Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Trojan Horse freakout


  • Please log in to reply
3 replies to this topic

#1 Ravensfaire

Ravensfaire

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 02 March 2012 - 03:51 AM

I downloaded a file and now my AVG keeps popping up 'removed threat' messages that indicate the threat either is or was located in a .DLL file. It 'removes' threats from a different .DLL file every few minutes/seconds. I ran a full computer scan with AVG but the first time I did it my lap top gave me a blue screen and promptly shut itself off. the second and third times that I ran the full computer scan, nothing showed up however; I am still getting these messages from AVG:

Example 1
Example 2

Whatever it is seems to bounce between the threat names ZeroAcess.dr.gen.d and Trojan Horse Generic27.PN when it comes up on AVG's threat removal thing. AVG always says that the threat removal was complete and that the threat was removed yet these messages keep popping up. A friend had me download HijackThis and had me take a log of it's scan and then sent me here. I can't play any of my online games and even internet browsers are slow to open. Any help would be appreciated my OS is Windows Vista Home Premium.

Edited by Ravensfaire, 02 March 2012 - 03:53 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:09 AM

Posted 02 March 2012 - 04:08 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Ravensfaire

Ravensfaire
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 02 March 2012 - 12:14 PM

Log Results


TDSSKiller


08:59:05.0686 13372 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
08:59:06.0058 13372 ============================================================
08:59:06.0058 13372 Current date / time: 2012/03/02 08:59:06.0058
08:59:06.0058 13372 SystemInfo:
08:59:06.0058 13372
08:59:06.0058 13372 OS Version: 6.0.6002 ServicePack: 2.0
08:59:06.0058 13372 Product type: Workstation
08:59:06.0058 13372 ComputerName: DND-PC
08:59:06.0059 13372 UserName: Dungeons & Dragons
08:59:06.0059 13372 Windows directory: C:\Windows
08:59:06.0059 13372 System windows directory: C:\Windows
08:59:06.0059 13372 Processor architecture: Intel x86
08:59:06.0059 13372 Number of processors: 2
08:59:06.0059 13372 Page size: 0x1000
08:59:06.0059 13372 Boot type: Normal boot
08:59:06.0059 13372 ============================================================
08:59:08.0270 13372 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:59:08.0302 13372 \Device\Harddisk0\DR0:
08:59:08.0324 13372 MBR used
08:59:08.0324 13372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000
08:59:08.0457 13372 Initialize success
08:59:08.0457 13372 ============================================================
08:59:17.0463 4224 ============================================================
08:59:17.0463 4224 Scan started
08:59:17.0463 4224 Mode: Manual; TDLFS;
08:59:17.0463 4224 ============================================================
08:59:20.0805 4224 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:59:20.0812 4224 ACPI - ok
08:59:21.0302 4224 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
08:59:21.0320 4224 adp94xx - ok
08:59:21.0487 4224 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
08:59:21.0520 4224 adpahci - ok
08:59:21.0865 4224 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
08:59:21.0868 4224 adpu160m - ok
08:59:22.0188 4224 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
08:59:22.0193 4224 adpu320 - ok
08:59:22.0805 4224 AFD (1eaeba258bde2b2bcadc55d35ca25278) C:\Windows\system32\drivers\afd.sys
08:59:22.0832 4224 AFD - ok
08:59:23.0410 4224 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
08:59:23.0456 4224 AgereSoftModem - ok
08:59:23.0692 4224 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
08:59:23.0711 4224 agp440 - ok
08:59:23.0896 4224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:59:24.0064 4224 aic78xx - ok
08:59:24.0576 4224 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
08:59:24.0578 4224 aliide - ok
08:59:24.0811 4224 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
08:59:24.0813 4224 amdagp - ok
08:59:24.0879 4224 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
08:59:24.0909 4224 amdide - ok
08:59:25.0125 4224 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
08:59:25.0147 4224 AmdK7 - ok
08:59:25.0199 4224 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
08:59:25.0201 4224 AmdK8 - ok
08:59:25.0906 4224 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
08:59:25.0936 4224 arc - ok
08:59:26.0151 4224 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
08:59:26.0154 4224 arcsas - ok
08:59:26.0683 4224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:59:26.0685 4224 AsyncMac - ok
08:59:26.0743 4224 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:59:26.0744 4224 atapi - ok
08:59:27.0141 4224 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
08:59:27.0144 4224 AVGIDSDriver - ok
08:59:27.0185 4224 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
08:59:27.0195 4224 AVGIDSEH - ok
08:59:27.0221 4224 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
08:59:27.0224 4224 AVGIDSFilter - ok
08:59:27.0437 4224 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
08:59:27.0455 4224 AVGIDSShim - ok
08:59:27.0713 4224 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
08:59:27.0732 4224 Avgldx86 - ok
08:59:27.0911 4224 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
08:59:27.0913 4224 Avgmfx86 - ok
08:59:28.0123 4224 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
08:59:28.0149 4224 Avgrkx86 - ok
08:59:28.0302 4224 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
08:59:28.0318 4224 Avgtdix - ok
08:59:28.0885 4224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:59:28.0893 4224 Beep - ok
08:59:29.0186 4224 blbdrive - ok
08:59:29.0335 4224 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:59:29.0363 4224 bowser - ok
08:59:29.0665 4224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:59:29.0667 4224 BrFiltLo - ok
08:59:29.0705 4224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:59:29.0728 4224 BrFiltUp - ok
08:59:30.0037 4224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:59:30.0065 4224 Brserid - ok
08:59:30.0166 4224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:59:30.0169 4224 BrSerWdm - ok
08:59:30.0306 4224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:59:30.0310 4224 BrUsbMdm - ok
08:59:30.0706 4224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:59:30.0741 4224 BrUsbSer - ok
08:59:31.0307 4224 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:59:31.0312 4224 BTHMODEM - ok
08:59:31.0837 4224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:59:31.0840 4224 cdfs - ok
08:59:32.0119 4224 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:59:32.0122 4224 cdrom - ok
08:59:32.0321 4224 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
08:59:32.0323 4224 circlass - ok
08:59:32.0443 4224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:59:32.0450 4224 CLFS - ok
08:59:32.0659 4224 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:59:32.0660 4224 CmBatt - ok
08:59:32.0704 4224 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
08:59:32.0706 4224 cmdide - ok
08:59:32.0896 4224 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:59:32.0897 4224 Compbatt - ok
08:59:33.0104 4224 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
08:59:33.0106 4224 crcdisk - ok
08:59:33.0382 4224 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
08:59:33.0404 4224 Crusoe - ok
08:59:33.0845 4224 CWMonitor (c6f3e08efef66ba0215bb600ea1b21de) C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys
08:59:33.0847 4224 CWMonitor - ok
08:59:34.0320 4224 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:59:34.0322 4224 DfsC - ok
08:59:34.0563 4224 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:59:34.0565 4224 disk - ok
08:59:34.0884 4224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:59:34.0885 4224 drmkaud - ok
08:59:35.0094 4224 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:59:35.0110 4224 DXGKrnl - ok
08:59:35.0301 4224 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:59:35.0308 4224 E1G60 - ok
08:59:35.0657 4224 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:59:35.0673 4224 Ecache - ok
08:59:35.0761 4224 eeCtrl (08035db1987412cced1d4201263776ed) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:59:35.0782 4224 eeCtrl - ok
08:59:36.0175 4224 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
08:59:36.0182 4224 elxstor - ok
08:59:36.0691 4224 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:59:36.0696 4224 exfat - ok
08:59:36.0912 4224 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:59:36.0916 4224 fastfat - ok
08:59:37.0168 4224 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
08:59:37.0190 4224 fdc - ok
08:59:37.0402 4224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:59:37.0407 4224 FileInfo - ok
08:59:37.0996 4224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:59:37.0998 4224 Filetrace - ok
08:59:38.0757 4224 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
08:59:38.0759 4224 flpydisk - ok
08:59:39.0350 4224 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:59:39.0392 4224 FltMgr - ok
08:59:39.0781 4224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:59:39.0783 4224 Fs_Rec - ok
08:59:40.0123 4224 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
08:59:40.0146 4224 FwLnk - ok
08:59:40.0430 4224 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
08:59:40.0453 4224 gagp30kx - ok
08:59:40.0897 4224 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:59:40.0914 4224 HdAudAddService - ok
08:59:41.0021 4224 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:59:41.0065 4224 HDAudBus - ok
08:59:41.0298 4224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:59:41.0301 4224 HidBth - ok
08:59:41.0388 4224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:59:41.0411 4224 HidIr - ok
08:59:41.0632 4224 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:59:41.0635 4224 HidUsb - ok
08:59:42.0328 4224 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
08:59:42.0347 4224 HpCISSs - ok
08:59:42.0879 4224 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:59:42.0890 4224 HTTP - ok
08:59:43.0170 4224 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
08:59:43.0173 4224 i2omp - ok
08:59:43.0435 4224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:59:43.0460 4224 i8042prt - ok
08:59:43.0867 4224 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
08:59:43.0877 4224 iaStorV - ok
08:59:45.0108 4224 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:59:45.0249 4224 igfx - ok
08:59:45.0633 4224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:59:45.0648 4224 iirsp - ok
08:59:46.0143 4224 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys
08:59:46.0183 4224 IntcAzAudAddService - ok
08:59:46.0422 4224 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:59:46.0443 4224 intelide - ok
08:59:46.0555 4224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:59:46.0578 4224 intelppm - ok
08:59:46.0800 4224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:59:46.0820 4224 IpFilterDriver - ok
08:59:46.0868 4224 IpInIp - ok
08:59:46.0928 4224 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
08:59:46.0931 4224 IPMIDRV - ok
08:59:46.0976 4224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:59:46.0980 4224 IPNAT - ok
08:59:47.0224 4224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:59:47.0226 4224 IRENUM - ok
08:59:47.0570 4224 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
08:59:47.0574 4224 isapnp - ok
08:59:47.0922 4224 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:59:47.0928 4224 iScsiPrt - ok
08:59:48.0231 4224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:59:48.0251 4224 iteatapi - ok
08:59:48.0452 4224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:59:48.0454 4224 iteraid - ok
08:59:48.0685 4224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:59:48.0688 4224 kbdclass - ok
08:59:48.0868 4224 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
08:59:48.0871 4224 kbdhid - ok
08:59:49.0045 4224 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
08:59:49.0062 4224 KR10I - ok
08:59:49.0210 4224 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
08:59:49.0242 4224 KR10N - ok
08:59:49.0492 4224 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
08:59:49.0503 4224 KR3NPXP - ok
08:59:49.0861 4224 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
08:59:49.0871 4224 KSecDD - ok
08:59:50.0256 4224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:59:50.0272 4224 lltdio - ok
08:59:50.0766 4224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
08:59:50.0793 4224 LSI_FC - ok
08:59:50.0919 4224 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
08:59:50.0922 4224 LSI_SAS - ok
08:59:50.0988 4224 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
08:59:51.0010 4224 LSI_SCSI - ok
08:59:51.0102 4224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:59:51.0122 4224 luafv - ok
08:59:51.0692 4224 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
08:59:51.0705 4224 megasas - ok
08:59:52.0183 4224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:59:52.0197 4224 Modem - ok
08:59:52.0360 4224 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:59:52.0379 4224 monitor - ok
08:59:52.0449 4224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:59:52.0451 4224 mouclass - ok
08:59:52.0710 4224 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
08:59:52.0733 4224 mouhid - ok
08:59:52.0825 4224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:59:52.0828 4224 MountMgr - ok
08:59:52.0975 4224 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
08:59:52.0978 4224 mpio - ok
08:59:53.0261 4224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:59:53.0281 4224 mpsdrv - ok
08:59:53.0555 4224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:59:53.0557 4224 Mraid35x - ok
08:59:54.0013 4224 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:59:54.0041 4224 MRxDAV - ok
08:59:54.0148 4224 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:59:54.0152 4224 mrxsmb - ok
08:59:54.0522 4224 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:59:54.0563 4224 mrxsmb10 - ok
08:59:54.0958 4224 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:59:54.0987 4224 mrxsmb20 - ok
08:59:55.0572 4224 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
08:59:55.0591 4224 msahci - ok
08:59:55.0904 4224 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
08:59:55.0917 4224 msdsm - ok
08:59:56.0345 4224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:59:56.0381 4224 Msfs - ok
08:59:56.0863 4224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:59:56.0865 4224 msisadrv - ok
08:59:56.0993 4224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:59:56.0995 4224 MSKSSRV - ok
08:59:57.0741 4224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:59:57.0805 4224 MSPCLOCK - ok
08:59:58.0224 4224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:59:58.0277 4224 MSPQM - ok
08:59:58.0770 4224 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:59:58.0785 4224 MsRPC - ok
08:59:59.0005 4224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:59:59.0024 4224 mssmbios - ok
08:59:59.0548 4224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:59:59.0624 4224 MSTEE - ok
09:00:00.0159 4224 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:00:00.0304 4224 Mup - ok
09:00:00.0951 4224 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:00:00.0955 4224 NativeWifiP - ok
09:00:01.0703 4224 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:00:01.0716 4224 NDIS - ok
09:00:01.0993 4224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:00:01.0995 4224 NdisTapi - ok
09:00:02.0460 4224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:00:02.0482 4224 Ndisuio - ok
09:00:02.0930 4224 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:00:02.0934 4224 NdisWan - ok
09:00:03.0450 4224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:00:03.0452 4224 NDProxy - ok
09:00:04.0023 4224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:00:04.0041 4224 NetBIOS - ok
09:00:04.0519 4224 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:00:04.0524 4224 netbt - ok
09:00:04.0955 4224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:00:04.0980 4224 nfrd960 - ok
09:00:05.0470 4224 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:00:05.0503 4224 Npfs - ok
09:00:05.0794 4224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:00:05.0796 4224 nsiproxy - ok
09:00:06.0247 4224 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:00:06.0282 4224 Ntfs - ok
09:00:06.0579 4224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:00:06.0581 4224 ntrigdigi - ok
09:00:06.0947 4224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:00:06.0951 4224 Null - ok
09:00:07.0305 4224 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:00:07.0321 4224 nvraid - ok
09:00:07.0640 4224 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:00:07.0663 4224 nvstor - ok
09:00:07.0929 4224 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:00:07.0934 4224 nv_agp - ok
09:00:08.0055 4224 NwlnkFlt - ok
09:00:08.0238 4224 NwlnkFwd - ok
09:00:08.0459 4224 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
09:00:08.0474 4224 ohci1394 - ok
09:00:09.0411 4224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:00:09.0438 4224 Parport - ok
09:00:09.0936 4224 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:00:09.0947 4224 partmgr - ok
09:00:10.0174 4224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:00:10.0178 4224 Parvdm - ok
09:00:10.0540 4224 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:00:10.0550 4224 pci - ok
09:00:10.0713 4224 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
09:00:10.0730 4224 pciide - ok
09:00:10.0856 4224 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
09:00:10.0864 4224 pcmcia - ok
09:00:11.0270 4224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:00:11.0293 4224 PEAUTH - ok
09:00:11.0805 4224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:00:11.0808 4224 PptpMiniport - ok
09:00:11.0960 4224 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:00:11.0962 4224 Processor - ok
09:00:12.0093 4224 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:00:12.0095 4224 PSched - ok
09:00:12.0383 4224 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
09:00:12.0398 4224 PxHelp20 - ok
09:00:12.0605 4224 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:00:12.0644 4224 ql2300 - ok
09:00:12.0744 4224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:00:12.0759 4224 ql40xx - ok
09:00:12.0854 4224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:00:12.0857 4224 QWAVEdrv - ok
09:00:12.0988 4224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:00:12.0997 4224 RasAcd - ok
09:00:13.0208 4224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:00:13.0225 4224 Rasl2tp - ok
09:00:13.0421 4224 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:00:13.0437 4224 RasPppoe - ok
09:00:13.0626 4224 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:00:13.0642 4224 RasSstp - ok
09:00:13.0884 4224 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:00:13.0895 4224 rdbss - ok
09:00:14.0115 4224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:00:14.0117 4224 RDPCDD - ok
09:00:14.0260 4224 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:00:14.0273 4224 rdpdr - ok
09:00:14.0471 4224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:00:14.0491 4224 RDPENCDD - ok
09:00:14.0741 4224 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:00:14.0762 4224 RDPWD - ok
09:00:15.0355 4224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:00:15.0375 4224 rspndr - ok
09:00:15.0682 4224 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
09:00:15.0704 4224 RTL8187B - ok
09:00:16.0302 4224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:00:16.0320 4224 sbp2port - ok
09:00:16.0543 4224 sdbus (bcca63a3d143938273a3158757389dc7) C:\Windows\system32\DRIVERS\sdbus.sys
09:00:16.0563 4224 sdbus - ok
09:00:17.0080 4224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:00:17.0103 4224 secdrv - ok
09:00:17.0473 4224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:00:17.0475 4224 Serenum - ok
09:00:17.0632 4224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:00:17.0635 4224 Serial - ok
09:00:17.0730 4224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:00:17.0746 4224 sermouse - ok
09:00:18.0029 4224 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:00:18.0034 4224 sffdisk - ok
09:00:18.0108 4224 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:00:18.0110 4224 sffp_mmc - ok
09:00:18.0222 4224 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:00:18.0223 4224 sffp_sd - ok
09:00:18.0318 4224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:00:18.0320 4224 sfloppy - ok
09:00:18.0492 4224 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:00:18.0495 4224 sisagp - ok
09:00:18.0572 4224 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:00:18.0574 4224 SiSRaid2 - ok
09:00:18.0668 4224 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:00:18.0670 4224 SiSRaid4 - ok
09:00:18.0918 4224 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:00:18.0922 4224 Smb - ok
09:00:19.0352 4224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:00:19.0354 4224 spldr - ok
09:00:19.0640 4224 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:00:19.0648 4224 srv - ok
09:00:19.0742 4224 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:00:19.0746 4224 srv2 - ok
09:00:19.0833 4224 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:00:19.0837 4224 srvnet - ok
09:00:20.0157 4224 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
09:00:20.0159 4224 StillCam - ok
09:00:20.0284 4224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:00:20.0286 4224 swenum - ok
09:00:20.0452 4224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:00:20.0454 4224 Symc8xx - ok
09:00:20.0542 4224 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:00:20.0546 4224 SymEvent - ok
09:00:20.0644 4224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:00:20.0646 4224 Sym_hi - ok
09:00:20.0750 4224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:00:20.0752 4224 Sym_u3 - ok
09:00:20.0842 4224 SynTP (a93e77225d7b32d270fbb6acc3df119b) C:\Windows\system32\DRIVERS\SynTP.sys
09:00:20.0848 4224 SynTP - ok
09:00:21.0194 4224 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:00:21.0215 4224 Tcpip - ok
09:00:21.0328 4224 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:00:21.0335 4224 Tcpip6 - ok
09:00:21.0465 4224 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:00:21.0467 4224 tcpipreg - ok
09:00:21.0511 4224 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
09:00:21.0513 4224 tdcmdpst - ok
09:00:21.0575 4224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:00:21.0576 4224 TDPIPE - ok
09:00:21.0721 4224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:00:21.0723 4224 TDTCP - ok
09:00:21.0784 4224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:00:21.0788 4224 tdx - ok
09:00:21.0844 4224 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:00:21.0846 4224 TermDD - ok
09:00:22.0185 4224 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
09:00:22.0193 4224 tifm21 - ok
09:00:22.0504 4224 Tosrfcom - ok
09:00:22.0621 4224 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
09:00:22.0628 4224 tos_sps32 - ok
09:00:22.0964 4224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:00:22.0966 4224 tssecsrv - ok
09:00:23.0029 4224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:00:23.0031 4224 tunmp - ok
09:00:23.0095 4224 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:00:23.0097 4224 tunnel - ok
09:00:23.0176 4224 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:00:23.0178 4224 TVALZ - ok
09:00:23.0354 4224 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:00:23.0356 4224 uagp35 - ok
09:00:23.0467 4224 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:00:23.0473 4224 udfs - ok
09:00:23.0569 4224 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:00:23.0572 4224 uliagpkx - ok
09:00:23.0707 4224 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:00:23.0713 4224 uliahci - ok
09:00:23.0759 4224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:00:23.0762 4224 UlSata - ok
09:00:23.0804 4224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:00:23.0807 4224 ulsata2 - ok
09:00:23.0962 4224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:00:23.0964 4224 umbus - ok
09:00:24.0199 4224 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:00:24.0202 4224 usbaudio - ok
09:00:24.0351 4224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:00:24.0355 4224 usbccgp - ok
09:00:24.0417 4224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:00:24.0421 4224 usbcir - ok
09:00:24.0493 4224 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:00:24.0495 4224 usbehci - ok
09:00:24.0616 4224 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:00:24.0622 4224 usbhub - ok
09:00:24.0686 4224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:00:24.0695 4224 usbohci - ok
09:00:24.0729 4224 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:00:24.0731 4224 usbprint - ok
09:00:24.0966 4224 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:00:24.0976 4224 USBSTOR - ok
09:00:25.0130 4224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:00:25.0140 4224 usbuhci - ok
09:00:25.0325 4224 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
09:00:25.0344 4224 usbvideo - ok
09:00:25.0850 4224 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:00:25.0873 4224 vga - ok
09:00:26.0063 4224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:00:26.0067 4224 VgaSave - ok
09:00:26.0173 4224 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:00:26.0187 4224 viaagp - ok
09:00:26.0419 4224 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:00:26.0439 4224 ViaC7 - ok
09:00:26.0485 4224 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:00:26.0487 4224 viaide - ok
09:00:26.0897 4224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:00:26.0918 4224 volmgr - ok
09:00:27.0164 4224 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:00:27.0182 4224 volmgrx - ok
09:00:27.0715 4224 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:00:27.0738 4224 volsnap - ok
09:00:28.0134 4224 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:00:28.0138 4224 vsmraid - ok
09:00:28.0974 4224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:00:28.0997 4224 WacomPen - ok
09:00:29.0235 4224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:29.0238 4224 Wanarp - ok
09:00:29.0269 4224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:29.0270 4224 Wanarpv6 - ok
09:00:29.0681 4224 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:00:29.0683 4224 Wd - ok
09:00:29.0798 4224 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:00:29.0810 4224 Wdf01000 - ok
09:00:30.0549 4224 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:00:30.0551 4224 WmiAcpi - ok
09:00:30.0713 4224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:00:30.0731 4224 WpdUsb - ok
09:00:31.0016 4224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:00:31.0018 4224 ws2ifsl - ok
09:00:31.0132 4224 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:00:31.0134 4224 WSDPrintDevice - ok
09:00:31.0294 4224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:00:31.0297 4224 WUDFRd - ok
09:00:31.0578 4224 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
09:00:31.0587 4224 yukonwlh - ok
09:00:32.0029 4224 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
09:00:32.0376 4224 \Device\Harddisk0\DR0 - ok
09:00:32.0386 4224 Boot (0x1200) (4e4b818993fe368fd92ee067c7499cc2) \Device\Harddisk0\DR0\Partition0
09:00:32.0388 4224 \Device\Harddisk0\DR0\Partition0 - ok
09:00:32.0389 4224 ============================================================
09:00:32.0389 4224 Scan finished
09:00:32.0389 4224 ============================================================
09:00:32.0418 15364 Detected object count: 0
09:00:32.0418 15364 Actual detected object count: 0



GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-02 10:40:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC33P
Running: bzvrh87m.exe; Driver: C:\Users\DUNGEO~1\AppData\Local\Temp\kwldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA8747A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA874848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA8748E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA874980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 81EBCB74 4 Bytes [A0, 47, 87, AA]
.text ntkrnlpa.exe!KeSetEvent + 621 81EBCDA4 8 Bytes [48, 48, 87, AA, E4, 48, 87, ...] {DEC EAX; DEC EAX; XCHG [EDX-0x5578b71c], EBP}
.text ntkrnlpa.exe!KeSetEvent + 681 81EBCE04 4 Bytes [80, 49, 87, AA] {OR BYTE [ECX-0x79], 0xaa}
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8815B000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x881A4000, 0x510, 0x40000040]
.INIT C:\Windows\system32\drivers\afd.sys entry point in ".INIT" section [0x8D121522]
? system32\drivers\52522760.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[9544] kernel32.dll!SetUnhandledExceptionFilter 76CEA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!EnableWindow 7705CD8B 5 Bytes JMP 6ABE9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!DialogBoxParamW 770810B0 5 Bytes JMP 6AB4170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!DialogBoxIndirectParamW 77082EF5 5 Bytes JMP 6AD36336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!DialogBoxParamA 77098152 5 Bytes JMP 6AD362D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!DialogBoxIndirectParamA 7709847D 5 Bytes JMP 6AD3639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!MessageBoxIndirectA 770AD4D9 5 Bytes JMP 6AD36258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!MessageBoxIndirectW 770AD5D3 5 Bytes JMP 6AD361DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!MessageBoxExA 770AD639 5 Bytes JMP 6AD3617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] USER32.dll!MessageBoxExW 770AD65D 5 Bytes JMP 6AD36117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] CRYPT32.dll!CertDuplicateCRLContext + 5A 752789ED 7 Bytes JMP 35675558 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[10292] CRYPT32.dll!I_CryptFreeLruCache + 1E1 7527DC4F 7 Bytes JMP 356755B8 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[12748] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 635D5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[12748] CRYPT32.dll!CertDuplicateCRLContext + 5A 752789ED 7 Bytes JMP 35675558 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[12748] CRYPT32.dll!I_CryptFreeLruCache + 1E1 7527DC4F 7 Bytes JMP 356755B8 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] kernel32.dll!CreateThread 76D0CB2E 5 Bytes JMP 6ABA7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!SetWindowsHookExW 770587AD 5 Bytes JMP 6ABE2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!CallNextHookEx 77058E3B 5 Bytes JMP 6AC07BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!UnhookWindowsHookEx 770598DB 5 Bytes JMP 6AC2EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!EnableWindow 7705CD8B 5 Bytes JMP 6ABE9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!DefWindowProcA 7705DB88 7 Bytes JMP 6ABA952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!CreateWindowExA 7705DC2A 5 Bytes JMP 6ABB3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!CreateWindowExW 77061305 5 Bytes JMP 6AC0FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!DefWindowProcW 770703B4 7 Bytes JMP 6AC07C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!DialogBoxParamW 770810B0 5 Bytes JMP 6AB4170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!DialogBoxIndirectParamW 77082EF5 5 Bytes JMP 6AD36336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!DialogBoxParamA 77098152 5 Bytes JMP 6AD362D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!DialogBoxIndirectParamA 7709847D 5 Bytes JMP 6AD3639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!MessageBoxIndirectA 770AD4D9 5 Bytes JMP 6AD36258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!MessageBoxIndirectW 770AD5D3 5 Bytes JMP 6AD361DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!MessageBoxExA 770AD639 5 Bytes JMP 6AD3617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] USER32.dll!MessageBoxExW 770AD65D 5 Bytes JMP 6AD36117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] ole32.dll!OleLoadFromStream 75A41E80 5 Bytes JMP 6AD36B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] CRYPT32.dll!CertDuplicateCRLContext + 5A 752789ED 7 Bytes JMP 35675558 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12764] CRYPT32.dll!I_CryptFreeLruCache + 1E1 7527DC4F 7 Bytes JMP 356755B8 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[17060] USER32.dll!SetWindowLongA 7705E7CD 4 Bytes JMP 639C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[17060] USER32.dll!SetWindowLongW 770613B4 4 Bytes JMP 639C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[17060] USER32.dll!GetWindowInfo 7706428E 5 Bytes JMP 63750924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[17060] USER32.dll!TrackPopupMenu 770714F3 4 Bytes JMP 63750ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[17060] CRYPT32.dll!CertDuplicateCRLContext + 5A 752789ED 7 Bytes JMP 35675558 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[17060] CRYPT32.dll!I_CryptFreeLruCache + 1E1 7527DC4F 7 Bytes JMP 356755B8 C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73317817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7336A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7331BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7330F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [733175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7330E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73348395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7331DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7330FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7330FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [733071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7339CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7333C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7330D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73306853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7330687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5700] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73312AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\29425145 \Device\KLMD16012012_207010 52522760.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:364] 86175540
Thread System [4:368] 86175540

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@netsvcs ?????????????????e??????0???????file:///*\dfsrprivate\*???????????????*?????????ScanDispatcher Class??????N?????????D???{b622553e-eadb-445e-9493-c3df5af99268}??????????????? ??????????????????????????????J???????????????????????????? ??????????????????????????????N?????????????????????????N?????????eHomeSchedulerService.ScanDispatcher.1????????J?????????eHomeSchedulerService.ScanDispatcher??????8?????????Adhoc Ics Option Page Class?????? ??????????????????????????????F?????????????????????????F?????????%SystemRoot%\system32\wlanpref.dll??????????????????????????????Apartment????????????? ?????????PSFactoryBuffer?????? ??????????????????????????????j?????????????????????????j?????????C:\Windows\System32\portabledeviceclassextension.dll?????????? ?????????????????Both??????????????"?????????IRService.IRUser????? ????????????????????????L?????????????????????????????????? ????????????????????????????????????????????????"?????????? ??????????????????????????????"???????????????????????????????IRService.IRUser???

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB35136$\1797528987 0 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\@ 2048 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\L 0 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\L\qnbwvoto 273408 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\loader.tlb 2632 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U 0 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@00000001 45968 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@000000c0 2560 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@000000cb 3072 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@80000000 73216 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@800000c0 43520 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@800000cb 25600 bytes
File C:\Windows\$NtUninstallKB35136$\1797528987\U\@800000cf 31232 bytes
File C:\Windows\$NtUninstallKB35136$\4188534533 0 bytes

---- EOF - GMER 1.0.15 ----



aswMBR


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 10:40:48
-----------------------------
10:40:48.998 OS Version: Windows 6.0.6002 Service Pack 2
10:40:48.998 Number of processors: 2 586 0xF0D
10:40:49.000 ComputerName: DND-PC UserName:
10:40:57.123 Initialize success
10:43:13.782 AVAST engine defs: 12030200
10:43:18.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:43:18.882 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC33P Size: 152627MB BusType: 3
10:43:18.915 Disk 0 MBR read successfully
10:43:18.931 Disk 0 MBR scan
10:43:18.940 Disk 0 Windows VISTA default MBR code
10:43:18.956 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:43:19.027 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151126 MB offset 3074048
10:43:19.150 Disk 0 scanning sectors +312580096
10:43:19.682 Disk 0 scanning C:\Windows\system32\drivers
10:43:23.231 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-OX [Rtk]
10:44:47.571 Disk 0 trace - called modules:
10:44:47.663 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86174bc0]<<
10:44:47.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854f4ac8]
10:44:47.682 3 CLASSPNP.SYS[87f158b3] -> nt!IofCallDriver -> [0x861186f8]
10:44:47.700 \Driver\00001020[0x86118860] -> IRP_MJ_CREATE -> 0x86174bc0
10:44:53.845 AVAST engine scan C:\Windows
10:46:14.530 AVAST engine scan C:\Windows\system32
10:51:49.635 File: C:\Windows\assembly\GAC_MSIL\Desktop.ini **INFECTED** Win32:Malware-gen
10:54:15.463 AVAST engine scan C:\Windows\system32\drivers
10:54:19.793 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-OX [Rtk]
10:55:05.992 AVAST engine scan C:\Users\Dungeons & Dragons
10:55:07.686 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\U\000000c0.@ **INFECTED** Other:Malware-gen
10:55:07.824 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\U\000000cb.@ **INFECTED** Other:Malware-gen
10:55:07.941 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
10:55:08.019 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\U\800000c0.@ **INFECTED** Win32:Trojan-gen
10:55:08.092 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
10:55:08.169 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\U\800000cf.@ **INFECTED** Win32:Trojan-gen
10:55:08.281 File: C:\Users\Dungeons & Dragons\AppData\Local\6b241d9b\X **INFECTED** Win32:Sirefef-OW [Trj]
12:06:49.499 Disk 0 MBR has been saved successfully to "C:\Users\Raven\Documents\MBR.dat"
12:06:49.501 The log file has been saved successfully to "C:\Users\Raven\Documents\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:09 AM

Posted 03 March 2012 - 03:46 AM

You're infected by zero access rootkit.We needs advanced tools

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users