Page 5 of 8 FirstFirst 12345678 LastLast
Results 41 to 50 of 76

Thread: Java/Agent.DW removal help needed

  1. 2011-12-06, 22:40 #41
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    here is the start of the Gmer log of the W7 box, it's still running so I will let it run during the night & post the log when done.


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-06 22:25:52
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
    Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\aglorpod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwSaveKey + 13CD 830729C9 1 Byte [06]
    .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830924E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C04000, 0x2DEB7A, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A70F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AD0F5A
    .text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 760CF4FB 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:4204] A4D0EF2E

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-12-06 18:13:09
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2011-12-05 20:33:03
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2011-12-03 08:08:24
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 294
  2. 2011-12-07, 02:36 #42
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Dont see anything that looks out of the ordinary in the log. No harm in running aswMBR and Tdskiller on the W7 machine.
    As far as the Samsung utility goes, unless it writes a new MBR then it wont do much good as far as a MBR rootkit goes.

    You can run farbar's utility on the XP machine and on the W7 after doing the above:

    Please download Minitoolbox and save it to your desktop.
    With Internet Explorer and Fire Fox closed:

    * Double click on MiniToolBox.exe to run it.
    Please check the following options:
    Flush DNS
    Reset IE Proxy Settings
    Reset FF Proxy Settings
    * Click the GO button. A log will open.
    * Please post the contents of this log. It can also be found on the desktop as Result.txt.
    How Can I Reduce My Risk?
  3. 2011-12-07, 21:20 #43
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    here is the log for the XP box:


    MiniToolBox by Farbar
    Ran by HP_Administrateur (administrator) on 07-12-2011 at 21:14:33
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************

    ========================= Flush DNS: ===================================


    Configuration IP de Windows



    Cache de résolution DNS vidé.


    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    "Reset FF Proxy Settings": Firefox Proxy settings were reset.


    **** End of log ****
  4. 2011-12-07, 21:49 #44
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    extremely strange event:

    on boot I loaded something that looks like the bios (but it was not the bio maybe an HP variation) by pressing the esc key,

    in the menu it asked me the disk to boot from, and I selected the main Western Digital disk where the fresh OS has been installed doing a format (during the install procedure).

    but instead of having the fresh OS it loded the old system (that was supposed to have been formatted). I tested some applications like FTP and it's working...

    the even more strange thing is that ESET smart security is now showing smart security 5 when it used to be 4 on the formatted OS..... ???? (and the small icon at the bottom show 4)... In fact I did install the V5 but on the new fresh OS.

    as it's very strange I tought this can be interesing.

    bye
    philippe
  5. 2011-12-07, 22:45 #45
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    here is the full gmer log of the W7 box:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-07 22:42:03
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
    Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\aglorpod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwSaveKey + 13CD 830729C9 1 Byte [06]
    .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830924E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C04000, 0x2DEB7A, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A70F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AD0F5A
    .text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 760CF4FB 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
    .text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:4204] A4D0EF2E

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-12-06 18:13:09
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2011-12-05 20:33:03
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2011-12-03 08:08:24
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 294

    ---- Files - GMER 1.0.15 ----

    File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5HS1S25\integrity-local[1].txt 40 bytes
    File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XDRV2TUD\integrity-local[1].txt 40 bytes

    ---- EOF - GMER 1.0.15 ----
  6. 2011-12-07, 22:48 #46
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    MiniToolBox log for the W7 box


    MiniToolBox by Farbar
    Ran by admin (administrator) on 07-12-2011 at 22:46:56
    Windows 7 Home Premium Service Pack 1 (X86)

    ***************************************************************************

    ========================= Flush DNS: ===================================

    Configuration IP de Windows

    Cache de r‚solution DNS vid‚.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    "Reset FF Proxy Settings": Firefox Proxy settings were reset.


    **** End of log ****
  7. 2011-12-08, 02:45 #47
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    in the menu it asked me the disk to boot from, and I selected the main Western Digital disk
    Looks like you have 3 hard drives, and several partitions. One must have the new install you did, another a older install? Does that make sense? I would visit the HP web site and check your make and model to confirm what you have and how they function, one may be a drive that functions as a backup.

