Page 4 of 8 FirstFirst 12345678 LastLast
Results 31 to 40 of 76

Thread: Java/Agent.DW removal help needed

  1. 2011-12-04, 21:58 #31
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi,

    here is some malwarebyte protection logs i just noticed on the W7 box that was not looking infected but who may be...:


    protection-log-2011-11-27

    09:13:29 admin MESSAGE Protection started successfully
    09:13:33 admin MESSAGE IP Protection started successfully
    18:38:23 admin MESSAGE Scheduled update executed successfully
    18:39:55 admin MESSAGE IP Protection stopped
    18:39:58 admin MESSAGE Database updated successfully
    18:39:59 admin MESSAGE IP Protection started successfully
    22:59:42 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54278, Process: firefox.exe)
    23:00:39 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54504, Process: firefox.exe)
    23:01:03 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54613, Process: firefox.exe)


    protection-log-2011-12-04
    10:12:16 admin MESSAGE Protection started successfully
    10:12:20 admin MESSAGE IP Protection started successfully
    21:44:05 admin IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 51936, Process: firefox.exe)
    21:44:05 admin IP-BLOCK 89.149.227.56 (Type: outgoing, Port: 51992, Process: firefox.exe)
    21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52010, Process: firefox.exe)
    21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52011, Process: firefox.exe)
  2. 2011-12-04, 22:47 #32
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Logs look ok. For the XP machine:

    Please also download MBRcheck to your desktop

    Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)

    It will show a Black screen with some information that will contain either the below line if no problem is found:

    Done! Press ENTER to exit...

    Or you will see more information like below if a problem is found:

    Found non-standard or infected MBR.

    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.

    MBRCheck will create a log on your desktop named similar to MBRCheck_07.16.10_00.32.33.txt which is based on the date and time.

    Post the log in your reply.
    How Can I Reduce My Risk?
  3. 2011-12-04, 23:10 #33
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    here are the 3 logs for the W7 box, MBR check found something see below:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 32-bit
    Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    BIOS Manufacturer: Phoenix Technologies Ltd.
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Product Name: R720
    Logical Drives Mask: 0x0000009c

    Kernel Drivers (total 159):
    0x83016000 \SystemRoot\system32\ntoskrnl.exe
    0x83419000 \SystemRoot\system32\halmacpi.dll
    0x80BC0000 \SystemRoot\system32\kdcom.dll
    0x8B823000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8B8A8000 \SystemRoot\system32\PSHED.dll
    0x8B8B9000 \SystemRoot\system32\BOOTVID.dll
    0x8B8C1000 \SystemRoot\system32\CLFS.SYS
    0x8B903000 \SystemRoot\system32\CI.dll
    0x8B9AE000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8BA1F000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8BA2D000 \SystemRoot\system32\drivers\ACPI.sys
    0x8BA75000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x8BA7E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8BA86000 \SystemRoot\system32\drivers\pci.sys
    0x8BAB0000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x8BABB000 \SystemRoot\System32\drivers\partmgr.sys
    0x8BACC000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8BAD4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8BADF000 \SystemRoot\system32\drivers\volmgr.sys
    0x8BAEF000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8BB3A000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8BC22000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8BCFC000 \SystemRoot\system32\drivers\atapi.sys
    0x8BD05000 \SystemRoot\system32\drivers\ataport.SYS
    0x8BD28000 \SystemRoot\system32\drivers\msahci.sys
    0x8BD32000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8BD40000 \SystemRoot\system32\drivers\amdxata.sys
    0x8BD49000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8BD7D000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8BD8E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8BEBD000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8BEE8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8BEFB000 \SystemRoot\System32\Drivers\cng.sys
    0x8BF58000 \SystemRoot\System32\drivers\pcw.sys
    0x8BF66000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8C023000 \SystemRoot\system32\drivers\ndis.sys
    0x8C0DA000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C118000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8C13D000 \SystemRoot\System32\drivers\tcpip.sys
    0x8C287000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8C2B8000 \SystemRoot\system32\drivers\volsnap.sys
    0x8C2F7000 \SystemRoot\System32\Drivers\spldr.sys
    0x8C2FF000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8C32C000 \SystemRoot\System32\Drivers\mup.sys
    0x8C33C000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C344000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C376000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8C387000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x9290B000 \SystemRoot\system32\drivers\cdrom.sys
    0x9292A000 \SystemRoot\System32\Drivers\Null.SYS
    0x92931000 \SystemRoot\System32\Drivers\Beep.SYS
    0x92938000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0x92955000 \SystemRoot\System32\drivers\vga.sys
    0x92961000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x92982000 \SystemRoot\System32\drivers\watchdog.sys
    0x9298F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x92997000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x9299F000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x929A7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x929B2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x929C0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x929D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x929E3000 \SystemRoot\system32\drivers\afd.sys
    0x92A3D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92A6F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x92A76000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x92A95000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x92AA6000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x92AB4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x92AC7000 \SystemRoot\system32\drivers\termdd.sys
    0x92AD8000 \??\C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
    0x92AE0000 \??\C:\windows\system32\Drivers\SABI.sys
    0x92AE8000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x92B29000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x92B33000 \SystemRoot\system32\drivers\mssmbios.sys
    0x92B3D000 \SystemRoot\System32\drivers\discache.sys
    0x92B49000 \SystemRoot\System32\Drivers\dfsc.sys
    0x92B61000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x92B6F000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x93818000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x93D58000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x93E0F000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x93E48000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x93E67000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x93E72000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x93EBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x93ECC000 \SystemRoot\system32\DRIVERS\athr.sys
    0x93800000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x92B90000 \SystemRoot\system32\DRIVERS\yk62x86.sys
    0x9380A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x92BE1000 \SystemRoot\system32\drivers\i8042prt.sys
    0x92800000 \SystemRoot\system32\drivers\kbdclass.sys
    0x8C3B9000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x9380E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x9280D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x93810000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8C000000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8C012000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x8C3F3000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0x8BF6F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8BF81000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8BF99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8BFA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8BFC6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8BFDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8BC00000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x93816000 \SystemRoot\system32\drivers\swenum.sys
    0x8BB50000 \SystemRoot\system32\drivers\ks.sys
    0x8BB84000 \SystemRoot\system32\drivers\umbus.sys
    0x8BB92000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8BBD6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x94026000 \SystemRoot\system32\drivers\HdAudio.sys
    0x94076000 \SystemRoot\system32\drivers\portcls.sys
    0x940A5000 \SystemRoot\system32\drivers\drmk.sys
    0x940BE000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x94363000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x9436E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x94381000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x94388000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x970E0000 \SystemRoot\System32\win32k.sys
    0x94393000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9439D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x943B4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x943BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x943D6000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x94000000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9281A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x9400D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x97340000 \SystemRoot\System32\TSDDD.dll
    0x97370000 \SystemRoot\System32\cdd.dll
    0x8B800000 \SystemRoot\system32\drivers\luafv.sys
    0x9B82F000 \SystemRoot\system32\DRIVERS\eamon.sys
    0x9B8FB000 \SystemRoot\system32\drivers\WudfPf.sys
    0x9B915000 \SystemRoot\system32\DRIVERS\epfw.sys
    0x9B938000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9B948000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9B98E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9B99E000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9B9B1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x9B9DB000 \SystemRoot\system32\drivers\HTTP.sys
    0x9BA60000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9BA79000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9BA8B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9BAAE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9BAE9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9BB1C000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
    0x9BB2A000 \SystemRoot\system32\drivers\peauth.sys
    0x9BBC1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9BBCB000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9BBEC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA3807000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA3857000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA38A9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xA38CA000 \??\C:\windows\system32\drivers\mbam.sys
    0x97010000 \SystemRoot\System32\ATMFD.DLL
    0xA3B97000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x773B0000 \Windows\System32\ntdll.dll
    0x47720000 \Windows\System32\smss.exe
    0x775F0000 \Windows\System32\apisetschema.dll

