 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:35:56.0407 1848 viaide - ok
00:35:56.0547 1848 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:35:56.0547 1848 volmgr - ok
00:35:56.0688 1848 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:35:56.0688 1848 volmgrx - ok
00:35:56.0813 1848 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:35:56.0813 1848 volsnap - ok
00:35:57.0000 1848 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:35:57.0000 1848 vsmraid - ok
00:35:57.0171 1848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:35:57.0171 1848 WacomPen - ok
00:35:57.0312 1848 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:35:57.0312 1848 Wanarp - ok
00:35:57.0312 1848 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:35:57.0312 1848 Wanarpv6 - ok
00:35:57.0468 1848 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:35:57.0468 1848 Wd - ok
00:35:57.0608 1848 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:35:57.0624 1848 Wdf01000 - ok
00:35:57.0811 1848 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:35:57.0811 1848 winachsf - ok
00:35:57.0983 1848 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:35:57.0983 1848 WmiAcpi - ok
00:35:58.0154 1848 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
00:35:58.0154 1848 WpdUsb - ok
00:35:58.0295 1848 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:35:58.0295 1848 ws2ifsl - ok
00:35:58.0466 1848 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:35:58.0466 1848 WUDFRd - ok
00:35:58.0607 1848 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
00:35:58.0607 1848 XAudio - ok
00:35:58.0794 1848 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
00:35:58.0794 1848 yukonwlh - ok
00:35:58.0841 1848 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:35:58.0903 1848 \Device\Harddisk0\DR0 - ok
00:35:58.0919 1848 Boot (0x1200) (d34c65e203f9ad4db3a7c3b045ba15db) \Device\Harddisk0\DR0\Partition0
00:35:58.0919 1848 \Device\Harddisk0\DR0\Partition0 - ok
00:35:58.0919 1848 Boot (0x1200) (b59225a898dfbbb3549987d93f8df921) \Device\Harddisk0\DR0\Partition1
00:35:58.0919 1848 \Device\Harddisk0\DR0\Partition1 - ok
00:35:58.0919 1848 ============================================================
00:35:58.0919 1848 Scan finished
00:35:58.0919 1848 ============================================================
00:35:58.0934 1788 Detected object count: 0
00:35:58.0934 1788 Actual detected object count: 0
00:36:13.0208 1688 Deinitialize success

Edited by RPMcMurphy, 11 January 2012 - 05:45 PM.
Removed code tags


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 11 January 2012 - 05:46 PM

Thanks. Please run DDS for me again and post the DDS.txt log, (I don't need to see Attach.txt again).

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Troslle

Troslle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 11 January 2012 - 07:08 PM

Here you are:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19170
Run by User at 19:03:43 on 2012-01-11
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.2577 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090720
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090720
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFU3SEctWUxVVlUtRVMyRUctUUY3WEMtVkxDOVctUTRMWkc"&"inst=NzctNjU5NDU0MzQ1LUtWMys3LVQyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzItRjlNMisxLUREVCs0NzMyMS1GTDEwKzEtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisxLUYxME0xMkIrMQ"&"prod=90"&"ver=10.0.1416
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B3655C1B-E705-412D-BDB8-D3CC0BA3B4DA} : DhcpNameServer = 216.144.187.101 216.144.187.199
TCP: Interfaces\{CBCC1598-71D6-4247-8202-5386C3DB3285} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\qqwo8z01.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2009-8-4 73728]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-20 111616]
.
=============== Created Last 30 ================
.
2012-01-09 06:28:49 -------- d-s---w- C:\ComboFix
2012-01-09 06:24:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-08 06:44:39 98816 ----a-w- c:\windows\sed.exe
2012-01-08 06:44:39 518144 ----a-w- c:\windows\SWREG.exe
2012-01-08 06:44:39 256000 ----a-w- c:\windows\PEV.exe
2012-01-08 06:44:39 208896 ----a-w- c:\windows\MBR.exe
2012-01-06 03:38:52 -------- d-----w- c:\users\user\appdata\local\VirtualStore
2012-01-06 02:45:11 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-14 20:04:46 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 06:42:16 144 ----a-w- c:\users\user\appdata\roaming\tlzsmv3rq.bat
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 19:05:02.90 ===============

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 12 January 2012 - 05:32 PM

Troslle:

How is the computer running now? Please do this next:

Posted Image Navigate to C:\ComboFix Right click on the folder and select Sent to > Compressed (zipped) folder. This should create a new, zipped folder by the same name in c:\

  • Please visit this site
  • In the Link to topic where this file was requested: field, enter the following:

    http://www.bleepingcomputer.com/forums/topic436469.html
  • In the Browse to the file you want to submit: field, click on browse and navigate to the following file:

    c:\combofix.zip (the newly created zipped folder)
  • In the comments field enter the following:

    CF folder
  • Press the send file button.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • How is the computer running?
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 18 January 2012 - 05:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users