    PhysicalDrive2 Model Number: Maxtor6L300R0, Rev: BAJ41G20
    PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
    PhysicalDrive1 Model Number: SAMSUNGHD204UI, Rev: 1AQ10001
    How Can I Reduce My Risk?
  8. 2011-12-08, 23:10 #48
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,


    >Looks like you have 3 hard drives, and several partitions. One must have the >new install you did, another a older install? Does that make sense? I would >visit the HP web site and check your make and model to confirm what you >have and how they function, one may be a drive that functions as a backup.

    I have 3 disks indeed, and a couple of partitions 2 restore partitions created by HP recovery, 1 main on the C, and the 2 other disk have only 1 partitions each.


    I opened up the PC it's a Asus motherboard:P5LP-LE (Leonite)

    http://h10025.www1.hp.com/ewfrf/wc/d...c00864946#N142

    hp pavillon


    I will check how it is supposed to operarte.

    however I did disconnect the 2 additional disk, and when I try to boot on the C, the boot sequence start correctly I have the XP black screen then the blue logon, and it freez there, I can not go anywhere.... very strange, as if part of the fresh install has span on some of the other disks...??

    I will do some more tests tomorrow.

    bye
    philippe
  9. 2011-12-09, 23:20 #49
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    hi shelf life,

    here are the logs for the W7 box:

    nothing that looks suspicious to me, any other scanning tools I could use ?

    because I dont' like to much to see firefox doing the activity MalwareByte did block, firefox should not be using such non standard ports to communicate with the outside ???

    22:59:42 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54278, Process: firefox.exe)
    23:00:39 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54504, Process: firefox.exe)
    23:01:03 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54613, Process: firefox.exe)


    protection-log-2011-12-04
    10:12:16 admin MESSAGE Protection started successfully
    10:12:20 admin MESSAGE IP Protection started successfully
    21:44:05 admin IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 51936, Process: firefox.exe)
    21:44:05 admin IP-BLOCK 89.149.227.56 (Type: outgoing, Port: 51992, Process: firefox.exe)
    21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52010, Process: firefox.exe)
    21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52011, Process: firefox.exe)


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-08 21:23:06
    -----------------------------
    21:23:06.569 OS Version: Windows 6.1.7601 Service Pack 1
    21:23:06.569 Number of processors: 2 586 0x170A
    21:23:06.569 ComputerName: ADMIN-PC UserName: admin
    21:23:28.690 Initialize success
    21:23:34.540 AVAST engine defs: 11120701
    21:27:17.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:27:17.873 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
    21:27:17.904 Disk 0 MBR read successfully
    21:27:17.904 Disk 0 MBR scan
    21:27:17.904 Disk 0 unknown MBR code
    21:27:17.904 Disk 0 scanning sectors +976771072
    21:27:18.013 Disk 0 scanning C:\windows\system32\drivers
    21:27:41.007 Service scanning
    21:27:42.552 Modules scanning
    21:27:52.505 Disk 0 trace - called modules:
    21:27:52.520 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    21:27:52.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dac030]
    21:27:52.536 3 CLASSPNP.SYS[8c38759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f5e028]
    21:27:54.127 AVAST engine scan C:\
    15:42:06.632 Scan finished successfully
    18:41:46.532 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
    18:41:46.532 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR-log-9-12-2012.txt"