    Processes (total 83):
    0 System Idle Process
    4 System
    312 C:\Windows\System32\smss.exe
    468 csrss.exe
    544 C:\Windows\System32\wininit.exe
    552 csrss.exe
    592 C:\Windows\System32\services.exe
    616 C:\Windows\System32\lsass.exe
    624 C:\Windows\System32\lsm.exe
    708 C:\Windows\System32\winlogon.exe
    772 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\atiesrxx.exe
    976 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\atieclxx.exe
    1384 C:\Windows\System32\svchost.exe
    1572 C:\Windows\System32\spoolsv.exe
    1608 C:\Windows\System32\svchost.exe
    1716 C:\Program Files\LSI SoftModem\agrsmsvc.exe
    1748 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1776 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    1800 C:\Program Files\Bonjour\mDNSResponder.exe
    1832 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    1884 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    1920 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    2004 C:\Windows\System32\Rezip.exe
    2036 C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
    400 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    1912 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    396 C:\Windows\System32\svchost.exe
    540 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    1472 C:\Windows\System32\svchost.exe
    1244 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    2228 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    2680 C:\Windows\System32\svchost.exe
    2740 WUDFHost.exe
    3396 C:\Windows\System32\svchost.exe
    3924 C:\Windows\System32\dwm.exe
    4000 C:\Windows\System32\taskhost.exe
    4064 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    2076 C:\Windows\System32\taskeng.exe
    2476 C:\Windows\System32\svchost.exe
    1668 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2952 C:\Windows\System32\SearchIndexer.exe
    1872 C:\Windows\explorer.exe
    1860 C:\Windows\System32\svchost.exe
    3064 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    3796 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    3788 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    4092 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    740 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    1812 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    3220 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4860 C:\Program Files\ESET\ESET Smart Security\egui.exe
    5064 C:\Windows\WindowsMobile\wmdc.exe
    5424 C:\Program Files\Mozilla Firefox\firefox.exe
    5940 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3392 C:\Program Files\iTunes\iTunesHelper.exe
    4448 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    1208 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    2144 C:\Program Files\iPod\bin\iPodService.exe
    1808 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    6700 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    7056 C:\Program Files\ICQ7.0\ICQ.exe
    12256 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    15220 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    15376 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    24496 C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
    23312 C:\Program Files\Internet Explorer\iexplore.exe
    5820 C:\Program Files\Internet Explorer\iexplore.exe
    1092 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    23016 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    25612 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    22920 C:\Windows\System32\audiodg.exe
    26320 C:\Windows\System32\dllhost.exe
    25036 dllhost.exe
    1348 dllhost.exe
    26560 C:\data\security\MBRCheck.exe
    24712 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000068`0bf00000 (NTFS)

    PhysicalDrive0 Model Number: ST9500325AS, Rev: 0001SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    23:08:00.0197 10936 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    23:08:01.0066 10936 ============================================================
    23:08:01.0066 10936 Current date / time: 2011/12/04 23:08:01.0066
    23:08:01.0066 10936 SystemInfo:
    23:08:01.0066 10936
    23:08:01.0066 10936 OS Version: 6.1.7601 ServicePack: 1.0
    23:08:01.0066 10936 Product type: Workstation
    23:08:01.0066 10936 ComputerName: ADMIN-PC
    23:08:01.0066 10936 UserName: admin
    23:08:01.0066 10936 Windows directory: C:\windows
    23:08:01.0066 10936 System windows directory: C:\windows
    23:08:01.0066 10936 Processor architecture: Intel x86
    23:08:01.0066 10936 Number of processors: 2
    23:08:01.0066 10936 Page size: 0x1000
    23:08:01.0066 10936 Boot type: Normal boot
    23:08:01.0066 10936 ============================================================
    23:08:01.0860 10936 Initialize success
    23:08:03.0221 11096 ============================================================
    23:08:03.0221 11096 Scan started
    23:08:03.0221 11096 Mode: Manual;
    23:08:03.0221 11096 ============================================================
    23:08:03.0737 11096 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
    23:08:03.0738 11096 1394ohci - ok
    23:08:03.0796 11096 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
    23:08:03.0798 11096 ACPI - ok
    23:08:03.0874 11096 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
    23:08:03.0874 11096 AcpiPmi - ok
    23:08:03.0940 11096 AdfuUd (9ed5d777a31ee654b0899cd1d2e778ba) C:\windows\system32\Drivers\AdfuUd.sys
    23:08:03.0940 11096 AdfuUd - ok
    23:08:04.0005 11096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    23:08:04.0011 11096 adp94xx - ok
    23:08:04.0030 11096 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    23:08:04.0035 11096 adpahci - ok
    23:08:04.0055 11096 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    23:08:04.0056 11096 adpu320 - ok
    23:08:04.0178 11096 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
    23:08:04.0180 11096 AFD - ok
    23:08:04.0363 11096 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
    23:08:04.0370 11096 AgereSoftModem - ok
    23:08:04.0412 11096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
    23:08:04.0413 11096 agp440 - ok
    23:08:04.0509 11096 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    23:08:04.0511 11096 aic78xx - ok
    23:08:04.0588 11096 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
    23:08:04.0588 11096 aliide - ok
    23:08:04.0642 11096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
    23:08:04.0645 11096 amdagp - ok
    23:08:04.0687 11096 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
    23:08:04.0688 11096 amdide - ok
    23:08:04.0723 11096 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    23:08:04.0726 11096 AmdK8 - ok
    23:08:04.0745 11096 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    23:08:04.0747 11096 AmdPPM - ok
    23:08:04.0804 11096 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
    23:08:04.0805 11096 amdsata - ok
    23:08:04.0834 11096 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    23:08:04.0837 11096 amdsbs - ok
    23:08:04.0877 11096 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
    23:08:04.0877 11096 amdxata - ok
    23:08:04.0939 11096 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
    23:08:04.0939 11096 AppID - ok
    23:08:05.0034 11096 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    23:08:05.0036 11096 arc - ok
    23:08:05.0055 11096 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    23:08:05.0057 11096 arcsas - ok
    23:08:05.0087 11096 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    23:08:05.0109 11096 AsyncMac - ok
    23:08:05.0207 11096 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
    23:08:05.0207 11096 atapi - ok
    23:08:05.0302 11096 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
    23:08:05.0312 11096 athr - ok
    23:08:05.0517 11096 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
    23:08:05.0617 11096 atikmdag - ok
    23:08:05.0760 11096 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    23:08:05.0767 11096 b06bdrv - ok
    23:08:05.0805 11096 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    23:08:05.0810 11096 b57nd60x - ok
    23:08:05.0864 11096 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    23:08:05.0865 11096 Beep - ok
    23:08:05.0905 11096 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    23:08:05.0909 11096 blbdrive - ok
    23:08:06.0065 11096 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
    23:08:06.0084 11096 bowser - ok
    23:08:06.0121 11096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    23:08:06.0122 11096 BrFiltLo - ok
    23:08:06.0141 11096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    23:08:06.0142 11096 BrFiltUp - ok
    23:08:06.0270 11096 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    23:08:06.0275 11096 Brserid - ok
    23:08:06.0308 11096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    23:08:06.0313 11096 BrSerWdm - ok
    23:08:06.0345 11096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    23:08:06.0346 11096 BrUsbMdm - ok
    23:08:06.0499 11096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    23:08:06.0500 11096 BrUsbSer - ok
    23:08:06.0635 11096 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
    23:08:06.0653 11096 BthEnum - ok
    23:08:06.0756 11096 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    23:08:06.0758 11096 BTHMODEM - ok
    23:08:06.0794 11096 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    23:08:06.0796 11096 BthPan - ok
    23:08:06.0866 11096 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
    23:08:06.0874 11096 BTHPORT - ok
    23:08:06.0905 11096 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
    23:08:06.0924 11096 BTHUSB - ok
    23:08:06.0956 11096 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    23:08:06.0958 11096 cdfs - ok
    23:08:07.0027 11096 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
    23:08:07.0028 11096 cdrom - ok
    23:08:07.0060 11096 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    23:08:07.0062 11096 circlass - ok
    23:08:07.0087 11096 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    23:08:07.0091 11096 CLFS - ok
    23:08:07.0145 11096 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    23:08:07.0146 11096 CmBatt - ok
    23:08:07.0201 11096 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
    23:08:07.0201 11096 cmdide - ok
    23:08:07.0274 11096 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    23:08:07.0281 11096 CNG - ok
    23:08:07.0398 11096 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    23:08:07.0418 11096 Compbatt - ok
    23:08:07.0524 11096 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
    23:08:07.0525 11096 CompositeBus - ok
    23:08:07.0571 11096 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    23:08:07.0573 11096 crcdisk - ok
    23:08:07.0716 11096 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
    23:08:07.0717 11096 DfsC - ok
    23:08:07.0757 11096 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    23:08:07.0757 11096 discache - ok
    23:08:07.0862 11096 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    23:08:07.0864 11096 Disk - ok
    23:08:07.0904 11096 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    23:08:07.0905 11096 drmkaud - ok
    23:08:07.0971 11096 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
    23:08:07.0978 11096 DXGKrnl - ok
    23:08:08.0063 11096 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\windows\system32\DRIVERS\eamon.sys
    23:08:08.0065 11096 eamon - ok
    23:08:08.0186 11096 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    23:08:08.0286 11096 ebdrv - ok
    23:08:08.0415 11096 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\windows\system32\DRIVERS\ehdrv.sys
    23:08:08.0416 11096 ehdrv - ok
    23:08:08.0554 11096 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    23:08:08.0562 11096 elxstor - ok
    23:08:08.0592 11096 epfw (39f48a0784be8465cd1ac80b36d61613) C:\windows\system32\DRIVERS\epfw.sys
    23:08:08.0594 11096 epfw - ok
    23:08:08.0625 11096 Epfwndis (3b47010b2425b69826004767e59045ba) C:\windows\system32\DRIVERS\Epfwndis.sys
    23:08:08.0626 11096 Epfwndis - ok
    23:08:08.0651 11096 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\windows\system32\DRIVERS\epfwwfp.sys
    23:08:08.0652 11096 epfwwfp - ok
    23:08:08.0708 11096 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
    23:08:08.0709 11096 ErrDev - ok
    23:08:08.0768 11096 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    23:08:08.0777 11096 exfat - ok
    23:08:08.0840 11096 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    23:08:08.0845 11096 fastfat - ok
    23:08:08.0964 11096 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    23:08:08.0967 11096 fdc - ok
    23:08:09.0047 11096 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    23:08:09.0050 11096 FileInfo - ok
    23:08:09.0154 11096 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    23:08:09.0156 11096 Filetrace - ok
    23:08:09.0197 11096 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    23:08:09.0199 11096 flpydisk - ok
    23:08:09.0230 11096 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    23:08:09.0234 11096 FltMgr - ok
    23:08:09.0265 11096 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    23:08:09.0267 11096 FsDepends - ok
    23:08:09.0309 11096 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
    23:08:09.0312 11096 fssfltr - ok
    23:08:09.0362 11096 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    23:08:09.0363 11096 Fs_Rec - ok
    23:08:09.0439 11096 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
    23:08:09.0442 11096 fvevol - ok
    23:08:09.0528 11096 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    23:08:09.0531 11096 gagp30kx - ok
    23:08:09.0650 11096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    23:08:09.0660 11096 GEARAspiWDM - ok
    23:08:09.0741 11096 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    23:08:09.0743 11096 hcw85cir - ok
    23:08:09.0803 11096 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
    23:08:09.0806 11096 HdAudAddService - ok
    23:08:09.0911 11096 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
    23:08:09.0912 11096 HDAudBus - ok
    23:08:09.0944 11096 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    23:08:09.0946 11096 HidBatt - ok
    23:08:09.0964 11096 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    23:08:09.0965 11096 HidBth - ok
    23:08:09.0980 11096 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    23:08:09.0983 11096 HidIr - ok
    23:08:10.0055 11096 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
    23:08:10.0055 11096 HidUsb - ok
    23:08:10.0114 11096 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
    23:08:10.0115 11096 HpSAMD - ok
    23:08:10.0224 11096 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
    23:08:10.0230 11096 HTTP - ok
    23:08:10.0310 11096 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
    23:08:10.0311 11096 hwpolicy - ok
    23:08:10.0380 11096 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
    23:08:10.0382 11096 i8042prt - ok
    23:08:10.0431 11096 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    23:08:10.0434 11096 iaStor - ok
    23:08:10.0537 11096 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
    23:08:10.0543 11096 iaStorV - ok
    23:08:10.0755 11096 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
    23:08:10.0885 11096 igfx - ok
    23:08:10.0993 11096 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    23:08:10.0996 11096 iirsp - ok
    23:08:11.0143 11096 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
    23:08:11.0207 11096 IntcAzAudAddService - ok
    23:08:11.0399 11096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
    23:08:11.0400 11096 intelide - ok
    23:08:11.0462 11096 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    23:08:11.0463 11096 intelppm - ok
    23:08:11.0497 11096 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    23:08:11.0499 11096 IpFilterDriver - ok
    23:08:11.0576 11096 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
    23:08:11.0577 11096 IPMIDRV - ok
    23:08:11.0611 11096 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    23:08:11.0613 11096 IPNAT - ok
    23:08:11.0724 11096 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    23:08:11.0727 11096 IRENUM - ok
    23:08:11.0798 11096 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
    23:08:11.0800 11096 isapnp - ok
    23:08:11.0826 11096 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
    23:08:11.0827 11096 iScsiPrt - ok
    23:08:11.0939 11096 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
    23:08:11.0942 11096 kbdclass - ok
    23:08:12.0014 11096 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
    23:08:12.0034 11096 kbdhid - ok
    23:08:12.0100 11096 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
    23:08:12.0103 11096 KSecDD - ok
    23:08:12.0139 11096 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
    23:08:12.0143 11096 KSecPkg - ok
    23:08:12.0245 11096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    23:08:12.0278 11096 lltdio - ok
    23:08:12.0317 11096 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    23:08:12.0320 11096 LSI_FC - ok
    23:08:12.0343 11096 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    23:08:12.0345 11096 LSI_SAS - ok
    23:08:12.0362 11096 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    23:08:12.0364 11096 LSI_SAS2 - ok
    23:08:12.0384 11096 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    23:08:12.0386 11096 LSI_SCSI - ok
    23:08:12.0420 11096 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    23:08:12.0423 11096 luafv - ok
    23:08:12.0541 11096 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
    23:08:12.0542 11096 MBAMProtector - ok
    23:08:12.0659 11096 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    23:08:12.0715 11096 megasas - ok
    23:08:12.0749 11096 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    23:08:12.0754 11096 MegaSR - ok
    23:08:12.0777 11096 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    23:08:12.0779 11096 Modem - ok
    23:08:12.0814 11096 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    23:08:12.0815 11096 monitor - ok
    23:08:12.0878 11096 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    23:08:12.0879 11096 mouclass - ok
    23:08:12.0919 11096 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    23:08:12.0921 11096 mouhid - ok
    23:08:12.0977 11096 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
    23:08:13.0009 11096 mountmgr - ok
    23:08:13.0065 11096 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
    23:08:13.0066 11096 mpio - ok
    23:08:13.0097 11096 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    23:08:13.0099 11096 mpsdrv - ok
    23:08:13.0143 11096 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
    23:08:13.0145 11096 MRxDAV - ok
    23:08:13.0210 11096 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
    23:08:13.0212 11096 mrxsmb - ok
    23:08:13.0274 11096 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
    23:08:13.0277 11096 mrxsmb10 - ok
    23:08:13.0304 11096 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
    23:08:13.0305 11096 mrxsmb20 - ok
    23:08:13.0350 11096 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
    23:08:13.0351 11096 msahci - ok
    23:08:13.0397 11096 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
    23:08:13.0398 11096 msdsm - ok
    23:08:13.0572 11096 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    23:08:13.0573 11096 Msfs - ok
    23:08:13.0736 11096 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    23:08:13.0737 11096 mshidkmdf - ok
    23:08:13.0824 11096 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
    23:08:13.0826 11096 msisadrv - ok
    23:08:13.0897 11096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    23:08:13.0898 11096 MSKSSRV - ok
    23:08:13.0919 11096 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    23:08:13.0920 11096 MSPCLOCK - ok
    23:08:13.0944 11096 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    23:08:13.0945 11096 MSPQM - ok
    23:08:13.0969 11096 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    23:08:13.0977 11096 MsRPC - ok
    23:08:14.0025 11096 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
    23:08:14.0027 11096 mssmbios - ok
    23:08:14.0074 11096 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    23:08:14.0075 11096 MSTEE - ok
    23:08:14.0087 11096 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    23:08:14.0120 11096 MTConfig - ok
    23:08:14.0152 11096 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    23:08:14.0154 11096 Mup - ok
    23:08:14.0204 11096 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    23:08:14.0208 11096 NativeWifiP - ok
    23:08:14.0285 11096 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
    23:08:14.0289 11096 NDIS - ok
    23:08:14.0327 11096 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    23:08:14.0330 11096 NdisCap - ok
    23:08:14.0355 11096 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    23:08:14.0357 11096 NdisTapi - ok
    23:08:14.0427 11096 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
    23:08:14.0428 11096 Ndisuio - ok
    23:08:14.0501 11096 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
    23:08:14.0502 11096 NdisWan - ok
    23:08:14.0551 11096 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
    23:08:14.0552 11096 NDProxy - ok
    23:08:14.0586 11096 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    23:08:14.0588 11096 NetBIOS - ok
    23:08:14.0636 11096 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
    23:08:14.0638 11096 NetBT - ok
    23:08:14.0679 11096 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    23:08:14.0681 11096 nfrd960 - ok
    23:08:14.0711 11096 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    23:08:14.0712 11096 Npfs - ok
    23:08:14.0736 11096 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    23:08:14.0754 11096 nsiproxy - ok
    23:08:14.0833 11096 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
    23:08:14.0868 11096 Ntfs - ok
    23:08:14.0900 11096 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    23:08:14.0901 11096 Null - ok
    23:08:14.0961 11096 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
    23:08:14.0963 11096 nvraid - ok
    23:08:15.0023 11096 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
    23:08:15.0026 11096 nvstor - ok
    23:08:15.0070 11096 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
    23:08:15.0073 11096 nv_agp - ok
    23:08:15.0139 11096 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
    23:08:15.0140 11096 ohci1394 - ok
    23:08:15.0191 11096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    23:08:15.0193 11096 Parport - ok
    23:08:15.0238 11096 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
    23:08:15.0239 11096 partmgr - ok
    23:08:15.0263 11096 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    23:08:15.0264 11096 Parvdm - ok
    23:08:15.0318 11096 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
    23:08:15.0320 11096 pci - ok
    23:08:15.0378 11096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
    23:08:15.0383 11096 pciide - ok
    23:08:15.0464 11096 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    23:08:15.0468 11096 pcmcia - ok
    23:08:15.0513 11096 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    23:08:15.0516 11096 pcw - ok
    23:08:15.0562 11096 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    23:08:15.0585 11096 PEAUTH - ok
    23:08:15.0671 11096 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    23:08:15.0673 11096 PptpMiniport - ok
    23:08:15.0688 11096 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    23:08:15.0690 11096 Processor - ok
    23:08:15.0749 11096 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    23:08:15.0751 11096 Psched - ok
    23:08:15.0817 11096 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    23:08:15.0878 11096 ql2300 - ok
    23:08:16.0048 11096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    23:08:16.0049 11096 ql40xx - ok
    23:08:16.0131 11096 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    23:08:16.0133 11096 QWAVEdrv - ok
    23:08:16.0178 11096 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    23:08:16.0179 11096 RasAcd - ok
    23:08:16.0261 11096 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    23:08:16.0263 11096 RasAgileVpn - ok
    23:08:16.0301 11096 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    23:08:16.0303 11096 Rasl2tp - ok
    23:08:16.0399 11096 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    23:08:16.0402 11096 RasPppoe - ok
    23:08:16.0427 11096 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    23:08:16.0429 11096 RasSstp - ok
    23:08:16.0491 11096 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
    23:08:16.0495 11096 rdbss - ok
    23:08:16.0541 11096 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    23:08:16.0543 11096 rdpbus - ok
    23:08:16.0620 11096 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
    23:08:16.0648 11096 RDPCDD - ok
    23:08:16.0747 11096 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    23:08:16.0748 11096 RDPENCDD - ok
    23:08:16.0779 11096 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    23:08:16.0780 11096 RDPREFMP - ok
    23:08:16.0842 11096 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
    23:08:16.0846 11096 RDPWD - ok
    23:08:16.0961 11096 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
    23:08:16.0965 11096 rdyboost - ok
    23:08:17.0068 11096 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    23:08:17.0071 11096 RFCOMM - ok
    23:08:17.0156 11096 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    23:08:17.0159 11096 rspndr - ok
    23:08:17.0193 11096 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
    23:08:17.0196 11096 RTL8167 - ok
    23:08:17.0328 11096 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
    23:08:17.0329 11096 SABI - ok
    23:08:17.0542 11096 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
    23:08:17.0543 11096 sbp2port - ok
    23:08:17.0728 11096 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
    23:08:17.0729 11096 scfilter - ok
    23:08:17.0921 11096 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
    23:08:17.0927 11096 SDHookDriver - ok
    23:08:18.0075 11096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    23:08:18.0077 11096 secdrv - ok
    23:08:18.0160 11096 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    23:08:18.0178 11096 Serenum - ok
    23:08:18.0294 11096 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    23:08:18.0300 11096 Serial - ok
    23:08:18.0487 11096 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    23:08:18.0488 11096 sermouse - ok
    23:08:18.0600 11096 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
    23:08:18.0601 11096 sffdisk - ok
    23:08:18.0617 11096 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
    23:08:18.0618 11096 sffp_mmc - ok
    23:08:18.0648 11096 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
    23:08:18.0649 11096 sffp_sd - ok
    23:08:18.0679 11096 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    23:08:18.0680 11096 sfloppy - ok
    23:08:18.0775 11096 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
    23:08:18.0778 11096 sisagp - ok
    23:08:18.0828 11096 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    23:08:18.0830 11096 SiSRaid2 - ok
    23:08:18.0871 11096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    23:08:18.0872 11096 SiSRaid4 - ok
    23:08:18.0944 11096 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    23:08:18.0946 11096 Smb - ok
    23:08:19.0054 11096 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    23:08:19.0055 11096 spldr - ok
    23:08:19.0131 11096 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
    23:08:19.0135 11096 srv - ok
    23:08:19.0171 11096 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
    23:08:19.0176 11096 srv2 - ok
    23:08:19.0194 11096 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
    23:08:19.0195 11096 srvnet - ok
    23:08:19.0240 11096 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    23:08:19.0241 11096 stexstor - ok
    23:08:19.0289 11096 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
    23:08:19.0290 11096 swenum - ok
    23:08:19.0369 11096 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
    23:08:19.0411 11096 SynTP - ok
    23:08:19.0508 11096 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
    23:08:19.0572 11096 Tcpip - ok
    23:08:19.0627 11096 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
    23:08:19.0636 11096 TCPIP6 - ok
    23:08:19.0703 11096 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
    23:08:19.0704 11096 tcpipreg - ok
    23:08:19.0755 11096 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
    23:08:19.0756 11096 TDPIPE - ok
    23:08:19.0806 11096 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
    23:08:19.0807 11096 TDTCP - ok
    23:08:19.0861 11096 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
    23:08:19.0862 11096 tdx - ok
    23:08:19.0925 11096 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
    23:08:19.0926 11096 TermDD - ok
    23:08:20.0092 11096 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
    23:08:20.0093 11096 tssecsrv - ok
    23:08:20.0197 11096 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
    23:08:20.0198 11096 TsUsbFlt - ok
    23:08:20.0282 11096 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
    23:08:20.0284 11096 tunnel - ok
    23:08:20.0313 11096 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    23:08:20.0315 11096 uagp35 - ok
    23:08:20.0369 11096 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
    23:08:20.0374 11096 udfs - ok
    23:08:20.0449 11096 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
    23:08:20.0452 11096 uliagpkx - ok
    23:08:20.0720 11096 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
    23:08:20.0722 11096 umbus - ok
    23:08:20.0776 11096 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    23:08:20.0778 11096 UmPass - ok
    23:08:20.0868 11096 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
    23:08:20.0870 11096 USBAAPL - ok
    23:08:20.0940 11096 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
    23:08:20.0944 11096 usbccgp - ok
    23:08:21.0062 11096 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
    23:08:21.0065 11096 usbcir - ok
    23:08:21.0226 11096 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
    23:08:21.0227 11096 usbehci - ok
    23:08:21.0385 11096 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
    23:08:21.0418 11096 usbhub - ok
    23:08:21.0481 11096 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    23:08:21.0499 11096 usbohci - ok
    23:08:21.0515 11096 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    23:08:21.0516 11096 usbprint - ok
    23:08:21.0622 11096 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
    23:08:21.0625 11096 usbscan - ok
    23:08:21.0698 11096 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
    23:08:21.0700 11096 USBSTOR - ok
    23:08:21.0745 11096 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
    23:08:21.0746 11096 usbuhci - ok
    23:08:21.0854 11096 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
    23:08:21.0855 11096 usbvideo - ok
    23:08:21.0935 11096 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
    23:08:21.0936 11096 vdrvroot - ok
    23:08:21.0981 11096 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    23:08:21.0982 11096 vga - ok
    23:08:22.0013 11096 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    23:08:22.0015 11096 VgaSave - ok
    23:08:22.0086 11096 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
    23:08:22.0091 11096 vhdmp - ok
    23:08:22.0147 11096 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
    23:08:22.0192 11096 viaagp - ok
    23:08:22.0275 11096 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    23:08:22.0277 11096 ViaC7 - ok
    23:08:22.0324 11096 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
    23:08:22.0326 11096 viaide - ok
    23:08:22.0375 11096 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
    23:08:22.0377 11096 volmgr - ok
    23:08:22.0400 11096 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    23:08:22.0406 11096 volmgrx - ok
    23:08:22.0479 11096 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
    23:08:22.0483 11096 volsnap - ok
    23:08:22.0729 11096 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    23:08:22.0732 11096 vsmraid - ok
    23:08:22.0752 11096 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    23:08:22.0771 11096 vwifibus - ok
    23:08:22.0822 11096 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    23:08:22.0824 11096 vwififlt - ok
    23:08:22.0864 11096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    23:08:22.0866 11096 WacomPen - ok
    23:08:22.0959 11096 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    23:08:22.0960 11096 WANARP - ok
    23:08:22.0991 11096 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    23:08:22.0992 11096 Wanarpv6 - ok
    23:08:23.0122 11096 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    23:08:23.0123 11096 Wd - ok
    23:08:23.0158 11096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    23:08:23.0166 11096 Wdf01000 - ok
    23:08:23.0288 11096 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    23:08:23.0289 11096 WfpLwf - ok
    23:08:23.0307 11096 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    23:08:23.0308 11096 WIMMount - ok
    23:08:23.0592 11096 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
    23:08:23.0594 11096 WINUSB - ok
    23:08:23.0776 11096 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
    23:08:23.0777 11096 WmiAcpi - ok
    23:08:23.0892 11096 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    23:08:23.0893 11096 ws2ifsl - ok
    23:08:23.0957 11096 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
    23:08:23.0958 11096 WudfPf - ok
    23:08:24.0078 11096 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
    23:08:24.0079 11096 WUDFRd - ok
    23:08:24.0184 11096 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
    23:08:24.0191 11096 yukonw7 - ok
    23:08:24.0280 11096 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
    23:08:24.0596 11096 \Device\Harddisk0\DR0 - ok
    23:08:24.0602 11096 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    23:08:24.0642 11096 \Device\Harddisk1\DR1 - ok
    23:08:24.0647 11096 Boot (0x1200) (35ad429c41eabd3cb5aa0c137174f74e) \Device\Harddisk0\DR0\Partition0
    23:08:24.0649 11096 \Device\Harddisk0\DR0\Partition0 - ok
    23:08:24.0678 11096 Boot (0x1200) (8ef57f636c3472629962a8279554bffc) \Device\Harddisk0\DR0\Partition1
    23:08:24.0680 11096 \Device\Harddisk0\DR0\Partition1 - ok
    23:08:24.0710 11096 Boot (0x1200) (18763aeac0ee39fec1defec9b7171ab2) \Device\Harddisk0\DR0\Partition2
    23:08:24.0721 11096 \Device\Harddisk0\DR0\Partition2 - ok
    23:08:24.0730 11096 Boot (0x1200) (c17c16547be32acadda8a1f42eeb1198) \Device\Harddisk1\DR1\Partition0
    23:08:24.0731 11096 \Device\Harddisk1\DR1\Partition0 - ok
    23:08:24.0732 11096 ============================================================
    23:08:24.0732 11096 Scan finished
    23:08:24.0732 11096 ============================================================
    23:08:24.0749 11700 Detected object count: 0
    23:08:24.0749 11700 Actual detected object count: 0
    23:09:48.0844 10880 Deinitialize success


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-04 23:06:58
    -----------------------------
    23:06:58.047 OS Version: Windows 6.1.7601 Service Pack 1
    23:06:58.047 Number of processors: 2 586 0x170A
    23:06:58.115 ComputerName: ADMIN-PC UserName: admin
    23:07:03.017 Initialize success
    23:07:07.616 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:07:07.618 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
    23:07:07.672 Disk 0 MBR read successfully
    23:07:07.674 Disk 0 MBR scan
    23:07:07.676 Disk 0 unknown MBR code
    23:07:07.680 Disk 0 scanning sectors +976771072
    23:07:07.783 Disk 0 scanning C:\windows\system32\drivers
    23:07:21.760 Service scanning
    23:07:22.973 Modules scanning
    23:07:30.906 Disk 0 trace - called modules:
    23:07:30.948 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    23:07:30.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dac030]
    23:07:30.956 3 CLASSPNP.SYS[8c38b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f5f028]
    23:07:30.961 Scan finished successfully
    23:07:47.746 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
    23:07:47.753 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
  4. 2011-12-04, 23:18 #34
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    here is the MBR Check logs for the XP box, MBR check found something see below:


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000ffc

    Kernel Drivers (total 126):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xF7B10000 \WINDOWS\system32\KDCOM.DLL
    0xF7A20000 \WINDOWS\system32\BOOTVID.dll
    0xF74E0000 ACPI.sys
    0xF7B12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF74CF000 pci.sys
    0xF7610000 isapnp.sys
    0xF7620000 ohci1394.sys
    0xF7630000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7BD8000 pciide.sys
    0xF7890000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7B14000 viaide.sys
    0xF7B16000 intelide.sys
    0xF7640000 MountMgr.sys
    0xF74B0000 ftdisk.sys
    0xF7B18000 dmload.sys
    0xF748A000 dmio.sys
    0xF7898000 PartMgr.sys
    0xF7650000 VolSnap.sys
    0xF73CA000 iastor.sys
    0xF73B2000 atapi.sys
    0xF736F000 ftsata2.sys
    0xF7357000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF7660000 disk.sys
    0xF7670000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7337000 fltmgr.sys
    0xF7325000 sr.sys
    0xF7680000 bb-run.sys
    0xF7690000 PxHelp20.sys
    0xF730E000 KSecDD.sys
    0xF7281000 Ntfs.sys
    0xF7254000 NDIS.sys
    0xF723A000 Mup.sys
    0xF7830000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7940000 \SystemRoot\system32\DRIVERS\ELacpi.sys
    0xF6E0B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF6DF7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6DCF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF7948000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6DAB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7950000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7840000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6D83000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xF6D6F000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7850000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7958000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B3A000 \??\C:\WINDOWS\System32\Drivers\Elmou.sys
    0xF7960000 \SystemRoot\system32\DRIVERS\PS2.sys
    0xF7968000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7B3C000 \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
    0xF7860000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7870000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7880000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF6D4C000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF76C0000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0xF7D45000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF76D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7B04000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6D35000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF76E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF76F0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7970000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6C84000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7700000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7978000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7980000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6C25000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF7710000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B3E000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6BC7000 \SystemRoot\system32\DRIVERS\update.sys
    0xF720A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7730000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF4189000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xF4165000 \SystemRoot\system32\drivers\portcls.sys
    0xF7740000 \SystemRoot\system32\drivers\drmk.sys
    0xF7750000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7B46000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7B48000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D2B000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B4A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF40F5000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0xF79A8000 \SystemRoot\System32\drivers\vga.sys
    0xF7B4C000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B4E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF79B0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF79B8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF6BBF000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF40C2000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF4069000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF4056000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
    0xF4030000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF4008000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7760000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF3FE6000 \SystemRoot\System32\drivers\afd.sys
    0xF7770000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF3FBB000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF7780000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF3F4B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7790000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7B50000 \??\C:\WINDOWS\System32\Drivers\Elmon.sys
    0xF6BA7000 \??\C:\WINDOWS\System32\Drivers\Elhid.sys
    0xF79C8000 \??\C:\WINDOWS\System32\Drivers\HIDPARSE.SYS
    0xF79D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF3E87000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF3E6F000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7BAA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF411D000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF78E0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7C9C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBF45B000 \SystemRoot\System32\ATMFD.DLL
    0xBA4BD000 \SystemRoot\system32\DRIVERS\eamon.sys
    0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
    0xBA46D000 \SystemRoot\system32\DRIVERS\epfw.sys
    0xBA5F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB9FF8000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBA43D000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7810000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB968D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB9534000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB94B4000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA44D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0x7C910000 \WINDOWS\system32\ntdll.dll

    Processes (total 43):
    0 System Idle Process
    4 System
    952 C:\WINDOWS\system32\smss.exe
    1024 csrss.exe
    1052 C:\WINDOWS\system32\winlogon.exe
    1096 C:\WINDOWS\system32\services.exe
    1108 C:\WINDOWS\system32\lsass.exe
    1296 C:\WINDOWS\system32\svchost.exe
    1424 svchost.exe
    1548 C:\WINDOWS\system32\svchost.exe
    1624 svchost.exe
    1784 svchost.exe
    2024 C:\WINDOWS\system32\spoolsv.exe
    284 C:\WINDOWS\explorer.exe
    388 C:\WINDOWS\ehome\ehtray.exe
    472 C:\WINDOWS\RTHDCPL.EXE
    480 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    524 C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    556 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    564 C:\Program Files\ESET\ESET Smart Security\egui.exe
    572 C:\WINDOWS\system32\rundll32.exe
    568 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    584 C:\Program Files\Messenger\msmsgs.exe
    596 C:\WINDOWS\system32\ctfmon.exe
    752 svchost.exe
    800 C:\WINDOWS\ehome\ehrecvr.exe
    816 C:\WINDOWS\ehome\ehSched.exe
    828 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    1008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    1176 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    1600 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1680 C:\WINDOWS\system32\nvsvc32.exe
    1884 svchost.exe
    2160 C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
    2368 C:\WINDOWS\system32\wuauclt.exe
    2404 mcrdsvc.exe
    3380 C:\WINDOWS\system32\dllhost.exe
    3748 alg.exe
    4040 C:\WINDOWS\ehome\ehmsas.exe
    2736 C:\Program Files\Mozilla Firefox\firefox.exe
    3756 C:\hp\KBD\kbd.exe
    2916 C:\WINDOWS\system\hpsysdrv.exe
    896 C:\Documents and Settings\HP_Administrateur\Bureau\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive2 at offset 0x00000044`28098a00 (FAT32)
    \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000038`82bc8800 (FAT32)

    PhysicalDrive2 Model Number: Maxtor6L300R0, Rev: BAJ41G20
    PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
    PhysicalDrive1 Model Number: SAMSUNGHD204UI, Rev: 1AQ10001

    Size Device Name MBR Status
    --------------------------------------------
    279 GB \\.\PhysicalDrive2 Unknown MBR code
    SHA1: 1CA67A0BFF17E11956F16C348FF70DEC63296236
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 1CA67A0BFF17E11956F16C348FF70DEC63296236
    1863 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  5. 2011-12-05, 03:39 #35
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    The unknown code most likely is because commercially purchased machines can use custom MBR code, like HP, Gateway, Acer etc
    Lets see if Gmer can dig up anything:

    Download the gmer utility and save to your desktop.

    Extract the contents of the zipped file to your desktop

    Double click GMER.exe to start.

    If it gives you a warning about rootkit activity and asks if you want to run a scan...select--> NO

    In the right panel, you will see several boxes that, by default, have already been checked. Please uncheck the following ...

    * IAT/EAT

    * Drives/Partition other than Systemdrive (typically C:\)

    * Show All <--don't miss this one

    click the Scan button & wait for it to finish.

    When the scan is complete, click Save and save the log to your desktop. Post the log in your reply.

    I wont be back on line for 16 hrs or so.......
    How Can I Reduce My Risk?
  6. 2011-12-05, 22:34 #36
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life

    here is the log from the XP box:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-05 22:31:17
    Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-c Maxtor_6L300R0 rev.BAJ41G20
    Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fgpirfoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF411E4B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xF411E7F0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF411EAB0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF411E5D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xF411E8B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF411E350]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF411E410]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF411E570]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF411E630]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF411E530]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF411E4F0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF411E670]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xF411E870]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF411E3B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF411E430]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xF411E830]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF411E370]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF411E470]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF411E5F0]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CC8 80504564 4 Bytes [B0, EA, 11, F4] {MOV AL, 0xea; ADC ESP, ESI}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes CALL E3653A1A
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FA4 80504840 4 Bytes CALL BE693C56
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B0, E3, 11, F4, 30, E4, 11, ...] {MOV AL, 0xe3; ADC ESP, ESI; XOR AH, AH; ADC ESP, ESI; XOR AL, CH; ADC ESP, ESI}
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6E0B380, 0x24192E, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 01263690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Elkbd.sys (Intel Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  7. 2011-12-05, 22:38 #37
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    I also did a scan on the XP box with mbr.exe -t from gmer.net see bellow:


    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Maxtor_6L300R0 rev.BAJ41G20 -> Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-c

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk2\DR2[0x8676DAB8]
    3 CLASSPNP[0xF7670FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000067[0x867C5A38]
    5 ACPI[0xF74E6620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T1L0-c[0x85E24D98]
    kernel: MBR read successfully
    user & kernel MBR OK
  8. 2011-12-05, 23:09 #38
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    I also did a scan with this tool;

    http://www.usec.at/radix.html

    I have attached the log.
  9. 2011-12-06, 02:40 #39
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    The recent logs all look ok, I will go back for another look at the earlier ones you posted.
    How Can I Reduce My Risk?
  10. 2011-12-06, 16:15 #40
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    Do you think I can use the features of the samsung recovery utility to recover the W7 box, or will it recover the virus/rootkit with it ?

    I will do a gmer scan on the W7 box tonight and post the log, yesterday I did one, but it took ages to complete & I had to cancel it, however I saw a lot of JMP instructions on different exe. and it does not look very good.

    Bye
    philippe
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules