Java/Agent.DW removal help needed

here is the start of the Gmer log of the W7 box, it's still running so I will let it run during the night & post the log when done.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 22:25:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\aglorpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 830729C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830924E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C04000, 0x2DEB7A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A70F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AD0F5A
.text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 760CF4FB 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:4204] A4D0EF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-12-06 18:13:09
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2011-12-05 20:33:03
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2011-12-03 08:08:24
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 294
 
hi,

Dont see anything that looks out of the ordinary in the log. No harm in running aswMBR and Tdskiller on the W7 machine.
As far as the Samsung utility goes, unless it writes a new MBR then it wont do much good as far as a MBR rootkit goes.

You can run farbar's utility on the XP machine and on the W7 after doing the above:

Please download Minitoolbox and save it to your desktop.
With Internet Explorer and Fire Fox closed:

* Double click on MiniToolBox.exe to run it.
Please check the following options:
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
* Click the GO button. A log will open.
* Please post the contents of this log. It can also be found on the desktop as Result.txt.
 
hi shelf life,

here is the log for the XP box:


MiniToolBox by Farbar
Ran by HP_Administrateur (administrator) on 07-12-2011 at 21:14:33
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Configuration IP de Windows



Cache de résolution DNS vidé.


"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****
 
extremely strange event:

on boot I loaded something that looks like the bios (but it was not the bio maybe an HP variation) by pressing the esc key,

in the menu it asked me the disk to boot from, and I selected the main Western Digital disk where the fresh OS has been installed doing a format (during the install procedure).

but instead of having the fresh OS it loded the old system (that was supposed to have been formatted). I tested some applications like FTP and it's working...

the even more strange thing is that ESET smart security is now showing smart security 5 when it used to be 4 on the formatted OS..... ???? (and the small icon at the bottom show 4)... In fact I did install the V5 but on the new fresh OS.

as it's very strange I tought this can be interesing.

bye
philippe
 
here is the full gmer log of the W7 box:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-07 22:42:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\aglorpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 830729C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830924E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C04000, 0x2DEB7A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\SYSTEM32\Rezip.exe[280] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[392] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A70F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AD0F5A
.text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\wininit.exe[544] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\services.exe[592] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\lsass.exe[616] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\lsm.exe[624] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[728] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[792] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[820] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\atiesrxx.exe[844] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\winlogon.exe[896] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\System32\svchost.exe[948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1304] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[1384] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\System32\spoolsv.exe[1416] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1600] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\windows\system32\atieclxx.exe[1628] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1828] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1848] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 760CF4FB 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[1916] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1928] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\System32\svchost.exe[1940] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A80F5A
.text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[1968] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2112] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2320] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\SearchIndexer.exe[2352] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2548] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2560] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2580] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2620] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[2636] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\servicing\TrustedInstaller.exe[2796] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\WUDFHost.exe[2824] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[2880] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe[3084] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3092] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Users\admin\Desktop\gmer.exe[3148] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3340] KERNEL32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3488] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\Dwm.exe[3500] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\taskhost.exe[3508] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\taskeng.exe[3608] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3712] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\system32\svchost.exe[3912] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\windows\Explorer.EXE[3992] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[4056] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4072] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4292] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[4388] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[4948] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Windows\WindowsMobile\wmdc.exe[5156] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessW 7608204D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[5904] kernel32.dll!CreateProcessA 76082082 6 Bytes JMP 71AF0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l’infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:4204] A4D0EF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-12-06 18:13:09
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2011-12-05 20:33:03
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2011-12-03 08:08:24
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 294

---- Files - GMER 1.0.15 ----

File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5HS1S25\integrity-local[1].txt 40 bytes
File C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XDRV2TUD\integrity-local[1].txt 40 bytes

---- EOF - GMER 1.0.15 ----
 
MiniToolBox log for the W7 box


MiniToolBox by Farbar
Ran by admin (administrator) on 07-12-2011 at 22:46:56
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Configuration IP de Windows

Cache de r‚solution DNS vid‚.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****
 
in the menu it asked me the disk to boot from, and I selected the main Western Digital disk

Looks like you have 3 hard drives, and several partitions. One must have the new install you did, another a older install? Does that make sense? I would visit the HP web site and check your make and model to confirm what you have and how they function, one may be a drive that functions as a backup.

PhysicalDrive2 Model Number: Maxtor6L300R0, Rev: BAJ41G20
PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
PhysicalDrive1 Model Number: SAMSUNGHD204UI, Rev: 1AQ10001
 
hi shelf life,


>Looks like you have 3 hard drives, and several partitions. One must have the >new install you did, another a older install? Does that make sense? I would >visit the HP web site and check your make and model to confirm what you >have and how they function, one may be a drive that functions as a backup.

I have 3 disks indeed, and a couple of partitions 2 restore partitions created by HP recovery, 1 main on the C, and the 2 other disk have only 1 partitions each.


I opened up the PC it's a Asus motherboard:P5LP-LE (Leonite)

http://h10025.www1.hp.com/ewfrf/wc/document?cc=fr&lc=fr&dlc=fr&docname=c00864946#N142

hp pavillon


I will check how it is supposed to operarte.

however I did disconnect the 2 additional disk, and when I try to boot on the C, the boot sequence start correctly I have the XP black screen then the blue logon, and it freez there, I can not go anywhere.... very strange, as if part of the fresh install has span on some of the other disks...??

I will do some more tests tomorrow.

bye
philippe
 
hi shelf life,

here are the logs for the W7 box:

nothing that looks suspicious to me, any other scanning tools I could use ?

because I dont' like to much to see firefox doing the activity MalwareByte did block, firefox should not be using such non standard ports to communicate with the outside ???

22:59:42 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54278, Process: firefox.exe)
23:00:39 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54504, Process: firefox.exe)
23:01:03 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54613, Process: firefox.exe)


protection-log-2011-12-04
10:12:16 admin MESSAGE Protection started successfully
10:12:20 admin MESSAGE IP Protection started successfully
21:44:05 admin IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 51936, Process: firefox.exe)
21:44:05 admin IP-BLOCK 89.149.227.56 (Type: outgoing, Port: 51992, Process: firefox.exe)
21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52010, Process: firefox.exe)
21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52011, Process: firefox.exe)


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-08 21:23:06
-----------------------------
21:23:06.569 OS Version: Windows 6.1.7601 Service Pack 1
21:23:06.569 Number of processors: 2 586 0x170A
21:23:06.569 ComputerName: ADMIN-PC UserName: admin
21:23:28.690 Initialize success
21:23:34.540 AVAST engine defs: 11120701
21:27:17.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:27:17.873 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
21:27:17.904 Disk 0 MBR read successfully
21:27:17.904 Disk 0 MBR scan
21:27:17.904 Disk 0 unknown MBR code
21:27:17.904 Disk 0 scanning sectors +976771072
21:27:18.013 Disk 0 scanning C:\windows\system32\drivers
21:27:41.007 Service scanning
21:27:42.552 Modules scanning
21:27:52.505 Disk 0 trace - called modules:
21:27:52.520 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
21:27:52.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dac030]
21:27:52.536 3 CLASSPNP.SYS[8c38759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f5e028]
21:27:54.127 AVAST engine scan C:\
15:42:06.632 Scan finished successfully
18:41:46.532 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
18:41:46.532 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR-log-9-12-2012.txt"





18:42:33.0027 15108 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:42:33.0058 15108 ============================================================
18:42:33.0058 15108 Current date / time: 2011/12/09 18:42:33.0058
18:42:33.0058 15108 SystemInfo:
18:42:33.0058 15108
18:42:33.0058 15108 OS Version: 6.1.7601 ServicePack: 1.0
18:42:33.0058 15108 Product type: Workstation
18:42:33.0058 15108 ComputerName: ADMIN-PC
18:42:33.0058 15108 UserName: admin
18:42:33.0058 15108 Windows directory: C:\windows
18:42:33.0058 15108 System windows directory: C:\windows
18:42:33.0058 15108 Processor architecture: Intel x86
18:42:33.0058 15108 Number of processors: 2
18:42:33.0058 15108 Page size: 0x1000
18:42:33.0058 15108 Boot type: Normal boot
18:42:33.0058 15108 ============================================================
18:42:34.0446 15108 Initialize success
18:43:07.0627 15632 ============================================================
18:43:07.0627 15632 Scan started
18:43:07.0627 15632 Mode: Manual; SigCheck; TDLFS;
18:43:07.0627 15632 ============================================================
18:43:08.0860 15632 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
18:43:09.0016 15632 1394ohci - ok
18:43:09.0125 15632 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
18:43:09.0156 15632 ACPI - ok
18:43:09.0219 15632 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
18:43:09.0297 15632 AcpiPmi - ok
18:43:09.0406 15632 AdfuUd (9ed5d777a31ee654b0899cd1d2e778ba) C:\windows\system32\Drivers\AdfuUd.sys
18:43:09.0468 15632 AdfuUd - ok
18:43:09.0546 15632 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
18:43:09.0562 15632 adp94xx - ok
18:43:09.0609 15632 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
18:43:09.0624 15632 adpahci - ok
18:43:09.0640 15632 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
18:43:09.0655 15632 adpu320 - ok
18:43:09.0796 15632 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
18:43:09.0874 15632 AFD - ok
18:43:10.0014 15632 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
18:43:10.0092 15632 AgereSoftModem - ok
18:43:10.0186 15632 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
18:43:10.0201 15632 agp440 - ok
18:43:10.0264 15632 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
18:43:10.0279 15632 aic78xx - ok
18:43:10.0404 15632 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
18:43:10.0420 15632 aliide - ok
18:43:10.0498 15632 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
18:43:10.0513 15632 amdagp - ok
18:43:10.0591 15632 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
18:43:10.0607 15632 amdide - ok
18:43:10.0701 15632 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
18:43:10.0747 15632 AmdK8 - ok
18:43:10.0857 15632 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
18:43:10.0888 15632 AmdPPM - ok
18:43:10.0997 15632 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
18:43:11.0013 15632 amdsata - ok
18:43:11.0059 15632 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
18:43:11.0075 15632 amdsbs - ok
18:43:11.0122 15632 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
18:43:11.0137 15632 amdxata - ok
18:43:11.0247 15632 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
18:43:11.0356 15632 AppID - ok
18:43:11.0481 15632 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
18:43:11.0496 15632 arc - ok
18:43:11.0543 15632 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
18:43:11.0559 15632 arcsas - ok
18:43:11.0605 15632 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
18:43:11.0715 15632 AsyncMac - ok
18:43:11.0793 15632 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
18:43:11.0808 15632 atapi - ok
18:43:11.0902 15632 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
18:43:11.0949 15632 athr - ok
18:43:12.0167 15632 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
18:43:12.0276 15632 atikmdag - ok
18:43:12.0417 15632 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
18:43:12.0463 15632 b06bdrv - ok
18:43:12.0541 15632 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
18:43:12.0557 15632 b57nd60x - ok
18:43:12.0635 15632 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
18:43:12.0682 15632 Beep - ok
18:43:12.0775 15632 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
18:43:12.0822 15632 blbdrive - ok
18:43:12.0963 15632 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
18:43:13.0056 15632 bowser - ok
18:43:13.0087 15632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:43:13.0134 15632 BrFiltLo - ok
18:43:13.0212 15632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:43:13.0259 15632 BrFiltUp - ok
18:43:13.0415 15632 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
18:43:13.0462 15632 Brserid - ok
18:43:13.0524 15632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
18:43:13.0555 15632 BrSerWdm - ok
18:43:13.0587 15632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
18:43:13.0618 15632 BrUsbMdm - ok
18:43:13.0633 15632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
18:43:13.0680 15632 BrUsbSer - ok
18:43:13.0789 15632 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
18:43:13.0836 15632 BthEnum - ok
18:43:13.0867 15632 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
18:43:13.0899 15632 BTHMODEM - ok
18:43:13.0992 15632 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
18:43:14.0008 15632 BthPan - ok
18:43:14.0086 15632 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
18:43:14.0133 15632 BTHPORT - ok
18:43:14.0195 15632 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
18:43:14.0226 15632 BTHUSB - ok
18:43:14.0289 15632 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
18:43:14.0335 15632 cdfs - ok
18:43:14.0460 15632 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
18:43:14.0491 15632 cdrom - ok
18:43:14.0538 15632 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
18:43:14.0585 15632 circlass - ok
18:43:14.0632 15632 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
18:43:14.0663 15632 CLFS - ok
18:43:14.0772 15632 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
18:43:14.0803 15632 CmBatt - ok
18:43:14.0850 15632 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
18:43:14.0866 15632 cmdide - ok
18:43:14.0928 15632 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
18:43:14.0959 15632 CNG - ok
18:43:15.0006 15632 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
18:43:15.0037 15632 Compbatt - ok
18:43:15.0100 15632 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
18:43:15.0147 15632 CompositeBus - ok
18:43:15.0225 15632 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
18:43:15.0240 15632 crcdisk - ok
18:43:15.0318 15632 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
18:43:15.0365 15632 DfsC - ok
18:43:15.0459 15632 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
18:43:15.0505 15632 discache - ok
18:43:15.0630 15632 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
18:43:15.0646 15632 Disk - ok
18:43:15.0693 15632 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
18:43:15.0739 15632 drmkaud - ok
18:43:15.0786 15632 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
18:43:15.0833 15632 DXGKrnl - ok
18:43:15.0880 15632 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\windows\system32\DRIVERS\eamon.sys
18:43:15.0927 15632 eamon - ok
18:43:16.0036 15632 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
18:43:16.0114 15632 ebdrv - ok
18:43:16.0207 15632 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\windows\system32\DRIVERS\ehdrv.sys
18:43:16.0254 15632 ehdrv - ok
18:43:16.0363 15632 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
18:43:16.0395 15632 elxstor - ok
18:43:16.0426 15632 epfw (39f48a0784be8465cd1ac80b36d61613) C:\windows\system32\DRIVERS\epfw.sys
18:43:16.0457 15632 epfw - ok
18:43:16.0519 15632 Epfwndis (3b47010b2425b69826004767e59045ba) C:\windows\system32\DRIVERS\Epfwndis.sys
18:43:16.0566 15632 Epfwndis - ok
18:43:16.0660 15632 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\windows\system32\DRIVERS\epfwwfp.sys
18:43:16.0691 15632 epfwwfp - ok
18:43:16.0753 15632 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
18:43:16.0785 15632 ErrDev - ok
18:43:16.0878 15632 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
18:43:16.0909 15632 exfat - ok
18:43:16.0941 15632 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
18:43:16.0972 15632 fastfat - ok
18:43:17.0065 15632 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
18:43:17.0097 15632 fdc - ok
18:43:17.0128 15632 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
18:43:17.0128 15632 FileInfo - ok
18:43:17.0159 15632 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
18:43:17.0190 15632 Filetrace - ok
18:43:17.0221 15632 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
18:43:17.0237 15632 flpydisk - ok
18:43:17.0331 15632 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
18:43:17.0346 15632 FltMgr - ok
18:43:17.0377 15632 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
18:43:17.0377 15632 FsDepends - ok
18:43:17.0440 15632 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
18:43:17.0455 15632 fssfltr - ok
18:43:17.0502 15632 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
18:43:17.0518 15632 Fs_Rec - ok
18:43:17.0627 15632 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
18:43:17.0643 15632 fvevol - ok
18:43:17.0689 15632 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
18:43:17.0705 15632 gagp30kx - ok
18:43:17.0814 15632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:43:17.0814 15632 GEARAspiWDM - ok
18:43:17.0923 15632 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
18:43:17.0970 15632 hcw85cir - ok
18:43:18.0064 15632 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
18:43:18.0095 15632 HdAudAddService - ok
18:43:18.0204 15632 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
18:43:18.0235 15632 HDAudBus - ok
18:43:18.0267 15632 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
18:43:18.0298 15632 HidBatt - ok
18:43:18.0376 15632 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