    18:42:33.0027 15108 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    18:42:33.0058 15108 ============================================================
    18:42:33.0058 15108 Current date / time: 2011/12/09 18:42:33.0058
    18:42:33.0058 15108 SystemInfo:
    18:42:33.0058 15108
    18:42:33.0058 15108 OS Version: 6.1.7601 ServicePack: 1.0
    18:42:33.0058 15108 Product type: Workstation
    18:42:33.0058 15108 ComputerName: ADMIN-PC
    18:42:33.0058 15108 UserName: admin
    18:42:33.0058 15108 Windows directory: C:\windows
    18:42:33.0058 15108 System windows directory: C:\windows
    18:42:33.0058 15108 Processor architecture: Intel x86
    18:42:33.0058 15108 Number of processors: 2
    18:42:33.0058 15108 Page size: 0x1000
    18:42:33.0058 15108 Boot type: Normal boot
    18:42:33.0058 15108 ============================================================
    18:42:34.0446 15108 Initialize success
    18:43:07.0627 15632 ============================================================
    18:43:07.0627 15632 Scan started
    18:43:07.0627 15632 Mode: Manual; SigCheck; TDLFS;
    18:43:07.0627 15632 ============================================================
    18:43:08.0860 15632 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
    18:43:09.0016 15632 1394ohci - ok
    18:43:09.0125 15632 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
    18:43:09.0156 15632 ACPI - ok
    18:43:09.0219 15632 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
    18:43:09.0297 15632 AcpiPmi - ok
    18:43:09.0406 15632 AdfuUd (9ed5d777a31ee654b0899cd1d2e778ba) C:\windows\system32\Drivers\AdfuUd.sys
    18:43:09.0468 15632 AdfuUd - ok
    18:43:09.0546 15632 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    18:43:09.0562 15632 adp94xx - ok
    18:43:09.0609 15632 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    18:43:09.0624 15632 adpahci - ok
    18:43:09.0640 15632 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    18:43:09.0655 15632 adpu320 - ok
    18:43:09.0796 15632 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
    18:43:09.0874 15632 AFD - ok
    18:43:10.0014 15632 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
    18:43:10.0092 15632 AgereSoftModem - ok
    18:43:10.0186 15632 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
    18:43:10.0201 15632 agp440 - ok
    18:43:10.0264 15632 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    18:43:10.0279 15632 aic78xx - ok
    18:43:10.0404 15632 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
    18:43:10.0420 15632 aliide - ok
    18:43:10.0498 15632 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
    18:43:10.0513 15632 amdagp - ok
    18:43:10.0591 15632 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
    18:43:10.0607 15632 amdide - ok
    18:43:10.0701 15632 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    18:43:10.0747 15632 AmdK8 - ok
    18:43:10.0857 15632 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    18:43:10.0888 15632 AmdPPM - ok
    18:43:10.0997 15632 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
    18:43:11.0013 15632 amdsata - ok
    18:43:11.0059 15632 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    18:43:11.0075 15632 amdsbs - ok
    18:43:11.0122 15632 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
    18:43:11.0137 15632 amdxata - ok
    18:43:11.0247 15632 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
    18:43:11.0356 15632 AppID - ok
    18:43:11.0481 15632 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    18:43:11.0496 15632 arc - ok
    18:43:11.0543 15632 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    18:43:11.0559 15632 arcsas - ok
    18:43:11.0605 15632 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    18:43:11.0715 15632 AsyncMac - ok
    18:43:11.0793 15632 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
    18:43:11.0808 15632 atapi - ok
    18:43:11.0902 15632 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
    18:43:11.0949 15632 athr - ok
    18:43:12.0167 15632 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
    18:43:12.0276 15632 atikmdag - ok
    18:43:12.0417 15632 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    18:43:12.0463 15632 b06bdrv - ok
    18:43:12.0541 15632 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    18:43:12.0557 15632 b57nd60x - ok
    18:43:12.0635 15632 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    18:43:12.0682 15632 Beep - ok
    18:43:12.0775 15632 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    18:43:12.0822 15632 blbdrive - ok
    18:43:12.0963 15632 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
    18:43:13.0056 15632 bowser - ok
    18:43:13.0087 15632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    18:43:13.0134 15632 BrFiltLo - ok
    18:43:13.0212 15632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    18:43:13.0259 15632 BrFiltUp - ok
    18:43:13.0415 15632 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    18:43:13.0462 15632 Brserid - ok
    18:43:13.0524 15632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    18:43:13.0555 15632 BrSerWdm - ok
    18:43:13.0587 15632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    18:43:13.0618 15632 BrUsbMdm - ok
    18:43:13.0633 15632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    18:43:13.0680 15632 BrUsbSer - ok
