Jump to content


Photo
- - - - -

Possible rootkit.0access infection


  • This topic is locked This topic is locked
65 replies to this topic

#21 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 01:22 PM

Can you please delete OTL.exe on desktop, if we need it, we shall redownload it to ensure we have the latest version

Please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and depending on the system run GrantPerms.exe
  • Copy and paste the following in the quote box, don't include the word 'quote':

    c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\\Qoobox\BackEnv
    c:\\WINDOWS\system32\MRT.exe



  • Click Unlock. When it is done click "OK".
  • Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

In addition, can you try opening Malwarebytes anti-malware now and let me know if it will open
Don't run a scan yet

Edited by guestolo, 15 January 2012 - 01:24 PM.
included link to grantperms.exe

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#22 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 01:45 PM

GrantPerms by Farbar
Ran by Bruce (administrator) at 2012-01-15 14:45:18

===============================================
\\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)


\\?\c:\\WINDOWS\system32\MRT.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

#23 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 01:49 PM

In addition, can you try opening Malwarebytes anti-malware now and let me know if it will open


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#24 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 01:55 PM

Yes, Malwarebytes opened and I started running a "Quick Scan".

The scan completed successfully and did not find anything.

#25 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 02:00 PM

Did you update beforehand, I asked earlier that you not run a scan
Wanted to make sure you updated before you ran it, and it might be a good idea to run
A Full system scan
Post the log afterwards

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#26 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 03:21 PM

I reopened Malwarebytes. Did an update and ran a full system scan.

I found one item.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bruce :: AMD3300 [administrator]

1/15/2012 3:05:58 PM
mbam-log-2012-01-15 (15-05-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267865
Time elapsed: 1 hour(s), 11 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
F:\WINDOWS\SYSTEM\HLINK.DLL (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

#27 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 03:45 PM

I believe the only indication of infection by some tools now, are false positive of hidden drivers from Alcohol 120%
and possibly if you had Daemon tools installed at one time, did you?

Can you delete your copy of TDSKiller.exe and also it's text file it made in the C:\ folder
Redownload it and run another scan and post the new log
http://support.kaspe.../tdsskiller.exe

Keep me informed how things are now running please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#28 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 03:51 PM

Forgot to mention that when you asked me to delete OTL.exe, in post #21, I was unable to.
I got the following error message:

Cannot delete OTL: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.

I just tried to delete it again now and it does the same thing.

#29 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 03:59 PM

I believe I did have Daemon Tools installed a long time ago.
I deleted TDSKiller and the associated .txt file and then redownloaded it.