18:43:18.0423 15632 HidBth - ok
18:43:18.0485 15632 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
18:43:18.0563 15632 HidIr - ok
18:43:18.0641 15632 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
18:43:18.0688 15632 HidUsb - ok
18:43:18.0813 15632 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
18:43:18.0875 15632 HpSAMD - ok
18:43:18.0937 15632 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
18:43:18.0984 15632 HTTP - ok
18:43:19.0078 15632 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
18:43:19.0093 15632 hwpolicy - ok
18:43:19.0156 15632 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
18:43:19.0218 15632 i8042prt - ok
18:43:19.0296 15632 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
18:43:19.0343 15632 iaStor - ok
18:43:19.0405 15632 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
18:43:19.0452 15632 iaStorV - ok
18:43:19.0655 15632 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
18:43:19.0827 15632 igfx - ok
18:43:19.0920 15632 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
18:43:19.0967 15632 iirsp - ok
18:43:20.0107 15632 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
18:43:20.0263 15632 IntcAzAudAddService - ok
18:43:20.0373 15632 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
18:43:20.0419 15632 intelide - ok
18:43:20.0451 15632 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
18:43:20.0466 15632 intelppm - ok
18:43:20.0513 15632 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:43:20.0575 15632 IpFilterDriver - ok
18:43:20.0700 15632 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
18:43:20.0763 15632 IPMIDRV - ok
18:43:20.0794 15632 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
18:43:20.0856 15632 IPNAT - ok
18:43:20.0965 15632 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
18:43:21.0059 15632 IRENUM - ok
18:43:21.0106 15632 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
18:43:21.0168 15632 isapnp - ok
18:43:21.0199 15632 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
18:43:21.0215 15632 iScsiPrt - ok
18:43:21.0246 15632 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
18:43:21.0277 15632 kbdclass - ok
18:43:21.0309 15632 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
18:43:21.0355 15632 kbdhid - ok
18:43:21.0402 15632 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
18:43:21.0418 15632 KSecDD - ok
18:43:21.0480 15632 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
18:43:21.0527 15632 KSecPkg - ok
18:43:21.0574 15632 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
18:43:21.0636 15632 lltdio - ok
18:43:21.0699 15632 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
18:43:21.0714 15632 LSI_FC - ok
18:43:21.0745 15632 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
18:43:21.0777 15632 LSI_SAS - ok
18:43:21.0808 15632 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:43:21.0839 15632 LSI_SAS2 - ok
18:43:21.0870 15632 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:43:21.0901 15632 LSI_SCSI - ok
18:43:21.0933 15632 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
18:43:21.0979 15632 luafv - ok
18:43:22.0104 15632 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
18:43:22.0151 15632 MBAMProtector - ok
18:43:22.0307 15632 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
18:43:22.0323 15632 megasas - ok
18:43:22.0369 15632 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
18:43:22.0416 15632 MegaSR - ok
18:43:22.0463 15632 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
18:43:22.0525 15632 Modem - ok
18:43:22.0603 15632 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
18:43:22.0650 15632 monitor - ok
18:43:22.0697 15632 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
18:43:22.0759 15632 mouclass - ok
18:43:22.0822 15632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
18:43:22.0900 15632 mouhid - ok
18:43:22.0993 15632 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
18:43:22.0993 15632 mountmgr - ok
18:43:23.0071 15632 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
18:43:23.0149 15632 mpio - ok
18:43:23.0181 15632 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
18:43:23.0259 15632 mpsdrv - ok
18:43:23.0305 15632 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
18:43:23.0383 15632 MRxDAV - ok
18:43:23.0493 15632 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
18:43:23.0586 15632 mrxsmb - ok
18:43:23.0680 15632 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:43:23.0711 15632 mrxsmb10 - ok
18:43:23.0774 15632 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:43:23.0789 15632 mrxsmb20 - ok
18:43:23.0883 15632 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
18:43:23.0898 15632 msahci - ok
18:43:23.0914 15632 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
18:43:23.0945 15632 msdsm - ok
18:43:23.0992 15632 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
18:43:24.0054 15632 Msfs - ok
18:43:24.0117 15632 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
18:43:24.0179 15632 mshidkmdf - ok
18:43:24.0226 15632 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
18:43:24.0288 15632 msisadrv - ok
18:43:24.0366 15632 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
18:43:24.0413 15632 MSKSSRV - ok
18:43:24.0444 15632 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
18:43:24.0491 15632 MSPCLOCK - ok
18:43:24.0569 15632 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
18:43:24.0616 15632 MSPQM - ok
18:43:24.0632 15632 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
18:43:24.0647 15632 MsRPC - ok
18:43:24.0694 15632 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
18:43:24.0710 15632 mssmbios - ok
18:43:24.0756 15632 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
18:43:24.0819 15632 MSTEE - ok
18:43:24.0850 15632 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
18:43:24.0881 15632 MTConfig - ok
18:43:24.0912 15632 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
18:43:24.0928 15632 Mup - ok
18:43:25.0037 15632 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
18:43:25.0100 15632 NativeWifiP - ok
18:43:25.0224 15632 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
18:43:25.0271 15632 NDIS - ok
18:43:25.0318 15632 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
18:43:25.0396 15632 NdisCap - ok
18:43:25.0458 15632 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
18:43:25.0521 15632 NdisTapi - ok
18:43:25.0646 15632 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
18:43:25.0708 15632 Ndisuio - ok
18:43:25.0755 15632 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
18:43:25.0817 15632 NdisWan - ok
18:43:25.0911 15632 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
18:43:25.0989 15632 NDProxy - ok
18:43:26.0051 15632 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
18:43:26.0145 15632 NetBIOS - ok
18:43:26.0192 15632 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
18:43:26.0238 15632 NetBT - ok
18:43:26.0348 15632 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
18:43:26.0394 15632 nfrd960 - ok
18:43:26.0426 15632 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
18:43:26.0488 15632 Npfs - ok
18:43:26.0504 15632 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
18:43:26.0566 15632 nsiproxy - ok
18:43:26.0691 15632 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
18:43:26.0769 15632 Ntfs - ok
18:43:26.0831 15632 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
18:43:26.0894 15632 Null - ok
18:43:26.0956 15632 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
18:43:26.0987 15632 nvraid - ok
18:43:27.0050 15632 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
18:43:27.0112 15632 nvstor - ok
18:43:27.0159 15632 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
18:43:27.0190 15632 nv_agp - ok
18:43:27.0237 15632 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
18:43:27.0268 15632 ohci1394 - ok
18:43:27.0362 15632 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
18:43:27.0408 15632 Parport - ok
18:43:27.0455 15632 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
18:43:27.0518 15632 partmgr - ok
18:43:27.0549 15632 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
18:43:27.0596 15632 Parvdm - ok
18:43:27.0642 15632 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
18:43:27.0689 15632 pci - ok
18:43:27.0736 15632 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
18:43:27.0767 15632 pciide - ok
18:43:27.0798 15632 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
18:43:27.0830 15632 pcmcia - ok
18:43:27.0861 15632 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
18:43:27.0892 15632 pcw - ok
18:43:27.0923 15632 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
18:43:27.0970 15632 PEAUTH - ok
18:43:28.0095 15632 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
18:43:28.0157 15632 PptpMiniport - ok
18:43:28.0173 15632 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
18:43:28.0204 15632 Processor - ok
18:43:28.0266 15632 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
18:43:28.0329 15632 Psched - ok
18:43:28.0391 15632 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
18:43:28.0469 15632 ql2300 - ok
18:43:28.0485 15632 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
18:43:28.0516 15632 ql40xx - ok
18:43:28.0532 15632 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
18:43:28.0563 15632 QWAVEdrv - ok
18:43:28.0610 15632 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
18:43:28.0656 15632 RasAcd - ok
18:43:28.0703 15632 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
18:43:28.0797 15632 RasAgileVpn - ok
18:43:28.0828 15632 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
18:43:28.0906 15632 Rasl2tp - ok
18:43:29.0000 15632 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
18:43:29.0078 15632 RasPppoe - ok
18:43:29.0078 15632 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
18:43:29.0124 15632 RasSstp - ok
18:43:29.0249 15632 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
18:43:29.0296 15632 rdbss - ok
18:43:29.0312 15632 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
18:43:29.0358 15632 rdpbus - ok
18:43:29.0405 15632 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
18:43:29.0468 15632 RDPCDD - ok
18:43:29.0561 15632 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
18:43:29.0608 15632 RDPENCDD - ok
18:43:29.0624 15632 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
18:43:29.0686 15632 RDPREFMP - ok
18:43:29.0748 15632 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
18:43:29.0795 15632 RDPWD - ok
18:43:29.0904 15632 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
18:43:29.0951 15632 rdyboost - ok
18:43:30.0045 15632 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
18:43:30.0092 15632 RFCOMM - ok
18:43:30.0154 15632 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
18:43:30.0232 15632 rspndr - ok
18:43:30.0263 15632 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
18:43:30.0294 15632 RTL8167 - ok
18:43:30.0357 15632 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
18:43:30.0419 15632 SABI - ok
18:43:30.0544 15632 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
18:43:30.0591 15632 sbp2port - ok
18:43:30.0653 15632 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
18:43:30.0684 15632 scfilter - ok
18:43:30.0840 15632 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
18:43:30.0903 15632 SDHookDriver - ok
18:43:30.0996 15632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
18:43:31.0059 15632 secdrv - ok
18:43:31.0184 15632 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
18:43:31.0246 15632 Serenum - ok
18:43:31.0277 15632 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
18:43:31.0293 15632 Serial - ok
18:43:31.0355 15632 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
18:43:31.0402 15632 sermouse - ok
18:43:31.0480 15632 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
18:43:31.0511 15632 sffdisk - ok
18:43:31.0589 15632 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
18:43:31.0652 15632 sffp_mmc - ok
18:43:31.0714 15632 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
18:43:31.0776 15632 sffp_sd - ok
18:43:31.0808 15632 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
18:43:31.0839 15632 sfloppy - ok
18:43:31.0886 15632 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
18:43:31.0917 15632 sisagp - ok
18:43:31.0948 15632 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:43:32.0026 15632 SiSRaid2 - ok
18:43:32.0042 15632 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
18:43:32.0088 15632 SiSRaid4 - ok
18:43:32.0120 15632 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
18:43:32.0166 15632 Smb - ok
18:43:32.0213 15632 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
18:43:32.0229 15632 spldr - ok
18:43:32.0307 15632 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
18:43:32.0385 15632 srv - ok
18:43:32.0478 15632 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
18:43:32.0556 15632 srv2 - ok
18:43:32.0572 15632 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
18:43:32.0634 15632 srvnet - ok
18:43:32.0728 15632 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
18:43:32.0775 15632 stexstor - ok
18:43:32.0806 15632 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
18:43:32.0822 15632 swenum - ok
18:43:32.0900 15632 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
18:43:32.0978 15632 SynTP - ok
18:43:33.0134 15632 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
18:43:33.0258 15632 Tcpip - ok
18:43:33.0399 15632 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
18:43:33.0430 15632 TCPIP6 - ok
18:43:33.0492 15632 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
18:43:33.0586 15632 tcpipreg - ok
18:43:33.0648 15632 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
18:43:33.0711 15632 TDPIPE - ok
18:43:33.0758 15632 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
18:43:33.0804 15632 TDTCP - ok
18:43:33.0851 15632 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
18:43:33.0929 15632 tdx - ok
18:43:33.0976 15632 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
18:43:34.0023 15632 TermDD - ok
18:43:34.0179 15632 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
18:43:34.0272 15632 tssecsrv - ok
18:43:34.0366 15632 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
18:43:34.0413 15632 TsUsbFlt - ok
18:43:34.0538 15632 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
18:43:34.0600 15632 tunnel - ok
18:43:34.0647 15632 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
18:43:34.0678 15632 uagp35 - ok
18:43:34.0725 15632 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
18:43:34.0818 15632 udfs - ok
18:43:34.0928 15632 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
18:43:34.0974 15632 uliagpkx - ok
18:43:35.0006 15632 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
18:43:35.0052 15632 umbus - ok
18:43:35.0130 15632 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
18:43:35.0177 15632 UmPass - ok
18:43:35.0255 15632 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
18:43:35.0318 15632 USBAAPL - ok
18:43:35.0411 15632 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
18:43:35.0474 15632 usbccgp - ok
18:43:35.0583 15632 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
18:43:35.0630 15632 usbcir - ok
18:43:35.0708 15632 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
18:43:35.0754 15632 usbehci - ok
18:43:35.0848 15632 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
18:43:35.0942 15632 usbhub - ok
18:43:35.0973 15632 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
18:43:36.0004 15632 usbohci - ok
18:43:36.0082 15632 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
18:43:36.0144 15632 usbprint - ok
18:43:36.0222 15632 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
18:43:36.0269 15632 usbscan - ok
18:43:36.0378 15632 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:43:36.0425 15632 USBSTOR - ok
18:43:36.0519 15632 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
18:43:36.0581 15632 usbuhci - ok
18:43:36.0659 15632 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
18:43:36.0706 15632 usbvideo - ok
18:43:36.0846 15632 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
18:43:36.0893 15632 vdrvroot - ok
18:43:36.0940 15632 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
18:43:36.0971 15632 vga - ok
18:43:36.0987 15632 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
18:43:37.0065 15632 VgaSave - ok
18:43:37.0127 15632 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
18:43:37.0158 15632 vhdmp - ok
18:43:37.0221 15632 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
18:43:37.0268 15632 viaagp - ok
18:43:37.0299 15632 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
18:43:37.0346 15632 ViaC7 - ok
18:43:37.0392 15632 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
18:43:37.0439 15632 viaide - ok
18:43:37.0455 15632 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
18:43:37.0533 15632 volmgr - ok
18:43:37.0595 15632 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
18:43:37.0642 15632 volmgrx - ok
18:43:37.0736 15632 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
18:43:37.0751 15632 volsnap - ok
18:43:37.0814 15632 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
18:43:37.0876 15632 vsmraid - ok
18:43:37.0892 15632 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
18:43:37.0938 15632 vwifibus - ok
18:43:38.0016 15632 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
18:43:38.0110 15632 vwififlt - ok
18:43:38.0188 15632 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
18:43:38.0250 15632 WacomPen - ok
18:43:38.0313 15632 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:43:38.0360 15632 WANARP - ok
18:43:38.0360 15632 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:43:38.0375 15632 Wanarpv6 - ok
18:43:38.0453 15632 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
18:43:38.0484 15632 Wd - ok
18:43:38.0516 15632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
18:43:38.0578 15632 Wdf01000 - ok
18:43:38.0625 15632 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
18:43:38.0672 15632 WfpLwf - ok
18:43:38.0687 15632 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
18:43:38.0718 15632 WIMMount - ok
18:43:38.0828 15632 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
18:43:38.0859 15632 WINUSB - ok
18:43:38.0906 15632 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
18:43:38.0968 15632 WmiAcpi - ok
18:43:39.0046 15632 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
18:43:39.0108 15632 ws2ifsl - ok
18:43:39.0171 15632 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
18:43:39.0233 15632 WudfPf - ok
18:43:39.0342 15632 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
18:43:39.0405 15632 WUDFRd - ok
18:43:39.0514 15632 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
18:43:39.0592 15632 yukonw7 - ok
18:43:39.0639 15632 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
18:43:40.0013 15632 \Device\Harddisk0\DR0 - ok
18:43:40.0029 15632 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:43:40.0216 15632 \Device\Harddisk1\DR1 - ok
18:43:40.0216 15632 Boot (0x1200) (35ad429c41eabd3cb5aa0c137174f74e) \Device\Harddisk0\DR0\Partition0
18:43:40.0216 15632 \Device\Harddisk0\DR0\Partition0 - ok
18:43:40.0232 15632 Boot (0x1200) (8ef57f636c3472629962a8279554bffc) \Device\Harddisk0\DR0\Partition1
18:43:40.0232 15632 \Device\Harddisk0\DR0\Partition1 - ok
18:43:40.0263 15632 Boot (0x1200) (18763aeac0ee39fec1defec9b7171ab2) \Device\Harddisk0\DR0\Partition2
18:43:40.0278 15632 \Device\Harddisk0\DR0\Partition2 - ok
18:43:40.0278 15632 Boot (0x1200) (c17c16547be32acadda8a1f42eeb1198) \Device\Harddisk1\DR1\Partition0
18:43:40.0278 15632 \Device\Harddisk1\DR1\Partition0 - ok
18:43:40.0278 15632 ============================================================
18:43:40.0278 15632 Scan finished
18:43:40.0278 15632 ============================================================
18:43:40.0294 15624 Detected object count: 0
18:43:40.0294 15624 Actual detected object count: 0
 
hi shelf life,


I have installed wiresharck and as soon as I started monitoring the network card

I have seen a lot of UDP packets:

192.168.0.10 Source port: 50808 226.178.217.5 Destination port: 21328

with this text as data:

Someone else out there?computer=ADMIN-PC

did a ip lookup and there is nothing for 226.178.217.5


IP: 226.178.217.5
Decimal: 3803371781
Hostname: 226.178.217.5
ISP:
Organization:
Services: None detected
Type:


no info listed, looks very suspicious as well.


bye
philippe
 
hi shelf life,

I found an interesting TCP stream on the W7 box:

and a quick internet search on counter.yadro.ru lead me to
http://about-threats.trendmicro.com/Malware.aspx?language=us&name=TROJ_SIREFEF.DD

that suggest that there is indeed something on the W7 box as well...
and as it's not detected by Nod32 and Malwarebyte this suggest that there may be some rootkit hiding it...

do you agree on this deduction ?

I will try to download the trend micro trial and scan to see if it founds anything !



bye
philippe


GET /hit;icq-com?r;s1600*900*24;uhttp%3A//start.icq.com/;0.5152606634050969 HTTP/1.1

Host: counter.yadro.ru

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20100101 Firefox/8.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Connection: keep-alive

Referer: http://start.icq.com/

Cookie: VID=0sbHfc3KyH0x



HTTP/1.1 200 OK

Date: Sat, 10 Dec 2011 14:28:29 GMT

Server: 0W/0.8c

Connection: Close

Content-Type: image/gif

Content-Length: 43

Expires: Thu, 09 Dec 2010 20:00:00 GMT

Pragma: no-cache

Cache-control: no-cache



GIF89a.............!.......,...........D..;
 
In fact there was some TCP anomalies that catch my attention in TCP stream:


5207 1543.318621 88.212.196.77 192.168.0.10 HTTP 317 [TCP Out-Of-Order] HTTP/1.1 200 OK (GIF89a)

5205 1543.318424 88.212.196.77 192.168.0.10 TCP 64 [TCP Previous segment lost] http > 51109 [FIN, ACK] Seq=264 Ack=449 Win=8752 Len=0

5206 1543.318499 192.168.0.10 88.212.196.77 TCP 54 [TCP Dup ACK 5203#1] 51109 > http [ACK] Seq=449 Ack=1 Win=17520 Len=0
 
Also In Nod32 firewall logs I did notice this:

it's quite old but may have some meaning...


25/10/2011 20:54:02 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52835 UDP
25/10/2011 20:50:05 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:59120 UDP
25/10/2011 20:48:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:52685 UDP
25/10/2011 20:47:00 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:53862 UDP
25/10/2011 20:46:02 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:62918 UDP
25/10/2011 20:45:43 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:55808 UDP
25/10/2011 20:43:56 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:62066 UDP
25/10/2011 20:41:57 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:51008 UDP
25/10/2011 20:39:49 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:55556 UDP
25/10/2011 20:38:24 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55628 UDP
25/10/2011 20:38:13 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:62134 UDP
25/10/2011 20:37:16 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54830 UDP
25/10/2011 20:36:45 Attaque par empoisonnement de cache DNS détectée 80.10.246.129:53 192.168.10.78:56861 UDP
25/10/2011 20:35:38 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:65005 UDP
25/10/2011 20:35:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54643 UDP
25/10/2011 20:34:25 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59671 UDP
25/10/2011 20:32:05 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:58150 UDP
25/10/2011 20:08:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:49450 UDP
25/10/2011 20:07:48 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63506 UDP
25/10/2011 20:02:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52915 UDP
25/10/2011 20:02:16 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:50123 UDP
25/10/2011 20:02:16 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59800 UDP
25/10/2011 19:59:04 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:58612 UDP
25/10/2011 19:59:04 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63256 UDP
25/10/2011 19:59:01 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:61158 UDP
25/10/2011 19:53:25 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:65446 UDP
25/10/2011 19:52:21 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54771 UDP
25/10/2011 19:50:03 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55904 UDP
25/10/2011 19:49:33 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:53274 UDP
25/10/2011 19:49:26 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:51497 UDP
25/10/2011 19:47:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:58861 UDP
25/10/2011 19:47:20 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63831 UDP
25/10/2011 19:47:13 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59952 UDP
25/10/2011 19:47:10 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:54198 UDP
25/10/2011 19:46:31 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:62620 UDP
25/10/2011 19:46:29 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52315 UDP
25/10/2011 19:45:56 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55329 UDP
25/10/2011 19:45:52 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:59383 UDP
25/10/2011 19:45:49 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:65071 UDP
25/10/2011 19:45:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60465 UDP
25/10/2011 19:45:13 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63475 UDP
25/10/2011 19:45:09 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:51953 UDP
25/10/2011 19:45:08 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:61423 UDP
25/10/2011 19:45:07 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55122 UDP
25/10/2011 19:45:02 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52435 UDP
25/10/2011 19:44:58 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60826 UDP
25/10/2011 19:44:41 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60840 UDP
25/10/2011 19:44:37 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:52350 UDP
25/10/2011 19:44:30 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:61943 UDP
25/10/2011 19:42:44 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:63464 UDP
25/10/2011 19:42:38 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:55821 UDP
25/10/2011 19:41:44 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:60017 UDP
25/10/2011 19:41:37 Attaque par empoisonnement de cache DNS détectée 80.10.246.2:53 192.168.10.78:56390 UDP
 
hi,

Sorry for the delay. this is starting to get confusing jumping from XP to W7. Lets stay with one machine at a time. As far as I know MBAM blocks ranges of ip's based on a list.
Unless you really are familiar with wireshark then I wouldn't depend on it to determine the presence of malware on your machine. In fact netstat could be just as useful and quicker.
Did you run combofix on the W7 box?
 
here is the combofix log for the W7 box:

ComboFix 11-12-10.01 - admin 11/12/2011 17:42:21.1.2 - x86
Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3037.1876 [GMT 1:00]
Lancé depuis: c:\users\admin\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-11-11 au 2011-12-11 ))))))))))))))))))))))))))))))))))))
.
.
2011-12-11 15:35 . 2011-12-11 15:35 -------- d-----w- c:\program files\ESET
2011-12-11 15:28 . 2011-12-11 15:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BF76D04-EEED-4CAA-A11E-563C432BDC39}\offreg.dll
2011-12-11 15:17 . 2011-12-10 23:09 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-11 15:17 . 2011-12-10 23:09 203600 ----a-w- c:\windows\TmNSCIns.dll
2011-12-10 23:42 . 2011-12-10 23:42 -------- d-----w- C:\temp
2011-12-10 23:21 . 2011-12-11 15:14 -------- d-----w- c:\programdata\Trend Micro
2011-12-10 11:20 . 2011-12-10 11:20 -------- d-----w- c:\users\admin\AppData\Roaming\Wireshark
2011-12-10 08:40 . 2011-12-10 08:40 -------- d-----w- c:\program files\WinPcap
2011-12-10 08:38 . 2011-12-10 08:40 -------- d-----w- c:\program files\Wireshark
2011-12-09 19:19 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BF76D04-EEED-4CAA-A11E-563C432BDC39}\mpengine.dll
2011-11-26 16:55 . 2011-12-11 15:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-26 16:55 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-26 16:55 . 2011-11-26 20:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-26 16:51 . 2011-11-26 16:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-26 16:51 . 2011-10-03 04:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-25 21:14 . 2011-11-25 21:14 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2011-11-25 21:14 . 2011-11-25 21:14 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 20:12 . 2011-11-25 20:12 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 15:01 . 2011-05-22 06:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-05-11 21:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 20:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 20:04 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 20:43 . 2011-05-07 05:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2009-11-18 4745216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - EAMONM
*NewlyCreated* - EPFWLWF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
.
2011-12-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-26 14:46]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 14:43]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 14:43]
.
2011-12-01 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-26 14:46]
.
2011-12-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-26 14:46]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://start.icq.com/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\08dxgdyg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-12-11 17:54:19
ComboFix-quarantined-files.txt 2011-12-11 16:54
.
Avant-CF: 204*131*610*624 octets libres
Après-CF: 206*505*635*840 octets libres
.
- - End Of File - - 51FA2F51D2B79B559F9CDEB185132E04
 
hi,

thanks for the info. Log looks ok. I think you already ran aswmbr, tdsskiller and MBRcheck on the W7 machine? If not, run them now and paste the log in.
 
hi shelf life

I did all this scans, but I can re-scan tonight.

also do you know a web tutorial that explains how to track malware using netsat or wiresharck ?

also still looking with wiresharck I found this TCP stream that suggest that I am visiting some Host: ad.mail.ru

my box has a lot of contact with russia this days, when I am not doing any surfing....

GET /adj/189?a=0&g=1&di=30009&lsp=0&rnd=249930086 HTTP/1.1

Accept: */*

Accept-Language: fr-FR

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0)

Host: ad.mail.ru

Connection: Keep-Alive

Cookie: p=iBwZADTP+AAA; b=rTsCAABjigIAAQBKgMYA



HTTP/1.1 200 OK

Server: nginx/1.1.7

Date: Mon, 12 Dec 2011 06:38:28 GMT

Content-Type: application/x-javascript; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Cache-Control: private, no-cache, no-store

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSAo PSDo OUR BUS UNI NAV STA INT"



aca

document.write("\r\n<div id=\"rb_flash_div_500346\" class=\"rb_div\"></div>\n<script type=\"text/javascript\">\n(function() {\n var rb_link1 = \"http://r.mail.ru/n74195990?sz=1\";\n\n var rb_swf = \"http://rs.mail.ru/b14070641.swf\";\n var rb_fver = \"8\";\n var rb_width = \"234\";\n var rb_height = \"60\";\n var rb_allowscriptaccess = 0;\n var rb_wmode = \"window\";\n var rb_flash = 0;\n\n var rb_innerhtml = (typeof(window[\'rb_innerhtml\']) != \'undefined\' \&\& window[\'rb_innerhtml\']);\n if (navigator.mimeTypes \&\& navigator.mimeTypes[\"application/x-shockwave-flash\"] ) {\n var plugin = navigator.mimeTypes[\"application/x-shockwave-flash\"].enabledPlugin;\n if (plugin \&\& parseInt(plugin.description.match(/\\d+/)[0]) >= rb_fver)\n rb_flash = 1;\n } else if (typeof window.ActiveXObject != \"undefined\") {\n try {\n var object = new ActiveXObject(\"ShockwaveFlash.ShockwaveFlash\");\n if (object \&\& object.GetVariable(\"$version\") \&\& parseInt(object.GetVariable(\"$version\").match(/\\d+/)[0]) >= rb_fver)\n rb_flash = 1;\n } catch (e) {}\n }\n if (rb_flash) {\n var rb_rnd = Math.round(Math.random() * 1000000000);\n var rb_vars_arr = Array();\n rb_vars_arr.push(\'link1=\'+escape(rb_link1).replace(/\\+/g,\'%2B\'));\n var rb_vars = rb_vars_arr.join(\'\&\');\n var rb_html = \'<div class=\"rb_banner\"><object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=\'+rb_fver+\',0,0,0\" id=\"getmov\'+rb_rnd+\'\" width=\"\'+rb_width+\'\" height=\"\'+rb_height+\'\">\'+(rb_allowscriptaccess?\'<param name=\"allowscriptaccess\" value=\"always\" />\':\'\')+\'<param name=\"movie\" value=\"\'+rb_swf+\'\" /><param name=\"quality\" value=\"high\" /><param name=\"wmode\" value=\"\'+rb_wmode+\'\" /><param name=\"FlashVars\" value=\"\'+rb_vars+\'\" /><embed name=\"embed_getmov\'+rb_rnd+\'\" flashvars=\"\'+rb_vars+\'\" \'+(rb_allowscriptaccess?\'allowscriptaccess=\"always\" \':\'\')+\'src=\"\'+rb_swf+\'\" quality=\"high\" wmode=\"\'+rb_wmode+\'\" width=\"\'+rb_width+\'\" height=\"\'+rb_height+\'\" type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/shockwave/download/index.cgiP1_Prod_Version=ShockwaveFlash\" /></object></div>\';\n if (rb_innerhtml) {\n var rb_flash_div = document.getElementById(\"rb_flash_div_500346\");\n rb_flash_div.innerHTML = rb_html;\n }\n else document.write(rb_html);\n }\n else {\n var rb_img_html = \'\';\n if (rb_innerhtml) {\n var rb_flash_div = document.getElementById(\"rb_flash_div_500346\");\n rb_flash_div.innerHTML = rb_img_html;\n }\n else document.write(rb_img_html);\n };\n})();\n</script>\n\n

3

");

0
 
here are the latest run for the W7 box:

17:58:18.0942 27412 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
17:58:19.0085 27412 ============================================================
17:58:19.0085 27412 Current date / time: 2011/12/12 17:58:19.0085
17:58:19.0085 27412 SystemInfo:
17:58:19.0085 27412
17:58:19.0085 27412 OS Version: 6.1.7601 ServicePack: 1.0
17:58:19.0085 27412 Product type: Workstation
17:58:19.0085 27412 ComputerName: ADMIN-PC
17:58:19.0086 27412 UserName: admin
17:58:19.0086 27412 Windows directory: C:\windows
17:58:19.0086 27412 System windows directory: C:\windows
17:58:19.0086 27412 Processor architecture: Intel x86
17:58:19.0086 27412 Number of processors: 2
17:58:19.0086 27412 Page size: 0x1000
17:58:19.0086 27412 Boot type: Normal boot
17:58:19.0086 27412 ============================================================
17:58:19.0868 27412 Initialize success
17:58:21.0177 27680 ============================================================
17:58:21.0177 27680 Scan started
17:58:21.0177 27680 Mode: Manual;
17:58:21.0177 27680 ============================================================
17:58:22.0897 27680 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
17:58:22.0902 27680 1394ohci - ok
17:58:22.0978 27680 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
17:58:22.0983 27680 ACPI - ok
17:58:23.0121 27680 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
17:58:23.0123 27680 AcpiPmi - ok
17:58:23.0187 27680 AdfuUd (9ed5d777a31ee654b0899cd1d2e778ba) C:\windows\system32\Drivers\AdfuUd.sys
17:58:23.0188 27680 AdfuUd - ok
17:58:23.0352 27680 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
17:58:23.0361 27680 adp94xx - ok
17:58:23.0510 27680 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
17:58:23.0517 27680 adpahci - ok
17:58:23.0632 27680 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
17:58:23.0636 27680 adpu320 - ok
17:58:23.0748 27680 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
17:58:23.0760 27680 AFD - ok
17:58:23.0922 27680 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
17:58:23.0957 27680 AgereSoftModem - ok
17:58:24.0012 27680 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
17:58:24.0015 27680 agp440 - ok
17:58:24.0065 27680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
17:58:24.0067 27680 aic78xx - ok
17:58:24.0243 27680 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
17:58:24.0247 27680 aliide - ok
17:58:24.0319 27680 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
17:58:24.0324 27680 amdagp - ok
17:58:24.0497 27680 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
17:58:24.0498 27680 amdide - ok
17:58:24.0543 27680 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
17:58:24.0547 27680 AmdK8 - ok
17:58:24.0565 27680 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
17:58:24.0568 27680 AmdPPM - ok
17:58:24.0624 27680 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
17:58:24.0627 27680 amdsata - ok
17:58:24.0655 27680 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
17:58:24.0660 27680 amdsbs - ok
17:58:24.0708 27680 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
17:58:24.0709 27680 amdxata - ok
17:58:24.0770 27680 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
17:58:24.0773 27680 AppID - ok
17:58:24.0953 27680 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
17:58:24.0957 27680 arc - ok
17:58:24.0974 27680 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
17:58:24.0978 27680 arcsas - ok
17:58:25.0017 27680 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
17:58:25.0019 27680 AsyncMac - ok
17:58:25.0137 27680 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
17:58:25.0138 27680 atapi - ok
17:58:25.0225 27680 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
17:58:25.0260 27680 athr - ok
17:58:25.0544 27680 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
17:58:25.0658 27680 atikmdag - ok
17:58:25.0823 27680 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
17:58:25.0831 27680 b06bdrv - ok
17:58:25.0868 27680 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
17:58:25.0874 27680 b57nd60x - ok
17:58:26.0004 27680 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
17:58:26.0007 27680 Beep - ok
17:58:26.0045 27680 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
17:58:26.0047 27680 blbdrive - ok
17:58:26.0117 27680 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
17:58:26.0118 27680 bowser - ok
17:58:26.0173 27680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:58:26.0175 27680 BrFiltLo - ok
17:58:26.0192 27680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:58:26.0195 27680 BrFiltUp - ok
17:58:26.0222 27680 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
17:58:26.0228 27680 Brserid - ok
17:58:26.0248 27680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
17:58:26.0251 27680 BrSerWdm - ok
17:58:26.0271 27680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
17:58:26.0274 27680 BrUsbMdm - ok
17:58:26.0289 27680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
17:58:26.0292 27680 BrUsbSer - ok
17:58:26.0377 27680 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
17:58:26.0379 27680 BthEnum - ok
17:58:26.0444 27680 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
17:58:26.0446 27680 BTHMODEM - ok
17:58:26.0525 27680 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
17:58:26.0529 27680 BthPan - ok
17:58:26.0621 27680 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
17:58:26.0630 27680 BTHPORT - ok
17:58:26.0747 27680 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
17:58:26.0751 27680 BTHUSB - ok
17:58:26.0848 27680 catchme - ok
17:58:26.0963 27680 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
17:58:26.0964 27680 cdfs - ok
17:58:27.0121 27680 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
17:58:27.0124 27680 cdrom - ok
17:58:27.0270 27680 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
17:58:27.0272 27680 circlass - ok
17:58:27.0303 27680 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
17:58:27.0308 27680 CLFS - ok
17:58:27.0383 27680 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
17:58:27.0386 27680 CmBatt - ok
17:58:27.0449 27680 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
17:58:27.0451 27680 cmdide - ok
17:58:27.0478 27680 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
17:58:27.0484 27680 CNG - ok
17:58:27.0503 27680 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
17:58:27.0504 27680 Compbatt - ok
17:58:27.0773 27680 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
17:58:27.0778 27680 CompositeBus - ok
17:58:27.0908 27680 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
17:58:27.0910 27680 crcdisk - ok
17:58:27.0986 27680 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
17:58:27.0988 27680 DfsC - ok
17:58:28.0148 27680 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
17:58:28.0150 27680 discache - ok
17:58:28.0209 27680 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
17:58:28.0212 27680 Disk - ok
17:58:28.0252 27680 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
17:58:28.0254 27680 drmkaud - ok
17:58:28.0330 27680 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
17:58:28.0353 27680 DXGKrnl - ok
17:58:28.0501 27680 eamonm (04238864710460c5682e260207d06192) C:\windows\system32\DRIVERS\eamonm.sys
17:58:28.0506 27680 eamonm - ok
17:58:28.0718 27680 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
17:58:28.0821 27680 ebdrv - ok
17:58:29.0060 27680 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\windows\system32\DRIVERS\ehdrv.sys
17:58:29.0067 27680 ehdrv - ok
17:58:29.0275 27680 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
17:58:29.0285 27680 elxstor - ok
17:58:29.0436 27680 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\windows\system32\DRIVERS\epfw.sys
17:58:29.0440 27680 epfw - ok
17:58:29.0626 27680 EpfwLWF (9cefd59c8e5ebfb48165aef54617f539) C:\windows\system32\DRIVERS\EpfwLWF.sys
17:58:29.0629 27680 EpfwLWF - ok
17:58:29.0791 27680 epfwwfp (7144a06ac105a2a7302944602e415ec1) C:\windows\system32\DRIVERS\epfwwfp.sys
17:58:29.0792 27680 epfwwfp - ok
17:58:29.0834 27680 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
17:58:29.0836 27680 ErrDev - ok
17:58:29.0972 27680 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
17:58:29.0976 27680 exfat - ok
17:58:30.0002 27680 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
17:58:30.0007 27680 fastfat - ok
17:58:30.0126 27680 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
17:58:30.0129 27680 fdc - ok
17:58:30.0176 27680 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
17:58:30.0178 27680 FileInfo - ok
17:58:30.0195 27680 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
17:58:30.0198 27680 Filetrace - ok
17:58:30.0216 27680 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
17:58:30.0219 27680 flpydisk - ok
17:58:30.0249 27680 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
17:58:30.0253 27680 FltMgr - ok
17:58:30.0295 27680 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
17:58:30.0298 27680 FsDepends - ok
17:58:30.0362 27680 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
17:58:30.0365 27680 fssfltr - ok
17:58:30.0469 27680 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
17:58:30.0472 27680 Fs_Rec - ok
17:58:30.0546 27680 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
17:58:30.0551 27680 fvevol - ok
17:58:30.0690 27680 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
17:58:30.0693 27680 gagp30kx - ok
17:58:30.0754 27680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:58:30.0756 27680 GEARAspiWDM - ok
17:58:30.0925 27680 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
17:58:30.0928 27680 hcw85cir - ok
17:58:30.0987 27680 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
17:58:30.0993 27680 HdAudAddService - ok
17:58:31.0062 27680 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
17:58:31.0066 27680 HDAudBus - ok
17:58:31.0106 27680 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
17:58:31.0108 27680 HidBatt - ok
17:58:31.0137 27680 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
17:58:31.0139 27680 HidBth - ok
17:58:31.0164 27680 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
17:58:31.0167 27680 HidIr - ok
17:58:31.0239 27680 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
17:58:31.0241 27680 HidUsb - ok
17:58:31.0350 27680 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
17:58:31.0355 27680 HpSAMD - ok
17:58:31.0429 27680 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
17:58:31.0438 27680 HTTP - ok
17:58:31.0483 27680 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
17:58:31.0484 27680 hwpolicy - ok
17:58:31.0564 27680 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
17:58:31.0567 27680 i8042prt - ok
17:58:31.0614 27680 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
17:58:31.0616 27680 iaStor - ok
17:58:31.0709 27680 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
17:58:31.0715 27680 iaStorV - ok
17:58:31.0959 27680 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
17:58:32.0082 27680 igfx - ok
17:58:32.0221 27680 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
17:58:32.0224 27680 iirsp - ok
17:58:32.0368 27680 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
17:58:32.0465 27680 IntcAzAudAddService - ok
17:58:32.0616 27680 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
17:58:32.0617 27680 intelide - ok
17:58:32.0657 27680 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
17:58:32.0658 27680 intelppm - ok
17:58:32.0769 27680 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:58:32.0772 27680 IpFilterDriver - ok
17:58:32.0837 27680 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
17:58:32.0841 27680 IPMIDRV - ok
17:58:32.0894 27680 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
17:58:32.0897 27680 IPNAT - ok
17:58:33.0052 27680 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
17:58:33.0054 27680 IRENUM - ok
17:58:33.0103 27680 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
17:58:33.0106 27680 isapnp - ok
17:58:33.0131 27680 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
17:58:33.0137 27680 iScsiPrt - ok
17:58:33.0299 27680 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
17:58:33.0304 27680 kbdclass - ok
17:58:33.0363 27680 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
17:58:33.0368 27680 kbdhid - ok
17:58:33.0439 27680 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
17:58:33.0442 27680 KSecDD - ok
17:58:33.0477 27680 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
17:58:33.0481 27680 KSecPkg - ok
17:58:33.0550 27680 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
17:58:33.0552 27680 lltdio - ok
17:58:33.0622 27680 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
17:58:33.0625 27680 LSI_FC - ok
17:58:33.0681 27680 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
17:58:33.0683 27680 LSI_SAS - ok
17:58:33.0701 27680 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:58:33.0703 27680 LSI_SAS2 - ok
17:58:33.0733 27680 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:58:33.0736 27680 LSI_SCSI - ok
17:58:33.0769 27680 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
17:58:33.0773 27680 luafv - ok
17:58:33.0931 27680 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
17:58:33.0934 27680 megasas - ok
17:58:33.0966 27680 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
17:58:33.0971 27680 MegaSR - ok
17:58:33.0992 27680 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
17:58:33.0993 27680 Modem - ok
17:58:34.0031 27680 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
17:58:34.0032 27680 monitor - ok
17:58:34.0172 27680 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
17:58:34.0175 27680 mouclass - ok
17:58:34.0224 27680 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
17:58:34.0226 27680 mouhid - ok
17:58:34.0359 27680 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
17:58:34.0364 27680 mountmgr - ok
17:58:34.0425 27680 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
17:58:34.0429 27680 mpio - ok
17:58:34.0458 27680 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
17:58:34.0461 27680 mpsdrv - ok
17:58:34.0514 27680 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
17:58:34.0518 27680 MRxDAV - ok
17:58:34.0570 27680 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
17:58:34.0575 27680 mrxsmb - ok
17:58:34.0634 27680 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:58:34.0638 27680 mrxsmb10 - ok
17:58:34.0686 27680 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:58:34.0689 27680 mrxsmb20 - ok
17:58:34.0732 27680 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
17:58:34.0734 27680 msahci - ok
17:58:34.0757 27680 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
17:58:34.0761 27680 msdsm - ok
17:58:34.0888 27680 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
17:58:34.0889 27680 Msfs - ok
17:58:34.0908 27680 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
17:58:34.0911 27680 mshidkmdf - ok
17:58:34.0964 27680 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
17:58:34.0965 27680 msisadrv - ok
17:58:35.0084 27680 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
17:58:35.0087 27680 MSKSSRV - ok
17:58:35.0103 27680 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
17:58:35.0105 27680 MSPCLOCK - ok
17:58:35.0128 27680 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
17:58:35.0129 27680 MSPQM - ok
17:58:35.0153 27680 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
17:58:35.0157 27680 MsRPC - ok
17:58:35.0286 27680 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
17:58:35.0287 27680 mssmbios - ok
17:58:35.0343 27680 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
17:58:35.0346 27680 MSTEE - ok
17:58:35.0386 27680 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
17:58:35.0389 27680 MTConfig - ok
17:58:35.0424 27680 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
17:58:35.0426 27680 Mup - ok
17:58:35.0554 27680 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
17:58:35.0560 27680 NativeWifiP - ok
17:58:35.0634 27680 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
17:58:35.0659 27680 NDIS - ok
17:58:35.0775 27680 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
17:58:35.0778 27680 NdisCap - ok
17:58:35.0803 27680 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
17:58:35.0806 27680 NdisTapi - ok
17:58:35.0952 27680 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
17:58:35.0962 27680 Ndisuio - ok
17:58:36.0015 27680 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
17:58:36.0018 27680 NdisWan - ok
17:58:36.0065 27680 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
17:58:36.0069 27680 NDProxy - ok
17:58:36.0111 27680 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
17:58:36.0113 27680 NetBIOS - ok
17:58:36.0260 27680 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
17:58:36.0264 27680 NetBT - ok
17:58:36.0395 27680 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
17:58:36.0398 27680 nfrd960 - ok
17:58:36.0575 27680 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\windows\system32\drivers\npf.sys
17:58:36.0578 27680 NPF - ok
17:58:36.0622 27680 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
17:58:36.0624 27680 Npfs - ok
17:58:36.0646 27680 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
17:58:36.0648 27680 nsiproxy - ok
17:58:36.0755 27680 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
17:58:36.0789 27680 Ntfs - ok
17:58:37.0020 27680 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
17:58:37.0021 27680 Null - ok
17:58:37.0210 27680 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
17:58:37.0216 27680 nvraid - ok
17:58:37.0357 27680 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
17:58:37.0362 27680 nvstor - ok
17:58:37.0418 27680 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
17:58:37.0421 27680 nv_agp - ok
17:58:37.0579 27680 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
17:58:37.0584 27680 ohci1394 - ok
17:58:37.0630 27680 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
17:58:37.0632 27680 Parport - ok
17:58:37.0676 27680 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
17:58:37.0678 27680 partmgr - ok
17:58:37.0694 27680 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
17:58:37.0696 27680 Parvdm - ok
17:58:37.0757 27680 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
17:58:37.0760 27680 pci - ok
17:58:37.0804 27680 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
17:58:37.0806 27680 pciide - ok
17:58:37.0838 27680 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
17:58:37.0843 27680 pcmcia - ok
17:58:37.0864 27680 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
17:58:37.0866 27680 pcw - ok
17:58:37.0900 27680 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
17:58:37.0909 27680 PEAUTH - ok
17:58:38.0065 27680 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
17:58:38.0069 27680 PptpMiniport - ok
17:58:38.0094 27680 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
17:58:38.0097 27680 Processor - ok
17:58:38.0165 27680 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
17:58:38.0168 27680 Psched - ok
17:58:38.0206 27680 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
17:58:38.0240 27680 ql2300 - ok
17:58:38.0265 27680 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
17:58:38.0269 27680 ql40xx - ok
17:58:38.0295 27680 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
17:58:38.0297 27680 QWAVEdrv - ok
17:58:38.0332 27680 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
17:58:38.0334 27680 RasAcd - ok
17:58:38.0468 27680 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
17:58:38.0471 27680 RasAgileVpn - ok
17:58:38.0619 27680 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
17:58:38.0622 27680 Rasl2tp - ok
17:58:38.0750 27680 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
17:58:38.0753 27680 RasPppoe - ok
17:58:38.0778 27680 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
17:58:38.0781 27680 RasSstp - ok
17:58:38.0842 27680 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
17:58:38.0847 27680 rdbss - ok
17:58:38.0883 27680 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
17:58:38.0886 27680 rdpbus - ok
17:58:38.0938 27680 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
17:58:38.0939 27680 RDPCDD - ok
17:58:38.0998 27680 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
17:58:39.0000 27680 RDPENCDD - ok
17:58:39.0019 27680 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
17:58:39.0021 27680 RDPREFMP - ok
17:58:39.0105 27680 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
17:58:39.0110 27680 RDPWD - ok
17:58:39.0256 27680 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
17:58:39.0261 27680 rdyboost - ok
17:58:39.0400 27680 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
17:58:39.0403 27680 RFCOMM - ok
17:58:39.0573 27680 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
17:58:39.0574 27680 rspndr - ok
17:58:39.0601 27680 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
17:58:39.0606 27680 RTL8167 - ok
17:58:39.0733 27680 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
17:58:39.0736 27680 SABI - ok
17:58:39.0793 27680 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
17:58:39.0797 27680 sbp2port - ok
17:58:39.0847 27680 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
17:58:39.0849 27680 scfilter - ok
17:58:40.0000 27680 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
17:58:40.0003 27680 SDHookDriver - ok
17:58:40.0140 27680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
17:58:40.0141 27680 secdrv - ok
17:58:40.0290 27680 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
17:58:40.0619 27680 Serenum - ok
17:58:40.0859 27680 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
17:58:40.0863 27680 Serial - ok
17:58:40.0915 27680 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
17:58:40.0923 27680 sermouse - ok
17:58:41.0007 27680 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
17:58:41.0010 27680 sffdisk - ok
17:58:41.0034 27680 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
17:58:41.0037 27680 sffp_mmc - ok
17:58:41.0055 27680 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
17:58:41.0058 27680 sffp_sd - ok
17:58:41.0086 27680 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
17:58:41.0089 27680 sfloppy - ok
17:58:41.0149 27680 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
17:58:41.0151 27680 sisagp - ok
17:58:41.0289 27680 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:58:41.0293 27680 SiSRaid2 - ok
17:58:41.0313 27680 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
17:58:41.0316 27680 SiSRaid4 - ok
17:58:41.0351 27680 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
17:58:41.0353 27680 Smb - ok
17:58:41.0394 27680 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
17:58:41.0395 27680 spldr - ok
17:58:41.0460 27680 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
17:58:41.0464 27680 srv - ok
17:58:41.0500 27680 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
17:58:41.0506 27680 srv2 - ok
17:58:41.0535 27680 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
17:58:41.0538 27680 srvnet - ok
17:58:41.0580 27680 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
17:58:41.0582 27680 stexstor - ok
17:58:41.0629 27680 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
17:58:41.0631 27680 swenum - ok
17:58:41.0775 27680 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
17:58:41.0780 27680 SynTP - ok
17:58:41.0892 27680 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
17:58:41.0927 27680 Tcpip - ok
17:58:42.0101 27680 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
17:58:42.0114 27680 TCPIP6 - ok
17:58:42.0263 27680 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
17:58:42.0266 27680 tcpipreg - ok
17:58:42.0326 27680 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
17:58:42.0329 27680 TDPIPE - ok
17:58:42.0378 27680 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
17:58:42.0379 27680 TDTCP - ok
17:58:42.0432 27680 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
17:58:42.0437 27680 tdx - ok
17:58:42.0497 27680 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
17:58:42.0499 27680 TermDD - ok
17:58:42.0696 27680 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
17:58:42.0701 27680 tssecsrv - ok
17:58:42.0768 27680 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
17:58:42.0772 27680 TsUsbFlt - ok
17:58:42.0843 27680 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
17:58:42.0847 27680 tunnel - ok
17:58:42.0874 27680 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
17:58:42.0877 27680 uagp35 - ok
17:58:42.0930 27680 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
17:58:42.0935 27680 udfs - ok
17:58:42.0987 27680 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
17:58:42.0991 27680 uliagpkx - ok
17:58:43.0061 27680 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
17:58:43.0066 27680 umbus - ok
17:58:43.0194 27680 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
17:58:43.0197 27680 UmPass - ok
17:58:43.0264 27680 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
17:58:43.0267 27680 USBAAPL - ok
17:58:43.0336 27680 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
17:58:43.0341 27680 usbccgp - ok
17:58:43.0447 27680 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
17:58:43.0450 27680 usbcir - ok
17:58:43.0589 27680 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
17:58:43.0592 27680 usbehci - ok
17:58:43.0660 27680 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
17:58:43.0665 27680 usbhub - ok
17:58:43.0777 27680 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
17:58:43.0779 27680 usbohci - ok
17:58:43.0808 27680 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
17:58:43.0811 27680 usbprint - ok
17:58:43.0895 27680 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
17:58:43.0898 27680 usbscan - ok
17:58:43.0962 27680 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:58:43.0968 27680 USBSTOR - ok
17:58:44.0031 27680 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
17:58:44.0033 27680 usbuhci - ok
17:58:44.0183 27680 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
17:58:44.0188 27680 usbvideo - ok
17:58:44.0253 27680 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
17:58:44.0256 27680 vdrvroot - ok
17:58:44.0300 27680 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
17:58:44.0303 27680 vga - ok
17:58:44.0321 27680 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
17:58:44.0324 27680 VgaSave - ok
17:58:44.0383 27680 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
17:58:44.0389 27680 vhdmp - ok
17:58:44.0532 27680 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
17:58:44.0536 27680 viaagp - ok
17:58:44.0571 27680 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
17:58:44.0575 27680 ViaC7 - ok
17:58:44.0643 27680 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
17:58:44.0646 27680 viaide - ok
17:58:44.0672 27680 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
17:58:44.0674 27680 volmgr - ok
17:58:44.0697 27680 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
17:58:44.0703 27680 volmgrx - ok
17:58:44.0754 27680 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
17:58:44.0760 27680 volsnap - ok
17:58:44.0806 27680 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
17:58:44.0811 27680 vsmraid - ok
17:58:44.0917 27680 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
17:58:44.0918 27680 vwifibus - ok
17:58:44.0942 27680 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
17:58:44.0945 27680 vwififlt - ok
17:58:44.0985 27680 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
17:58:44.0988 27680 WacomPen - ok
17:58:45.0056 27680 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
17:58:45.0060 27680 WANARP - ok
17:58:45.0065 27680 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
17:58:45.0067 27680 Wanarpv6 - ok
17:58:45.0155 27680 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
17:58:45.0156 27680 Wd - ok
17:58:45.0190 27680 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
17:58:45.0197 27680 Wdf01000 - ok
17:58:45.0354 27680 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
17:58:45.0356 27680 WfpLwf - ok
17:58:45.0372 27680 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
17:58:45.0375 27680 WIMMount - ok
17:58:45.0570 27680 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
17:58:45.0576 27680 WINUSB - ok
17:58:45.0647 27680 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
17:58:45.0650 27680 WmiAcpi - ok
17:58:45.0812 27680 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
17:58:45.0815 27680 ws2ifsl - ok
17:58:45.0912 27680 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
17:58:45.0915 27680 WudfPf - ok
17:58:45.0978 27680 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
17:58:45.0982 27680 WUDFRd - ok
17:58:46.0128 27680 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
17:58:46.0135 27680 yukonw7 - ok
17:58:46.0180 27680 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
17:58:46.0420 27680 \Device\Harddisk0\DR0 - ok
17:58:46.0426 27680 Boot (0x1200) (35ad429c41eabd3cb5aa0c137174f74e) \Device\Harddisk0\DR0\Partition0
17:58:46.0428 27680 \Device\Harddisk0\DR0\Partition0 - ok
17:58:46.0478 27680 Boot (0x1200) (8ef57f636c3472629962a8279554bffc) \Device\Harddisk0\DR0\Partition1
17:58:46.0480 27680 \Device\Harddisk0\DR0\Partition1 - ok
17:58:46.0511 27680 Boot (0x1200) (18763aeac0ee39fec1defec9b7171ab2) \Device\Harddisk0\DR0\Partition2
17:58:46.0515 27680 \Device\Harddisk0\DR0\Partition2 - ok
17:58:46.0515 27680 ============================================================
17:58:46.0515 27680 Scan finished
17:58:46.0515 27680 ============================================================
17:58:46.0531 27692 Detected object count: 0
17:58:46.0531 27692 Actual detected object count: 0
17:59:27.0807 27284 Deinitialize success
 
Back
Top