    18:43:13.0789 15632 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
    18:43:13.0836 15632 BthEnum - ok
    18:43:13.0867 15632 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    18:43:13.0899 15632 BTHMODEM - ok
    18:43:13.0992 15632 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    18:43:14.0008 15632 BthPan - ok
    18:43:14.0086 15632 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
    18:43:14.0133 15632 BTHPORT - ok
    18:43:14.0195 15632 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
    18:43:14.0226 15632 BTHUSB - ok
    18:43:14.0289 15632 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    18:43:14.0335 15632 cdfs - ok
    18:43:14.0460 15632 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
    18:43:14.0491 15632 cdrom - ok
    18:43:14.0538 15632 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    18:43:14.0585 15632 circlass - ok
    18:43:14.0632 15632 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    18:43:14.0663 15632 CLFS - ok
    18:43:14.0772 15632 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    18:43:14.0803 15632 CmBatt - ok
    18:43:14.0850 15632 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
    18:43:14.0866 15632 cmdide - ok
    18:43:14.0928 15632 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    18:43:14.0959 15632 CNG - ok
    18:43:15.0006 15632 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    18:43:15.0037 15632 Compbatt - ok
    18:43:15.0100 15632 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
    18:43:15.0147 15632 CompositeBus - ok
    18:43:15.0225 15632 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    18:43:15.0240 15632 crcdisk - ok
    18:43:15.0318 15632 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
    18:43:15.0365 15632 DfsC - ok
    18:43:15.0459 15632 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    18:43:15.0505 15632 discache - ok
    18:43:15.0630 15632 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    18:43:15.0646 15632 Disk - ok
    18:43:15.0693 15632 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    18:43:15.0739 15632 drmkaud - ok
    18:43:15.0786 15632 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
    18:43:15.0833 15632 DXGKrnl - ok
    18:43:15.0880 15632 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\windows\system32\DRIVERS\eamon.sys
    18:43:15.0927 15632 eamon - ok
    18:43:16.0036 15632 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    18:43:16.0114 15632 ebdrv - ok
    18:43:16.0207 15632 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\windows\system32\DRIVERS\ehdrv.sys
    18:43:16.0254 15632 ehdrv - ok
    18:43:16.0363 15632 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    18:43:16.0395 15632 elxstor - ok
    18:43:16.0426 15632 epfw (39f48a0784be8465cd1ac80b36d61613) C:\windows\system32\DRIVERS\epfw.sys
    18:43:16.0457 15632 epfw - ok
    18:43:16.0519 15632 Epfwndis (3b47010b2425b69826004767e59045ba) C:\windows\system32\DRIVERS\Epfwndis.sys
    18:43:16.0566 15632 Epfwndis - ok
    18:43:16.0660 15632 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\windows\system32\DRIVERS\epfwwfp.sys
    18:43:16.0691 15632 epfwwfp - ok
    18:43:16.0753 15632 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
    18:43:16.0785 15632 ErrDev - ok
    18:43:16.0878 15632 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    18:43:16.0909 15632 exfat - ok
    18:43:16.0941 15632 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    18:43:16.0972 15632 fastfat - ok
    18:43:17.0065 15632 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    18:43:17.0097 15632 fdc - ok
    18:43:17.0128 15632 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    18:43:17.0128 15632 FileInfo - ok
    18:43:17.0159 15632 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    18:43:17.0190 15632 Filetrace - ok
    18:43:17.0221 15632 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    18:43:17.0237 15632 flpydisk - ok
    18:43:17.0331 15632 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    18:43:17.0346 15632 FltMgr - ok
    18:43:17.0377 15632 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    18:43:17.0377 15632 FsDepends - ok
    18:43:17.0440 15632 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
    18:43:17.0455 15632 fssfltr - ok
    18:43:17.0502 15632 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    18:43:17.0518 15632 Fs_Rec - ok
    18:43:17.0627 15632 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
    18:43:17.0643 15632 fvevol - ok
    18:43:17.0689 15632 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    18:43:17.0705 15632 gagp30kx - ok
    18:43:17.0814 15632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    18:43:17.0814 15632 GEARAspiWDM - ok
    18:43:17.0923 15632 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    18:43:17.0970 15632 hcw85cir - ok
    18:43:18.0064 15632 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
    18:43:18.0095 15632 HdAudAddService - ok
    18:43:18.0204 15632 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
    18:43:18.0235 15632 HDAudBus - ok
    18:43:18.0267 15632 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    18:43:18.0298 15632 HidBatt - ok
    18:43:18.0376 15632 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    18:43:18.0423 15632 HidBth - ok
    18:43:18.0485 15632 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    18:43:18.0563 15632 HidIr - ok
    18:43:18.0641 15632 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
    18:43:18.0688 15632 HidUsb - ok
    18:43:18.0813 15632 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
    18:43:18.0875 15632 HpSAMD - ok
    18:43:18.0937 15632 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
    18:43:18.0984 15632 HTTP - ok
    18:43:19.0078 15632 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
    18:43:19.0093 15632 hwpolicy - ok
    18:43:19.0156 15632 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
    18:43:19.0218 15632 i8042prt - ok
    18:43:19.0296 15632 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    18:43:19.0343 15632 iaStor - ok
    18:43:19.0405 15632 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
    18:43:19.0452 15632 iaStorV - ok
    18:43:19.0655 15632 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
    18:43:19.0827 15632 igfx - ok
    18:43:19.0920 15632 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    18:43:19.0967 15632 iirsp - ok
    18:43:20.0107 15632 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
    18:43:20.0263 15632 IntcAzAudAddService - ok
    18:43:20.0373 15632 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
    18:43:20.0419 15632 intelide - ok
    18:43:20.0451 15632 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    18:43:20.0466 15632 intelppm - ok
    18:43:20.0513 15632 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    18:43:20.0575 15632 IpFilterDriver - ok
    18:43:20.0700 15632 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
    18:43:20.0763 15632 IPMIDRV - ok
    18:43:20.0794 15632 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    18:43:20.0856 15632 IPNAT - ok
    18:43:20.0965 15632 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    18:43:21.0059 15632 IRENUM - ok
    18:43:21.0106 15632 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
    18:43:21.0168 15632 isapnp - ok
    18:43:21.0199 15632 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
    18:43:21.0215 15632 iScsiPrt - ok
    18:43:21.0246 15632 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
    18:43:21.0277 15632 kbdclass - ok
    18:43:21.0309 15632 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
    18:43:21.0355 15632 kbdhid - ok
    18:43:21.0402 15632 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
    18:43:21.0418 15632 KSecDD - ok
    18:43:21.0480 15632 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
    18:43:21.0527 15632 KSecPkg - ok
    18:43:21.0574 15632 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    18:43:21.0636 15632 lltdio - ok
    18:43:21.0699 15632 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    18:43:21.0714 15632 LSI_FC - ok
    18:43:21.0745 15632 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    18:43:21.0777 15632 LSI_SAS - ok
    18:43:21.0808 15632 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    18:43:21.0839 15632 LSI_SAS2 - ok
    18:43:21.0870 15632 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    18:43:21.0901 15632 LSI_SCSI - ok
    18:43:21.0933 15632 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    18:43:21.0979 15632 luafv - ok
    18:43:22.0104 15632 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
    18:43:22.0151 15632 MBAMProtector - ok
    18:43:22.0307 15632 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    18:43:22.0323 15632 megasas - ok
    18:43:22.0369 15632 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    18:43:22.0416 15632 MegaSR - ok
    18:43:22.0463 15632 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    18:43:22.0525 15632 Modem - ok
    18:43:22.0603 15632 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    18:43:22.0650 15632 monitor - ok
    18:43:22.0697 15632 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    18:43:22.0759 15632 mouclass - ok
    18:43:22.0822 15632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    18:43:22.0900 15632 mouhid - ok
    18:43:22.0993 15632 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
    18:43:22.0993 15632 mountmgr - ok
    18:43:23.0071 15632 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
    18:43:23.0149 15632 mpio - ok
    18:43:23.0181 15632 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    18:43:23.0259 15632 mpsdrv - ok
    18:43:23.0305 15632 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
    18:43:23.0383 15632 MRxDAV - ok
    18:43:23.0493 15632 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
    18:43:23.0586 15632 mrxsmb - ok
    18:43:23.0680 15632 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
    18:43:23.0711 15632 mrxsmb10 - ok
    18:43:23.0774 15632 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
    18:43:23.0789 15632 mrxsmb20 - ok
    18:43:23.0883 15632 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
    18:43:23.0898 15632 msahci - ok
    18:43:23.0914 15632 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
    18:43:23.0945 15632 msdsm - ok
    18:43:23.0992 15632 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    18:43:24.0054 15632 Msfs - ok
    18:43:24.0117 15632 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    18:43:24.0179 15632 mshidkmdf - ok
    18:43:24.0226 15632 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
    18:43:24.0288 15632 msisadrv - ok
    18:43:24.0366 15632 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    18:43:24.0413 15632 MSKSSRV - ok
    18:43:24.0444 15632 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    18:43:24.0491 15632 MSPCLOCK - ok
    18:43:24.0569 15632 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    18:43:24.0616 15632 MSPQM - ok
    18:43:24.0632 15632 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    18:43:24.0647 15632 MsRPC - ok
    18:43:24.0694 15632 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
    18:43:24.0710 15632 mssmbios - ok
    18:43:24.0756 15632 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    18:43:24.0819 15632 MSTEE - ok
    18:43:24.0850 15632 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    18:43:24.0881 15632 MTConfig - ok
    18:43:24.0912 15632 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    18:43:24.0928 15632 Mup - ok
    18:43:25.0037 15632 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    18:43:25.0100 15632 NativeWifiP - ok
    18:43:25.0224 15632 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
    18:43:25.0271 15632 NDIS - ok
    18:43:25.0318 15632 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    18:43:25.0396 15632 NdisCap - ok
    18:43:25.0458 15632 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    18:43:25.0521 15632 NdisTapi - ok
    18:43:25.0646 15632 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
    18:43:25.0708 15632 Ndisuio - ok
    18:43:25.0755 15632 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
    18:43:25.0817 15632 NdisWan - ok
    18:43:25.0911 15632 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
    18:43:25.0989 15632 NDProxy - ok
    18:43:26.0051 15632 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    18:43:26.0145 15632 NetBIOS - ok
    18:43:26.0192 15632 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
    18:43:26.0238 15632 NetBT - ok
    18:43:26.0348 15632 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    18:43:26.0394 15632 nfrd960 - ok
    18:43:26.0426 15632 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    18:43:26.0488 15632 Npfs - ok
    18:43:26.0504 15632 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    18:43:26.0566 15632 nsiproxy - ok
    18:43:26.0691 15632 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
    18:43:26.0769 15632 Ntfs - ok
    18:43:26.0831 15632 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    18:43:26.0894 15632 Null - ok
    18:43:26.0956 15632 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
    18:43:26.0987 15632 nvraid - ok
    18:43:27.0050 15632 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
    18:43:27.0112 15632 nvstor - ok
    18:43:27.0159 15632 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
    18:43:27.0190 15632 nv_agp - ok
    18:43:27.0237 15632 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
    18:43:27.0268 15632 ohci1394 - ok
    18:43:27.0362 15632 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    18:43:27.0408 15632 Parport - ok
    18:43:27.0455 15632 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
    18:43:27.0518 15632 partmgr - ok
    18:43:27.0549 15632 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    18:43:27.0596 15632 Parvdm - ok
    18:43:27.0642 15632 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
    18:43:27.0689 15632 pci - ok
    18:43:27.0736 15632 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
    18:43:27.0767 15632 pciide - ok
    18:43:27.0798 15632 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    18:43:27.0830 15632 pcmcia - ok
    18:43:27.0861 15632 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    18:43:27.0892 15632 pcw - ok
    18:43:27.0923 15632 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    18:43:27.0970 15632 PEAUTH - ok
    18:43:28.0095 15632 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    18:43:28.0157 15632 PptpMiniport - ok
    18:43:28.0173 15632 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    18:43:28.0204 15632 Processor - ok
    18:43:28.0266 15632 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    18:43:28.0329 15632 Psched - ok
    18:43:28.0391 15632 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    18:43:28.0469 15632 ql2300 - ok
    18:43:28.0485 15632 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    18:43:28.0516 15632 ql40xx - ok
    18:43:28.0532 15632 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    18:43:28.0563 15632 QWAVEdrv - ok
    18:43:28.0610 15632 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    18:43:28.0656 15632 RasAcd - ok
    18:43:28.0703 15632 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    18:43:28.0797 15632 RasAgileVpn - ok
    18:43:28.0828 15632 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    18:43:28.0906 15632 Rasl2tp - ok
    18:43:29.0000 15632 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    18:43:29.0078 15632 RasPppoe - ok
    18:43:29.0078 15632 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    18:43:29.0124 15632 RasSstp - ok
    18:43:29.0249 15632 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
    18:43:29.0296 15632 rdbss - ok
    18:43:29.0312 15632 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    18:43:29.0358 15632 rdpbus - ok
    18:43:29.0405 15632 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
    18:43:29.0468 15632 RDPCDD - ok
    18:43:29.0561 15632 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    18:43:29.0608 15632 RDPENCDD - ok
    18:43:29.0624 15632 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    18:43:29.0686 15632 RDPREFMP - ok
    18:43:29.0748 15632 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
    18:43:29.0795 15632 RDPWD - ok
    18:43:29.0904 15632 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
    18:43:29.0951 15632 rdyboost - ok
    18:43:30.0045 15632 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    18:43:30.0092 15632 RFCOMM - ok
    18:43:30.0154 15632 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    18:43:30.0232 15632 rspndr - ok
    18:43:30.0263 15632 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
    18:43:30.0294 15632 RTL8167 - ok
    18:43:30.0357 15632 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
    18:43:30.0419 15632 SABI - ok
    18:43:30.0544 15632 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
    18:43:30.0591 15632 sbp2port - ok
    18:43:30.0653 15632 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
    18:43:30.0684 15632 scfilter - ok
    18:43:30.0840 15632 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
    18:43:30.0903 15632 SDHookDriver - ok
    18:43:30.0996 15632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    18:43:31.0059 15632 secdrv - ok
    18:43:31.0184 15632 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    18:43:31.0246 15632 Serenum - ok
    18:43:31.0277 15632 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    18:43:31.0293 15632 Serial - ok
    18:43:31.0355 15632 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    18:43:31.0402 15632 sermouse - ok
    18:43:31.0480 15632 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
    18:43:31.0511 15632 sffdisk - ok
    18:43:31.0589 15632 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
    18:43:31.0652 15632 sffp_mmc - ok
    18:43:31.0714 15632 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
    18:43:31.0776 15632 sffp_sd - ok
    18:43:31.0808 15632 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    18:43:31.0839 15632 sfloppy - ok
    18:43:31.0886 15632 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
    18:43:31.0917 15632 sisagp - ok
    18:43:31.0948 15632 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    18:43:32.0026 15632 SiSRaid2 - ok
    18:43:32.0042 15632 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    18:43:32.0088 15632 SiSRaid4 - ok
    18:43:32.0120 15632 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    18:43:32.0166 15632 Smb - ok
    18:43:32.0213 15632 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    18:43:32.0229 15632 spldr - ok
    18:43:32.0307 15632 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
    18:43:32.0385 15632 srv - ok
    18:43:32.0478 15632 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
    18:43:32.0556 15632 srv2 - ok
    18:43:32.0572 15632 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
    18:43:32.0634 15632 srvnet - ok
    18:43:32.0728 15632 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    18:43:32.0775 15632 stexstor - ok
    18:43:32.0806 15632 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
    18:43:32.0822 15632 swenum - ok
    18:43:32.0900 15632 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
    18:43:32.0978 15632 SynTP - ok
    18:43:33.0134 15632 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
    18:43:33.0258 15632 Tcpip - ok
    18:43:33.0399 15632 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
    18:43:33.0430 15632 TCPIP6 - ok
    18:43:33.0492 15632 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
    18:43:33.0586 15632 tcpipreg - ok
    18:43:33.0648 15632 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
    18:43:33.0711 15632 TDPIPE - ok
    18:43:33.0758 15632 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
    18:43:33.0804 15632 TDTCP - ok
    18:43:33.0851 15632 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
    18:43:33.0929 15632 tdx - ok
    18:43:33.0976 15632 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
    18:43:34.0023 15632 TermDD - ok
    18:43:34.0179 15632 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
    18:43:34.0272 15632 tssecsrv - ok
    18:43:34.0366 15632 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
    18:43:34.0413 15632 TsUsbFlt - ok
    18:43:34.0538 15632 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
    18:43:34.0600 15632 tunnel - ok
    18:43:34.0647 15632 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    18:43:34.0678 15632 uagp35 - ok
    18:43:34.0725 15632 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
    18:43:34.0818 15632 udfs - ok
    18:43:34.0928 15632 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
    18:43:34.0974 15632 uliagpkx - ok
    18:43:35.0006 15632 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
    18:43:35.0052 15632 umbus - ok
    18:43:35.0130 15632 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    18:43:35.0177 15632 UmPass - ok
    18:43:35.0255 15632 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
    18:43:35.0318 15632 USBAAPL - ok
    18:43:35.0411 15632 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
    18:43:35.0474 15632 usbccgp - ok
    18:43:35.0583 15632 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
    18:43:35.0630 15632 usbcir - ok
    18:43:35.0708 15632 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
    18:43:35.0754 15632 usbehci - ok
    18:43:35.0848 15632 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
    18:43:35.0942 15632 usbhub - ok
    18:43:35.0973 15632 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    18:43:36.0004 15632 usbohci - ok
    18:43:36.0082 15632 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    18:43:36.0144 15632 usbprint - ok
    18:43:36.0222 15632 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
    18:43:36.0269 15632 usbscan - ok
    18:43:36.0378 15632 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
    18:43:36.0425 15632 USBSTOR - ok
    18:43:36.0519 15632 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
    18:43:36.0581 15632 usbuhci - ok
    18:43:36.0659 15632 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
    18:43:36.0706 15632 usbvideo - ok
    18:43:36.0846 15632 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
    18:43:36.0893 15632 vdrvroot - ok
    18:43:36.0940 15632 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    18:43:36.0971 15632 vga - ok
    18:43:36.0987 15632 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    18:43:37.0065 15632 VgaSave - ok
    18:43:37.0127 15632 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
    18:43:37.0158 15632 vhdmp - ok
    18:43:37.0221 15632 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
    18:43:37.0268 15632 viaagp - ok
    18:43:37.0299 15632 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    18:43:37.0346 15632 ViaC7 - ok
    18:43:37.0392 15632 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
    18:43:37.0439 15632 viaide - ok
    18:43:37.0455 15632 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
    18:43:37.0533 15632 volmgr - ok
    18:43:37.0595 15632 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    18:43:37.0642 15632 volmgrx - ok
    18:43:37.0736 15632 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
    18:43:37.0751 15632 volsnap - ok
    18:43:37.0814 15632 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    18:43:37.0876 15632 vsmraid - ok
    18:43:37.0892 15632 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    18:43:37.0938 15632 vwifibus - ok
    18:43:38.0016 15632 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    18:43:38.0110 15632 vwififlt - ok
    18:43:38.0188 15632 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    18:43:38.0250 15632 WacomPen - ok
    18:43:38.0313 15632 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    18:43:38.0360 15632 WANARP - ok
    18:43:38.0360 15632 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    18:43:38.0375 15632 Wanarpv6 - ok
    18:43:38.0453 15632 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    18:43:38.0484 15632 Wd - ok
    18:43:38.0516 15632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    18:43:38.0578 15632 Wdf01000 - ok
    18:43:38.0625 15632 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    18:43:38.0672 15632 WfpLwf - ok
    18:43:38.0687 15632 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    18:43:38.0718 15632 WIMMount - ok
    18:43:38.0828 15632 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
    18:43:38.0859 15632 WINUSB - ok
    18:43:38.0906 15632 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
    18:43:38.0968 15632 WmiAcpi - ok
    18:43:39.0046 15632 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    18:43:39.0108 15632 ws2ifsl - ok
    18:43:39.0171 15632 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
    18:43:39.0233 15632 WudfPf - ok
    18:43:39.0342 15632 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
    18:43:39.0405 15632 WUDFRd - ok
    18:43:39.0514 15632 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
    18:43:39.0592 15632 yukonw7 - ok
    18:43:39.0639 15632 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
    18:43:40.0013 15632 \Device\Harddisk0\DR0 - ok
    18:43:40.0029 15632 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    18:43:40.0216 15632 \Device\Harddisk1\DR1 - ok
    18:43:40.0216 15632 Boot (0x1200) (35ad429c41eabd3cb5aa0c137174f74e) \Device\Harddisk0\DR0\Partition0
    18:43:40.0216 15632 \Device\Harddisk0\DR0\Partition0 - ok
    18:43:40.0232 15632 Boot (0x1200) (8ef57f636c3472629962a8279554bffc) \Device\Harddisk0\DR0\Partition1
    18:43:40.0232 15632 \Device\Harddisk0\DR0\Partition1 - ok
    18:43:40.0263 15632 Boot (0x1200) (18763aeac0ee39fec1defec9b7171ab2) \Device\Harddisk0\DR0\Partition2
    18:43:40.0278 15632 \Device\Harddisk0\DR0\Partition2 - ok
    18:43:40.0278 15632 Boot (0x1200) (c17c16547be32acadda8a1f42eeb1198) \Device\Harddisk1\DR1\Partition0
    18:43:40.0278 15632 \Device\Harddisk1\DR1\Partition0 - ok
    18:43:40.0278 15632 ============================================================
    18:43:40.0278 15632 Scan finished
    18:43:40.0278 15632 ============================================================
    18:43:40.0294 15624 Detected object count: 0
    18:43:40.0294 15624 Actual detected object count: 0
  10. 2011-12-09, 23:22 #50
    superb1000
    superb1000 is offline
    Member
    Join Date
    Nov 2011
    Posts
    53

    Default

    do you know if there is a log, or a way to see the traffic that was blocked by MalwareByte ?

    bye
    philippe
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules