Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall error code 0x80070424


  • Please log in to reply
10 replies to this topic

#1 Musicjunkie27

Musicjunkie27

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 18 January 2012 - 10:31 PM

Hey All:

Sorry if this is in the wrong place or if I give insufficient info... I'll try to be as descriptive as possible...

My wife got a virus today on our desktop computer. We are running Wondows 7 Professional. She ran the AVG scan and it found the following and placed it in the vault: Win32.Tepfer.kp

She then could not get her printer to work. I was trying to get the printer up and running and noticed that it was not shared on our network. When I tried to share it, I got an error code 0x000006d9. When I googled this it led me to try and get my windows firewall fixed. When I tried to enable the Firewall, I kept getting the following error code "0x80070424 windows cannot change some of your settings". I then googled this and I tried to follow the instructions on several sites, which told me to look in "services" from the Run menu. When I went to the services folder, Windows Firewall was not in the list for me to right click and perform some operations. I am at a complete loss as to where to turn next.... Any help would be greatly appreciated.

Sorry if this is confusing....

MJ

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 18 January 2012 - 10:47 PM

Download

FSS

Checkmark

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update

Click on "Scan".
Post the log result here


Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 19 January 2012 - 04:53 PM.


#3 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 19 January 2012 - 06:15 PM

Here are the results as requested.

Thanks for getting back to me so quickly.

MJ

Result:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Jason (administrator) on 19-01-2012 at 15:13:41
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 19 January 2012 - 10:30 PM

I did not get your aswMBR log

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 19 January 2012 - 10:30 PM.


#5 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 21 January 2012 - 02:21 PM

Here is the aswMBR log you requested. Again, I really appreciate your time!

MJ

Log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 10:56:09
-----------------------------
10:56:09.388 OS Version: Windows 6.1.7601 Service Pack 1
10:56:09.388 Number of processors: 2 586 0x170A
10:56:09.389 ComputerName: ACER-COMPUTER UserName: Jason
10:56:11.502 Initialize success
10:59:04.934 AVAST engine defs: 12012101
10:59:12.948 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:59:12.951 Disk 0 Vendor: Hitachi_HDT721016SLA380 ST1OA31B Size: 152627MB BusType: 3
10:59:12.967 Disk 0 MBR read successfully
10:59:12.971 Disk 0 MBR scan
10:59:12.977 Disk 0 unknown MBR code
10:59:12.982 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 45331 MB offset 63
10:59:13.010 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 164 MB offset 92839635
10:59:13.028 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107128 MB offset 93177000
10:59:13.037 Disk 0 scanning sectors +312576705
10:59:13.092 Disk 0 scanning C:\Windows\system32\drivers
10:59:19.066 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Smadow [Rtk]
10:59:24.329 Disk 0 trace - called modules:
10:59:24.357 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:59:24.362 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86563848]
10:59:24.366 3 CLASSPNP.SYS[83a0459e] -> nt!IofCallDriver -> [0x860a6918]
10:59:24.371 5 ACPI.sys[838b03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x860dc908]
10:59:24.873 AVAST engine scan C:\Windows
10:59:26.881 AVAST engine scan C:\Windows\system32
11:01:44.085 AVAST engine scan C:\Windows\system32\drivers
11:01:50.411 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Smadow [Rtk]
11:01:57.433 AVAST engine scan C:\Users\Jason
11:06:13.701 File: C:\Users\Jason\AppData\Local\Temp\oiu0.4223401112482721.exe **INFECTED** Win32:Karagany-EQ [Trj]
11:08:27.606 File: C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\23196dc9-63be236d **INFECTED** Win32:Karagany-EQ [Trj]
11:08:27.665 File: C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\23196dc9-6ae741ca **INFECTED** Win32:Karagany-EQ [Trj]
11:10:32.306 AVAST engine scan C:\ProgramData
11:15:22.371 Scan finished successfully
11:20:44.973 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\MBR.dat"
11:20:44.978 The log file has been saved successfully to "C:\Users\Jason\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 21 January 2012 - 09:22 PM

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report


Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#7 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 23 January 2012 - 01:41 PM

Here is the log from the TDSSkiller:

10:36:41.0318 3164 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
10:36:41.0880 3164 ============================================================
10:36:41.0880 3164 Current date / time: 2012/01/23 10:36:41.0880
10:36:41.0880 3164 SystemInfo:
10:36:41.0880 3164
10:36:41.0880 3164 OS Version: 6.1.7601 ServicePack: 1.0
10:36:41.0880 3164 Product type: Workstation
10:36:41.0880 3164 ComputerName: ACER-COMPUTER
10:36:41.0880 3164 UserName: Jason
10:36:41.0880 3164 Windows directory: C:\Windows
10:36:41.0880 3164 System windows directory: C:\Windows
10:36:41.0880 3164 Processor architecture: Intel x86
10:36:41.0880 3164 Number of processors: 2
10:36:41.0880 3164 Page size: 0x1000
10:36:41.0880 3164 Boot type: Normal boot
10:36:41.0880 3164 ============================================================
10:36:43.0081 3164 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:36:43.0081 3164 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:36:43.0144 3164 Initialize success
10:36:44.0782 2460 ============================================================
10:36:44.0782 2460 Scan started
10:36:44.0782 2460 Mode: Manual;
10:36:44.0782 2460 ============================================================
10:36:46.0700 2460 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:36:46.0716 2460 1394ohci - ok
10:36:46.0825 2460 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:36:46.0825 2460 ACPI - ok
10:36:46.0934 2460 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:36:46.0934 2460 AcpiPmi - ok
10:36:47.0059 2460 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:36:47.0075 2460 adp94xx - ok
10:36:47.0168 2460 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:36:47.0168 2460 adpahci - ok
10:36:47.0262 2460 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:36:47.0262 2460 adpu320 - ok
10:36:47.0356 2460 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:36:47.0356 2460 AFD - ok
10:36:47.0465 2460 AFS (8d0cf8a08034cd3d273c9ffc759b62a6) C:\Windows\system32\drivers\AFS.sys
10:36:47.0465 2460 AFS - ok
10:36:47.0512 2460 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:36:47.0512 2460 agp440 - ok
10:36:47.0590 2460 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:36:47.0621 2460 aic78xx - ok
10:36:47.0746 2460 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:36:47.0746 2460 aliide - ok
10:36:47.0761 2460 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:36:47.0761 2460 amdagp - ok
10:36:47.0839 2460 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:36:47.0855 2460 amdide - ok
10:36:47.0933 2460 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:36:47.0933 2460 AmdK8 - ok
10:36:48.0011 2460 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:36:48.0011 2460 AmdPPM - ok
10:36:48.0104 2460 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:36:48.0104 2460 amdsata - ok
10:36:48.0214 2460 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:36:48.0214 2460 amdsbs - ok
10:36:48.0307 2460 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:36:48.0307 2460 amdxata - ok
10:36:48.0401 2460 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:36:48.0416 2460 AppID - ok
10:36:48.0526 2460 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:36:48.0526 2460 arc - ok
10:36:48.0588 2460 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:36:48.0604 2460 arcsas - ok
10:36:48.0682 2460 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:36:48.0682 2460 AsyncMac - ok
10:36:48.0775 2460 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:36:48.0775 2460 atapi - ok
10:36:48.0900 2460 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:36:48.0900 2460 AVGIDSDriver - ok
10:36:48.0947 2460 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:36:48.0947 2460 AVGIDSEH - ok
10:36:49.0009 2460 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:36:49.0009 2460 AVGIDSFilter - ok
10:36:49.0103 2460 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:36:49.0103 2460 AVGIDSShim - ok
10:36:49.0196 2460 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
10:36:49.0196 2460 Avgldx86 - ok
10:36:49.0306 2460 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:36:49.0306 2460 Avgmfx86 - ok
10:36:49.0415 2460 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:36:49.0430 2460 Avgrkx86 - ok
10:36:49.0524 2460 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:36:49.0524 2460 Avgtdix - ok
10:36:49.0649 2460 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:36:49.0664 2460 b06bdrv - ok
10:36:49.0758 2460 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:36:49.0758 2460 b57nd60x - ok
10:36:49.0852 2460 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:36:49.0852 2460 Beep - ok
10:36:49.0867 2460 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:36:49.0867 2460 blbdrive - ok
10:36:49.0976 2460 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:36:49.0976 2460 bowser - ok
10:36:50.0008 2460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:36:50.0008 2460 BrFiltLo - ok
10:36:50.0070 2460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:36:50.0070 2460 BrFiltUp - ok
10:36:50.0164 2460 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:36:50.0164 2460 Brserid - ok
10:36:50.0195 2460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:36:50.0195 2460 BrSerWdm - ok
10:36:50.0257 2460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:36:50.0257 2460 BrUsbMdm - ok
10:36:50.0288 2460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:36:50.0288 2460 BrUsbSer - ok
10:36:50.0366 2460 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:36:50.0382 2460 BTHMODEM - ok
10:36:50.0491 2460 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
10:36:50.0522 2460 BVRPMPR5 - ok
10:36:50.0616 2460 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:36:50.0616 2460 cdfs - ok
10:36:50.0725 2460 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:36:50.0741 2460 cdrom - ok
10:36:50.0819 2460 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:36:50.0834 2460 circlass - ok
10:36:50.0866 2460 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:36:50.0866 2460 CLFS - ok
10:36:50.0959 2460 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:36:50.0959 2460 CmBatt - ok
10:36:51.0006 2460 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:36:51.0006 2460 cmdide - ok
10:36:51.0084 2460 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
10:36:51.0084 2460 CNG - ok
10:36:51.0146 2460 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:36:51.0162 2460 Compbatt - ok
10:36:51.0256 2460 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:36:51.0271 2460 CompositeBus - ok
10:36:51.0349 2460 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:36:51.0349 2460 crcdisk - ok
10:36:51.0521 2460 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:36:51.0536 2460 CSC - ok
10:36:51.0661 2460 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:36:51.0661 2460 DfsC - ok
10:36:51.0692 2460 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:36:51.0692 2460 discache - ok
10:36:51.0770 2460 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:36:51.0770 2460 Disk - ok
10:36:51.0864 2460 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:36:51.0880 2460 drmkaud - ok
10:36:51.0926 2460 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:36:51.0958 2460 DXGKrnl - ok
10:36:52.0114 2460 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:36:52.0145 2460 ebdrv - ok
10:36:52.0254 2460 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:36:52.0270 2460 elxstor - ok
10:36:52.0363 2460 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:36:52.0379 2460 ErrDev - ok
10:36:52.0472 2460 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:36:52.0472 2460 exfat - ok
10:36:52.0550 2460 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:36:52.0550 2460 fastfat - ok
10:36:52.0644 2460 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:36:52.0644 2460 fdc - ok
10:36:52.0722 2460 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:36:52.0722 2460 FileInfo - ok
10:36:52.0738 2460 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:36:52.0738 2460 Filetrace - ok
10:36:52.0847 2460 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:36:52.0847 2460 flpydisk - ok
10:36:52.0925 2460 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:36:52.0925 2460 FltMgr - ok
10:36:52.0956 2460 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:36:52.0956 2460 FsDepends - ok
10:36:53.0081 2460 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:36:53.0081 2460 fssfltr - ok
10:36:53.0174 2460 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:36:53.0174 2460 Fs_Rec - ok
10:36:53.0284 2460 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:36:53.0284 2460 fvevol - ok
10:36:53.0377 2460 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:36:53.0377 2460 gagp30kx - ok
10:36:53.0424 2460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:36:53.0424 2460 GEARAspiWDM - ok
10:36:53.0549 2460 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:36:53.0549 2460 hcw85cir - ok
10:36:53.0658 2460 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:36:53.0674 2460 HdAudAddService - ok
10:36:53.0783 2460 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:36:53.0783 2460 HDAudBus - ok
10:36:53.0830 2460 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:36:53.0830 2460 HidBatt - ok
10:36:53.0908 2460 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:36:53.0923 2460 HidBth - ok
10:36:54.0001 2460 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:36:54.0001 2460 HidIr - ok
10:36:54.0126 2460 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:36:54.0126 2460 HidUsb - ok
10:36:54.0266 2460 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:36:54.0266 2460 HpSAMD - ok
10:36:54.0391 2460 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:36:54.0391 2460 HTTP - ok
10:36:54.0469 2460 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:36:54.0469 2460 hwpolicy - ok
10:36:54.0578 2460 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:36:54.0594 2460 i8042prt - ok
10:36:54.0703 2460 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:36:54.0703 2460 iaStorV - ok
10:36:54.0922 2460 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:36:55.0015 2460 igfx - ok
10:36:55.0109 2460 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:36:55.0109 2460 iirsp - ok
10:36:55.0234 2460 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
10:36:55.0265 2460 IntcAzAudAddService - ok
10:36:55.0358 2460 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:36:55.0358 2460 intelide - ok
10:36:55.0390 2460 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:36:55.0390 2460 intelppm - ok
10:36:55.0483 2460 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:55.0483 2460 IpFilterDriver - ok
10:36:55.0530 2460 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:36:55.0546 2460 IPMIDRV - ok
10:36:55.0624 2460 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:36:55.0624 2460 IPNAT - ok
10:36:55.0733 2460 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:36:55.0733 2460 IRENUM - ok
10:36:55.0764 2460 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:36:55.0764 2460 isapnp - ok
10:36:55.0858 2460 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:36:55.0858 2460 iScsiPrt - ok
10:36:55.0967 2460 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:36:55.0967 2460 kbdclass - ok
10:36:56.0029 2460 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:36:56.0029 2460 kbdhid - ok
10:36:56.0123 2460 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
10:36:56.0123 2460 KSecDD - ok
10:36:56.0154 2460 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
10:36:56.0154 2460 KSecPkg - ok
10:36:56.0263 2460 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:36:56.0263 2460 lltdio - ok
10:36:56.0357 2460 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:36:56.0357 2460 LSI_FC - ok
10:36:56.0388 2460 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:36:56.0388 2460 LSI_SAS - ok
10:36:56.0466 2460 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:36:56.0466 2460 LSI_SAS2 - ok
10:36:56.0482 2460 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:36:56.0482 2460 LSI_SCSI - ok
10:36:56.0560 2460 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:36:56.0575 2460 luafv - ok
10:36:56.0669 2460 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:36:56.0684 2460 megasas - ok
10:36:56.0778 2460 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:36:56.0778 2460 MegaSR - ok
10:36:56.0856 2460 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:36:56.0856 2460 Modem - ok
10:36:56.0934 2460 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:36:56.0934 2460 monitor - ok
10:36:57.0028 2460 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:36:57.0043 2460 mouclass - ok
10:36:57.0137 2460 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:57.0137 2460 mouhid - ok
10:36:57.0230 2460 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:36:57.0230 2460 mountmgr - ok
10:36:57.0293 2460 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:36:57.0293 2460 mpio - ok
10:36:57.0355 2460 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:36:57.0371 2460 mpsdrv - ok
10:36:57.0464 2460 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:36:57.0464 2460 MRxDAV - ok
10:36:57.0558 2460 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:36:57.0558 2460 mrxsmb - ok
10:36:57.0605 2460 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:36:57.0605 2460 mrxsmb10 - ok
10:36:57.0683 2460 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:36:57.0683 2460 mrxsmb20 - ok
10:36:57.0730 2460 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:36:57.0730 2460 msahci - ok
10:36:57.0839 2460 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:36:57.0839 2460 msdsm - ok
10:36:57.0886 2460 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:36:57.0886 2460 Msfs - ok
10:36:57.0964 2460 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:36:57.0964 2460 mshidkmdf - ok
10:36:58.0057 2460 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:36:58.0057 2460 msisadrv - ok
10:36:58.0151 2460 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:36:58.0151 2460 MSKSSRV - ok
10:36:58.0244 2460 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:36:58.0244 2460 MSPCLOCK - ok
10:36:58.0338 2460 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:36:58.0338 2460 MSPQM - ok
10:36:58.0369 2460 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:36:58.0369 2460 MsRPC - ok
10:36:58.0463 2460 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:36:58.0463 2460 mssmbios - ok
10:36:58.0541 2460 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:36:58.0556 2460 MSTEE - ok
10:36:58.0572 2460 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:36:58.0572 2460 MTConfig - ok
10:36:58.0634 2460 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:36:58.0634 2460 Mup - ok
10:36:58.0744 2460 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:36:58.0744 2460 NativeWifiP - ok
10:36:58.0868 2460 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:36:58.0868 2460 NDIS - ok
10:36:58.0946 2460 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:36:58.0962 2460 NdisCap - ok
10:36:59.0040 2460 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:36:59.0040 2460 NdisTapi - ok
10:36:59.0134 2460 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:36:59.0134 2460 Ndisuio - ok
10:36:59.0180 2460 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:36:59.0196 2460 NdisWan - ok
10:36:59.0290 2460 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:36:59.0290 2460 NDProxy - ok
10:36:59.0399 2460 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:36:59.0399 2460 NetBIOS - ok
10:36:59.0508 2460 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:36:59.0508 2460 nfrd960 - ok
10:36:59.0586 2460 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:36:59.0586 2460 Npfs - ok
10:36:59.0664 2460 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:36:59.0664 2460 nsiproxy - ok
10:36:59.0726 2460 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:36:59.0742 2460 Ntfs - ok
10:36:59.0804 2460 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:36:59.0820 2460 Null - ok
10:36:59.0914 2460 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:36:59.0914 2460 nvraid - ok
10:36:59.0929 2460 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:36:59.0945 2460 nvstor - ok
10:37:00.0038 2460 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:37:00.0038 2460 nv_agp - ok
10:37:00.0070 2460 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:37:00.0085 2460 ohci1394 - ok
10:37:00.0194 2460 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:37:00.0194 2460 Parport - ok
10:37:00.0288 2460 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:37:00.0288 2460 partmgr - ok
10:37:00.0319 2460 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:37:00.0319 2460 Parvdm - ok
10:37:00.0413 2460 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:37:00.0413 2460 pci - ok
10:37:00.0428 2460 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:37:00.0428 2460 pciide - ok
10:37:00.0506 2460 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:37:00.0522 2460 pcmcia - ok
10:37:00.0600 2460 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:37:00.0600 2460 pcw - ok
10:37:00.0631 2460 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:37:00.0647 2460 PEAUTH - ok
10:37:00.0787 2460 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:00.0787 2460 PptpMiniport - ok
10:37:00.0865 2460 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:37:00.0865 2460 Processor - ok
10:37:00.0974 2460 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:37:00.0974 2460 Psched - ok
10:37:01.0052 2460 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:37:01.0052 2460 PxHelp20 - ok
10:37:01.0115 2460 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:37:01.0130 2460 ql2300 - ok
10:37:01.0208 2460 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:37:01.0224 2460 ql40xx - ok
10:37:01.0240 2460 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:37:01.0240 2460 QWAVEdrv - ok
10:37:01.0318 2460 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:01.0318 2460 RasAcd - ok
10:37:01.0396 2460 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:37:01.0396 2460 RasAgileVpn - ok
10:37:01.0489 2460 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:01.0489 2460 Rasl2tp - ok
10:37:01.0583 2460 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:01.0583 2460 RasPppoe - ok
10:37:01.0661 2460 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:01.0676 2460 RasSstp - ok
10:37:01.0770 2460 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:01.0770 2460 rdbss - ok
10:37:01.0801 2460 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:37:01.0801 2460 rdpbus - ok
10:37:01.0895 2460 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:01.0895 2460 RDPCDD - ok
10:37:01.0942 2460 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:37:01.0957 2460 RDPDR - ok
10:37:02.0035 2460 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:37:02.0035 2460 RDPENCDD - ok
10:37:02.0051 2460 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:37:02.0051 2460 RDPREFMP - ok
10:37:02.0160 2460 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:37:02.0160 2460 RDPWD - ok
10:37:02.0269 2460 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:37:02.0269 2460 rdyboost - ok
10:37:02.0378 2460 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:37:02.0378 2460 rspndr - ok
10:37:02.0456 2460 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:37:02.0472 2460 RTL8167 - ok
10:37:02.0566 2460 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:37:02.0581 2460 s3cap - ok
10:37:02.0675 2460 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:37:02.0690 2460 sbp2port - ok
10:37:02.0737 2460 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:37:02.0737 2460 scfilter - ok
10:37:02.0831 2460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:37:02.0846 2460 secdrv - ok
10:37:02.0940 2460 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:37:02.0956 2460 Serenum - ok
10:37:02.0971 2460 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:37:02.0971 2460 Serial - ok
10:37:03.0065 2460 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:37:03.0065 2460 sermouse - ok
10:37:03.0127 2460 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:37:03.0127 2460 sffdisk - ok
10:37:03.0221 2460 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:37:03.0236 2460 sffp_mmc - ok
10:37:03.0252 2460 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:37:03.0268 2460 sffp_sd - ok
10:37:03.0346 2460 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:37:03.0346 2460 sfloppy - ok
10:37:03.0455 2460 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:37:03.0455 2460 sisagp - ok
10:37:03.0486 2460 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:37:03.0486 2460 SiSRaid2 - ok
10:37:03.0580 2460 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:37:03.0580 2460 SiSRaid4 - ok
10:37:03.0658 2460 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:37:03.0658 2460 Smb - ok
10:37:03.0751 2460 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:37:03.0751 2460 spldr - ok
10:37:03.0845 2460 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:37:03.0845 2460 srv - ok
10:37:03.0876 2460 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:37:03.0876 2460 srv2 - ok
10:37:03.0954 2460 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:37:03.0954 2460 srvnet - ok
10:37:04.0048 2460 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:37:04.0048 2460 stexstor - ok
10:37:04.0157 2460 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
10:37:04.0157 2460 StillCam - ok
10:37:04.0266 2460 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:37:04.0266 2460 storflt - ok
10:37:04.0282 2460 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:37:04.0297 2460 storvsc - ok
10:37:04.0375 2460 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:37:04.0391 2460 swenum - ok
10:37:04.0453 2460 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:37:04.0469 2460 Tcpip - ok
10:37:04.0578 2460 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:37:04.0594 2460 TCPIP6 - ok
10:37:04.0687 2460 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:37:04.0687 2460 tcpipreg - ok
10:37:04.0734 2460 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:37:04.0750 2460 TDPIPE - ok
10:37:04.0812 2460 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:37:04.0828 2460 TDTCP - ok
10:37:04.0921 2460 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:37:04.0921 2460 tdx - ok
10:37:04.0968 2460 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:37:04.0968 2460 TermDD - ok
10:37:05.0077 2460 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:37:05.0077 2460 tssecsrv - ok
10:37:05.0186 2460 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:37:05.0186 2460 TsUsbFlt - ok
10:37:05.0296 2460 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:37:05.0296 2460 tunnel - ok
10:37:05.0389 2460 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
10:37:05.0389 2460 tvicport - ok
10:37:05.0467 2460 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:37:05.0467 2460 uagp35 - ok
10:37:05.0514 2460 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:37:05.0514 2460 udfs - ok
10:37:05.0608 2460 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:37:05.0623 2460 uliagpkx - ok
10:37:05.0686 2460 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:37:05.0701 2460 umbus - ok
10:37:05.0764 2460 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:37:05.0764 2460 UmPass - ok
10:37:05.0857 2460 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
10:37:05.0873 2460 USBAAPL - ok
10:37:05.0920 2460 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:37:05.0920 2460 usbccgp - ok
10:37:06.0029 2460 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:37:06.0044 2460 usbcir - ok
10:37:06.0091 2460 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:37:06.0091 2460 usbehci - ok
10:37:06.0185 2460 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:37:06.0185 2460 usbhub - ok
10:37:06.0200 2460 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:37:06.0216 2460 usbohci - ok
10:37:06.0310 2460 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:37:06.0310 2460 usbprint - ok
10:37:06.0388 2460 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:37:06.0388 2460 usbscan - ok
10:37:06.0481 2460 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:37:06.0481 2460 USBSTOR - ok
10:37:06.0512 2460 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:37:06.0512 2460 usbuhci - ok
10:37:06.0637 2460 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:37:06.0637 2460 vdrvroot - ok
10:37:06.0668 2460 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:37:06.0668 2460 vga - ok
10:37:06.0731 2460 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:37:06.0731 2460 VgaSave - ok
10:37:06.0778 2460 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:37:06.0793 2460 vhdmp - ok
10:37:06.0887 2460 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:37:06.0887 2460 viaagp - ok
10:37:06.0934 2460 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:37:06.0934 2460 ViaC7 - ok
10:37:07.0027 2460 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:37:07.0027 2460 viaide - ok
10:37:07.0074 2460 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:37:07.0090 2460 vmbus - ok
10:37:07.0168 2460 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:37:07.0168 2460 VMBusHID - ok
10:37:07.0214 2460 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:37:07.0230 2460 volmgr - ok
10:37:07.0324 2460 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:37:07.0324 2460 volmgrx - ok
10:37:07.0448 2460 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:37:07.0448 2460 volsnap - ok
10:37:07.0542 2460 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:37:07.0558 2460 vsmraid - ok
10:37:07.0651 2460 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:37:07.0651 2460 vwifibus - ok
10:37:07.0745 2460 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:37:07.0745 2460 WacomPen - ok
10:37:07.0854 2460 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:07.0854 2460 WANARP - ok
10:37:07.0870 2460 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:07.0870 2460 Wanarpv6 - ok
10:37:07.0963 2460 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:37:07.0963 2460 Wd - ok
10:37:07.0994 2460 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:37:08.0010 2460 Wdf01000 - ok
10:37:08.0104 2460 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:37:08.0104 2460 WfpLwf - ok
10:37:08.0135 2460 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:37:08.0135 2460 WIMMount - ok
10:37:08.0213 2460 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:37:08.0228 2460 WinUsb - ok
10:37:08.0291 2460 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:37:08.0291 2460 WmiAcpi - ok
10:37:08.0400 2460 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:37:08.0400 2460 ws2ifsl - ok
10:37:08.0494 2460 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:37:08.0494 2460 WSDPrintDevice - ok
10:37:08.0540 2460 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:37:08.0540 2460 WudfPf - ok
10:37:08.0650 2460 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:37:08.0650 2460 WUDFRd - ok
10:37:08.0759 2460 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
10:37:08.0759 2460 zntport - ok
10:37:08.0790 2460 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
10:37:10.0662 2460 \Device\Harddisk0\DR0 - ok
10:37:10.0678 2460 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
10:37:10.0709 2460 \Device\Harddisk1\DR1 - ok
10:37:10.0724 2460 Boot (0x1200) (91ef4b95f6615fbcd96ccbbc7793c828) \Device\Harddisk0\DR0\Partition0
10:37:10.0724 2460 \Device\Harddisk0\DR0\Partition0 - ok
10:37:10.0740 2460 Boot (0x1200) (e48bbb39da80541d499db4247cdebc1d) \Device\Harddisk0\DR0\Partition1
10:37:10.0740 2460 \Device\Harddisk0\DR0\Partition1 - ok
10:37:10.0740 2460 Boot (0x1200) (039f82083113f47608e6f29d82202317) \Device\Harddisk1\DR1\Partition0
10:37:10.0740 2460 \Device\Harddisk1\DR1\Partition0 - ok
10:37:10.0740 2460 ============================================================
10:37:10.0740 2460 Scan finished
10:37:10.0740 2460 ============================================================
10:37:10.0756 4380 Detected object count: 0
10:37:10.0756 4380 Actual detected object count: 0

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 23 January 2012 - 01:49 PM

GMER log ?

Also launch FSS once and type

netbt.sys
in search BOX and click on search files

Post the generated log

Edited by narenxp, 23 January 2012 - 01:49 PM.


#9 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 23 January 2012 - 05:12 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 14:10:49
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDT721016SLA380 rev.ST1OA31B
Running: c5lopz94.exe; Driver: C:\Users\Jason\AppData\Local\Temp\fftcqaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B6ADF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B6ADFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B6AE080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B6AE11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C4D369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C8E054 4 Bytes [3C, DF, 6A, 9B] {CMP AL, 0xdf; PUSH -0x65}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C8E324 8 Bytes [E4, DF, 6A, 9B, 80, E0, 6A, ...] {IN AL, 0xdf; PUSH -0x65; AND AL, 0x6a; WAIT }
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82C8E398 4 Bytes [1C, E1, 6A, 9B] {SBB AL, 0xe1; PUSH -0x65}
PAGE peauth.sys 9B6BBBED 110 Bytes [EF, 89, E2, 32, EA, 26, 46, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73182437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73165600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [731656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [731824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73178514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73174CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7317506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73175144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73176671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7317826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [731787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7317901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7317E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73174BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\00000502 \GLOBAL??\3ed3b3bd netbt.sys

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB36206$\1054061501 0 bytes
File C:\Windows\$NtUninstallKB36206$\1054061501\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB36206$\1054061501\L 0 bytes
File C:\Windows\$NtUninstallKB36206$\1054061501\U 0 bytes
File C:\Windows\$NtUninstallKB36206$\2690190951 0 bytes

---- EOF - GMER 1.0.15 ----

#10 Musicjunkie27

Musicjunkie27
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 23 January 2012 - 06:57 PM

FSS with a search for netbt.sys:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Jason (administrator) on 23-01-2012 at 15:55:50
Windows 7 Professional Service Pack 1 (X86)

************************************************
================== Search: "netbt.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
[2009-07-13 15:12] - [2009-07-13 15:12] - 0187904 ____A (Microsoft Corporation) DD52A733BF4CA5AF84562A5E2F963B91

C:\Windows\System32\drivers\netbt.sys
[2011-07-07 09:34] - [2010-11-20 00:39] - 0187904 ____A () 20B8785E96BC67118B72783DFBFBEC08

====== End Of Search ======

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 23 January 2012 - 08:38 PM

PC has traces of rootkit infection which needs advanced tools

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 23 January 2012 - 08:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users