This is the new .txt file

16:57:04.0468 2544 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
16:57:04.0796 2544 ============================================================
16:57:04.0796 2544 Current date / time: 2012/01/15 16:57:04.0796
16:57:04.0796 2544 SystemInfo:
16:57:04.0796 2544
16:57:04.0796 2544 OS Version: 5.1.2600 ServicePack: 3.0
16:57:04.0796 2544 Product type: Workstation
16:57:04.0796 2544 ComputerName: AMD3300
16:57:04.0796 2544 UserName: Bruce
16:57:04.0796 2544 Windows directory: C:\WINDOWS
16:57:04.0796 2544 System windows directory: C:\WINDOWS
16:57:04.0796 2544 Processor architecture: Intel x86
16:57:04.0796 2544 Number of processors: 1
16:57:04.0796 2544 Page size: 0x1000
16:57:04.0796 2544 Boot type: Normal boot
16:57:04.0796 2544 ============================================================
16:57:05.0218 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4C54C7E00, SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
16:57:05.0250 2544 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2DC00, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000058
16:57:05.0421 2544 Initialize success
16:57:15.0875 2532 ============================================================
16:57:15.0875 2532 Scan started
16:57:15.0875 2532 Mode: Manual;
16:57:15.0875 2532 ============================================================
16:57:16.0062 2532 Abiosdsk - ok
16:57:16.0078 2532 abp480n5 - ok
16:57:16.0125 2532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:57:16.0125 2532 ACPI - ok
16:57:16.0171 2532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:57:16.0171 2532 ACPIEC - ok
16:57:16.0203 2532 adpu160m - ok
16:57:16.0234 2532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:57:16.0250 2532 aec - ok
16:57:16.0296 2532 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:57:16.0296 2532 AFD - ok
16:57:16.0312 2532 Aha154x - ok
16:57:16.0343 2532 aic78u2 - ok
16:57:16.0359 2532 aic78xx - ok
16:57:16.0468 2532 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:57:16.0500 2532 ALCXWDM - ok
16:57:16.0562 2532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:57:16.0562 2532 AliIde - ok
16:57:16.0609 2532 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:57:16.0609 2532 AmdK8 - ok
16:57:16.0656 2532 Amps2prt (8e14139857d820b54f27aa2ec24cddff) C:\WINDOWS\system32\Drivers\Amps2prt.sys
16:57:16.0656 2532 Amps2prt - ok
16:57:16.0671 2532 amsint - ok
16:57:16.0703 2532 asc - ok
16:57:16.0718 2532 asc3350p - ok
16:57:16.0750 2532 asc3550 - ok
16:57:16.0812 2532 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
16:57:16.0812 2532 ASCTRM - ok
16:57:16.0875 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:57:16.0875 2532 AsyncMac - ok
16:57:16.0906 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:57:16.0906 2532 atapi - ok
16:57:16.0937 2532 Atdisk - ok
16:57:16.0984 2532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:57:16.0984 2532 Atmarpc - ok
16:57:17.0031 2532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:57:17.0031 2532 audstub - ok
16:57:17.0093 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:57:17.0093 2532 Beep - ok
16:57:17.0109 2532 catchme - ok
16:57:17.0156 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:57:17.0156 2532 cbidf2k - ok
16:57:17.0171 2532 cd20xrnt - ok
16:57:17.0203 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:57:17.0203 2532 Cdaudio - ok
16:57:17.0218 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:57:17.0218 2532 Cdfs - ok
16:57:17.0265 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:57:17.0265 2532 Cdrom - ok
16:57:17.0281 2532 Changer - ok
16:57:17.0312 2532 CmdIde - ok
16:57:17.0343 2532 Cpqarray - ok
16:57:17.0359 2532 dac2w2k - ok
16:57:17.0390 2532 dac960nt - ok
16:57:17.0421 2532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:57:17.0421 2532 Disk - ok
16:57:17.0468 2532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:57:17.0484 2532 dmboot - ok
16:57:17.0515 2532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:57:17.0531 2532 dmio - ok
16:57:17.0546 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:57:17.0546 2532 dmload - ok
16:57:17.0578 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:57:17.0578 2532 DMusic - ok
16:57:17.0609 2532 dpti2o - ok
16:57:17.0640 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:57:17.0640 2532 drmkaud - ok
16:57:17.0687 2532 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
16:57:17.0687 2532 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
16:57:17.0687 2532 dtscsi ( LockedFile.Multi.Generic ) - warning
16:57:17.0687 2532 dtscsi - detected LockedFile.Multi.Generic (1)
16:57:17.0796 2532 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:57:17.0796 2532 eeCtrl - ok
16:57:17.0828 2532 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:57:17.0828 2532 EraserUtilRebootDrv - ok
16:57:17.0890 2532 ET5Drv (57af1036880449056dd8adac9f2d1fe1) C:\WINDOWS\system32\Drivers\ET5Drv.sys
16:57:17.0890 2532 ET5Drv - ok
16:57:17.0937 2532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:57:17.0937 2532 Fastfat - ok
16:57:17.0953 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:57:17.0953 2532 Fdc - ok
16:57:17.0968 2532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:57:17.0984 2532 Fips - ok
16:57:18.0000 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:57:18.0000 2532 Flpydisk - ok
16:57:18.0031 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:57:18.0031 2532 FltMgr - ok
16:57:18.0062 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:57:18.0062 2532 Fs_Rec - ok
16:57:18.0078 2532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:57:18.0093 2532 Ftdisk - ok
16:57:18.0125 2532 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:57:18.0125 2532 gameenum - ok
16:57:18.0140 2532 gdrv (36cf9048cee590c13fa8f007d1cb45ff) C:\WINDOWS\gdrv.sys
16:57:18.0156 2532 gdrv - ok
16:57:18.0203 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:57:18.0203 2532 Gpc - ok
16:57:18.0265 2532 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
16:57:18.0281 2532 HCF_MSFT - ok
16:57:18.0328 2532 hpn - ok
16:57:18.0343 2532 hpt3xx - ok
16:57:18.0406 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:57:18.0406 2532 HTTP - ok
16:57:18.0437 2532 i2omgmt - ok
16:57:18.0453 2532 i2omp - ok
16:57:18.0484 2532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:57:18.0484 2532 i8042prt - ok
16:57:18.0515 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:57:18.0515 2532 Imapi - ok
16:57:18.0546 2532 ini910u - ok
16:57:18.0562 2532 IntelIde - ok
16:57:18.0593 2532 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:57:18.0609 2532 ip6fw - ok
16:57:18.0640 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:57:18.0640 2532 IpFilterDriver - ok
16:57:18.0671 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:57:18.0671 2532 IpInIp - ok
16:57:18.0703 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:57:18.0718 2532 IpNat - ok
16:57:18.0734 2532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:57:18.0750 2532 IPSec - ok
16:57:18.0781 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:57:18.0781 2532 IRENUM - ok
16:57:18.0812 2532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:57:18.0812 2532 isapnp - ok
16:57:18.0828 2532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:57:18.0843 2532 Kbdclass - ok
16:57:18.0875 2532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:57:18.0875 2532 kmixer - ok
16:57:18.0921 2532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:57:18.0921 2532 KSecDD - ok
16:57:18.0968 2532 Lavasoft Kernexplorer - ok
16:57:18.0984 2532 lbrtfdc - ok
16:57:19.0031 2532 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\drivers\m5289.sys
16:57:19.0031 2532 m5289 - ok
16:57:19.0062 2532 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
16:57:19.0062 2532 mbamchameleon - ok
16:57:19.0093 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:57:19.0093 2532 mnmdd - ok
16:57:19.0140 2532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:57:19.0140 2532 Modem - ok
16:57:19.0203 2532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:57:19.0203 2532 Mouclass - ok
16:57:19.0234 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:57:19.0250 2532 MountMgr - ok
16:57:19.0250 2532 mraid35x - ok
16:57:19.0281 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:57:19.0281 2532 MRxDAV - ok
16:57:19.0343 2532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:57:19.0359 2532 MRxSmb - ok
16:57:19.0390 2532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:57:19.0390 2532 Msfs - ok
16:57:19.0421 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:57:19.0437 2532 MSKSSRV - ok
16:57:19.0453 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:57:19.0453 2532 MSPCLOCK - ok
16:57:19.0484 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:57:19.0484 2532 MSPQM - ok
16:57:19.0515 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:57:19.0515 2532 mssmbios - ok
16:57:19.0546 2532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:57:19.0546 2532 Mup - ok
16:57:19.0656 2532 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
16:57:19.0671 2532 NAVAP - ok
16:57:19.0687 2532 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
16:57:19.0687 2532 NAVAPEL - ok
16:57:19.0734 2532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:57:19.0734 2532 NDIS - ok
16:57:19.0781 2532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:57:19.0796 2532 NdisTapi - ok
16:57:19.0812 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:57:19.0812 2532 Ndisuio - ok
16:57:19.0843 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:57:19.0843 2532 NdisWan - ok
16:57:19.0890 2532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:57:19.0890 2532 NDProxy - ok
16:57:19.0906 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:57:19.0906 2532 NetBIOS - ok
16:57:19.0937 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:57:19.0937 2532 NetBT - ok
16:57:19.0984 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:57:19.0984 2532 Npfs - ok
16:57:20.0031 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:57:20.0031 2532 Ntfs - ok
16:57:20.0062 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:57:20.0062 2532 Null - ok
16:57:20.0203 2532 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:57:20.0250 2532 nv - ok
16:57:20.0312 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:57:20.0312 2532 NwlnkFlt - ok
16:57:20.0328 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:57:20.0328 2532 NwlnkFwd - ok
16:57:20.0375 2532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:57:20.0375 2532 Parport - ok
16:57:20.0421 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:57:20.0421 2532 PartMgr - ok
16:57:20.0453 2532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:57:20.0453 2532 ParVdm - ok
16:57:20.0468 2532 PCI (a219903ccf74233761