Java/Agent.DW removal help needed

hi shelf life,

I have identifided the process that is using so much disk IO, it's chrome.exe the navigator,
I am using process explorer and when I suspend the process IO activity at the led level on the box itself stop immediatly, when I resume it restart... ??

also there is no description / comapny name / signature ... it's all blank as if the navigator has been patched, but I am not sure.

here is the output of the process explorer.

bye
philippe
 
I assume thats the chrome browser you mean? Is it up to date? Does it appear to function normally when you use it as a browser?
 
hi shelf life,

Yes chrome browser

>Is it up to date? Does it appear to function normally when you use it as a >browser?

the system was so unstable, that I did a fresh re-intsall with my HP recovery DVDs. I booted from the utility that did a reformat of the drive and installed a fresh OS, I install SP3, and did all the windows update, installed NO32, and Malware Byte both in detection mode.

Then I installed FireFox, I took it from here:
http://www.01net.com/telecharger/windows/Internet/navigateur/fiches/25711.html

that seems to be place where I should not get any infections from... but...

And As Soon As I did the install process I got a detection of Trojan.FakeAlert from Malware Byte:

here is the Log:

11:41:01 HP_Administrateur MESSAGE Protection started successfully
11:41:06 HP_Administrateur MESSAGE IP Protection started successfully
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert QUARANTINE
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:43 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:44 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:44 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert QUARANTINE
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:47 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:48 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:50 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:52 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:53 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:53 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:53 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:53 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:53 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:45:53 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:06 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert QUARANTINE
11:46:06 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:06 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:06 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:06 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:06 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\ShellLink.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\InstallOptions.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur DETECTION C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\nsb14.tmp\System.dll Trojan.FakeAlert DENY
11:46:07 HP_Administrateur ERROR Quarantine failed: UtilityReadFile failed with error code 3
12:02:42 HP_Administrateur MESSAGE Protection started successfully
12:02:47 HP_Administrateur MESSAGE IP Protection started successfully
 
hi,

I downloaded FF from that website and the .exe itself seems to be ok. Can you post a new DDS log since you reformatted and reinstalled Windows?
Did Firefox actually install after all those warnings from Malwarebytes?


DDS:
Please download DDS and save it to your desktop.

Double click dds.scr to run the tool. When done, DDS.txt will open.

Save both reports to your desktop.

Please Copy/paste both logs in your reply.
 
>I downloaded FF from that website and the .exe itself seems to be ok. Can >you post a new DDS log since you reformatted and reinstalled Windows?

>Did Firefox actually install after all those warnings from Malwarebytes?

Yes It did install.

Also I tried to download a HHD low level format tool and as soon as I tried to save the installer on my desktop I got warnings from Nod32 about 2 different type of malware, I tried with IE and again got warnings from Nod32 about a different one...

it's just like if my browsers on this fresh system where trying to download/inject different types of malware...

>Please Copy/paste both logs in your reply.
I will do now,

bye
philippe
 
here is the Nod32 logs:

04/12/2011 13:33:59 Filtre HTTP fichier http://software-files-l.cnet.com/s/...sDlm=1&fileName=cnet_HDDLLFsetup_4_12_exe.exe une variante de Win32/InstallCore.D application potentiellement indésirable connexion arrêtée - mis en quarantaine NOM-FB9B15D2723\HP_Administrateur Une menace a été détectée lors de l'accès au Web par l'application : C:\Program Files\Internet Explorer\iexplore.exe.
04/12/2011 13:32:45 Filtre HTTP fichier http://software-files-l.cnet.com/s/...sDlm=1&fileName=cnet_HDDLLFsetup_4_12_exe.exe une variante de Win32/InstallCore.D application potentiellement indésirable connexion arrêtée - mis en quarantaine NOM-FB9B15D2723\HP_Administrateur Une menace a été détectée lors de l'accès au Web par l'application : C:\Program Files\Internet Explorer\iexplore.exe.
04/12/2011 13:28:04 Protection en temps réel du système de fichiers fichier C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\eKIhY0Gc.exe.part Win32/SoftonicDownloader application potentiellement indésirable nettoyé par suppression - mis en quarantaine NOM-FB9B15D2723\HP_Administrateur Un événement s'est produit sur un fichier modifié par l'application : C:\Program Files\Mozilla Firefox\firefox.exe.
04/12/2011 13:27:36 Filtre HTTP fichier http://universal-downloader.softoni...Downloader_pour_hdd-low-level-format-tool.exe Win32/SoftonicDownloader application potentiellement indésirable connexion arrêtée - mis en quarantaine NOM-FB9B15D2723\HP_Administrateur Une menace a été détectée lors de l'accès au Web par l'application : C:\Program Files\Mozilla Firefox\firefox.exe.
 
here are DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrateur at 16:19:02 on 2011-12-04
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.520 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\Téléchargements\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Pages liées - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrateur\application data\mozilla\firefox\profiles\2qcv5h9b.default\
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-4 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-4 22216]
.
=============== Created Last 30 ================
.
2011-12-04 10:46:22 -------- d-----w- c:\documents and settings\hp_administrateur\local settings\application data\Mozilla
2011-12-04 10:40:25 -------- d-----w- c:\documents and settings\hp_administrateur\application data\Malwarebytes
2011-12-04 10:40:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-04 10:40:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 10:40:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-04 08:29:46 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-12-04 08:29:36 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-12-04 08:29:36 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-04 08:29:36 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-12-04 08:29:36 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-12-04 08:29:36 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-12-04 08:29:36 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-12-04 08:29:36 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-12-04 08:29:36 117760 ------w- c:\windows\system32\prntvpt.dll
2011-12-04 08:24:58 -------- d-----w- c:\windows\system32\LogFiles
2011-12-04 07:57:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-04 07:57:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-03 22:53:26 -------- d-----r- C:\Program Files
2011-12-03 22:53:23 -------- d-----r- c:\documents and settings\all users\Menu Démarrer
2011-12-03 22:52:52 -------- d-----r- c:\documents and settings\all users\Documents
2011-12-03 22:51:18 -------- d-----r- c:\windows\Offline Web Pages
2011-12-03 22:47:59 -------- d-sh--r- c:\windows\system32\dllcache
2011-12-03 19:29:08 -------- d-----w- c:\windows\system32\XPSViewer
2011-12-03 19:25:23 -------- d-----w- c:\program files\Windows Media Connect 2
2011-12-03 19:22:21 -------- d-----w- c:\windows\NV35323560.TMP
2011-12-03 18:56:11 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2011-12-03 18:55:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2011-12-03 18:55:38 265728 ------w- c:\windows\system32\dllcache\http.sys
2011-12-03 18:30:23 -------- d-----w- c:\program files\MSXML 4.0
2011-12-03 18:27:34 -------- d-sh--w- c:\documents and settings\hp_administrateur\IECompatCache
2011-12-03 18:26:51 -------- d-sh--w- c:\documents and settings\hp_administrateur\PrivacIE
2011-12-03 18:24:49 -------- d-sh--w- c:\documents and settings\hp_administrateur\IETldCache
2011-12-03 18:06:51 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-12-03 18:05:54 -------- d-----w- c:\windows\ie8updates
2011-12-03 18:05:47 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-03 18:05:47 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-03 18:05:47 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-03 18:05:47 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-03 18:05:47 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-12-03 18:05:47 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-12-03 18:05:47 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-12-03 18:04:10 -------- dc-h--w- c:\windows\ie8
2011-12-03 17:53:50 239104 ------w- c:\windows\system32\dllcache\fxscover.exe
2011-12-03 17:53:18 8518656 ------w- c:\windows\system32\dllcache\shell32.dll
2011-12-03 17:52:51 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll
2011-12-03 17:52:46 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2011-12-03 17:52:46 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2011-12-03 17:52:45 85504 ------w- c:\windows\system32\dllcache\avifil32.dll
2011-12-03 17:52:40 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2011-12-03 17:52:21 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2011-12-03 17:52:21 150528 ------w- c:\windows\system32\dllcache\rastls.dll
2011-12-03 17:48:01 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2011-12-03 17:48:01 420864 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-12-03 17:48:01 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2011-12-03 17:48:01 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2011-12-03 17:48:01 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2011-12-03 17:48:00 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-12-03 17:48:00 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2011-12-03 17:47:18 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2011-12-03 17:47:10 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-12-03 17:47:09 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-12-03 17:46:59 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-12-03 17:46:58 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-12-03 17:46:58 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-12-03 17:46:19 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-03 17:46:08 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-12-03 17:45:59 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-03 17:45:48 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-12-03 17:45:41 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-12-03 17:45:25 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-12-03 17:43:49 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-12-03 17:43:23 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-12-03 17:43:00 293376 ------w- c:\windows\system32\browserchoice.exe
2011-12-03 17:42:35 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-12-03 17:42:17 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-12-03 17:41:12 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2011-12-03 17:40:53 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-12-03 17:40:02 221696 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-12-03 17:40:00 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-03 17:37:35 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-12-03 17:36:57 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-12-03 17:36:48 -------- d-sh--w- c:\documents and settings\hp_administrateur\UserData
2011-12-03 17:36:10 -------- d-----w- c:\windows\system32\PreInstall
2011-12-03 17:33:28 -------- d-----w- c:\documents and settings\hp_administrateur\local settings\application data\ESET
2011-12-03 17:33:28 -------- d-----w- c:\documents and settings\hp_administrateur\application data\ESET
2011-12-03 17:31:06 -------- d-----w- c:\program files\ESET
2011-12-03 17:27:51 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-12-03 16:40:29 -------- d-----w- c:\windows\ServicePackFiles
2011-12-03 16:37:24 19569 ----a-w- c:\windows\002842_.tmp
2011-12-03 16:18:20 -------- d-----w- c:\windows\system32\appmgmt
2011-12-03 16:07:13 -------- d-sh--w- C:\cmdcons
2011-12-03 16:07:11 -------- d-----w- c:\windows\setup.pss
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP951b.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP925c.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP90e5.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP90b6.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP90a7.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP9097.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP9088.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP9049.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP902a.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP901b.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP901a.tmp
2011-12-03 15:13:35 90112 ----a-w- c:\windows\DUMP8fcc.tmp
.
==================== Find3M ====================
.
2011-10-10 14:23:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:46 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:40 614400 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:40 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10:01 1859072 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:19:57,51 ===============


an the attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 03/12/2011 16:59:44
System Uptime: 04/12/2011 16:11:16 (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | LEUCITE3
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 259,309 GiB free.
D: is FIXED (NTFS) - 226 GiB total, 75,705 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 670,713 GiB free.
F: is FIXED (FAT32) - 7 GiB total, 1,161 GiB free.
G: is FIXED (FAT32) - 7 GiB total, 0,823 GiB free.
H: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 03/12/2011 17:18:01 - Supprimé J2SE Runtime Environment 5.0 Update 6
RP2: 03/12/2011 17:22:59 - Supprimé Adobe Reader 7.0.5 - Français
RP3: 03/12/2011 17:37:31 - Le Service Pack*3 pour Windows XP a été installé.
RP4: 03/12/2011 18:35:58 - Software Distribution Service 3.0
RP5: 03/12/2011 18:43:05 - Software Distribution Service 3.0
RP6: 03/12/2011 18:55:34 - Software Distribution Service 3.0
RP7: 03/12/2011 19:28:04 - Software Distribution Service 3.0
RP8: 03/12/2011 19:56:31 - Software Distribution Service 3.0
RP9: 03/12/2011 20:21:12 - Software Distribution Service 3.0
RP10: 04/12/2011 08:54:51 - Opération de restauration
RP11: 04/12/2011 09:22:50 - Software Distribution Service 3.0
RP12: 04/12/2011 10:01:00 - Software Distribution Service 3.0
RP13: 04/12/2011 11:11:50 - Software Distribution Service 3.0
RP14: 04/12/2011 11:29:56 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Amélioration de nos services
AutoUpdate
BufferChm
Connexion Facile à Internet
Correctif n°*2 pour Windows XP Édition Media Center 2005
Correctif pour Lecteur Windows Media 10 (KB910393)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2570791)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
DivX
Enhanced Multimedia Keyboard Solution
ESET Smart Security
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Le logiciel Intel® Viiv™
Lecteur Windows Media*11
LightScribe 1.4.105.1
Macromedia Flash Player 8
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Microsoft Windows (KB2564958)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2586448)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476490)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2491683)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2507938)
Mise à jour de sécurité pour Windows XP (KB2508272)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2535512)
Mise à jour de sécurité pour Windows XP (KB2536276-v2)
Mise à jour de sécurité pour Windows XP (KB2544893-v2)
Mise à jour de sécurité pour Windows XP (KB2562937)
Mise à jour de sécurité pour Windows XP (KB2566454)
Mise à jour de sécurité pour Windows XP (KB2567053)
Mise à jour de sécurité pour Windows XP (KB2567680)
Mise à jour de sécurité pour Windows XP (KB2570222)
Mise à jour de sécurité pour Windows XP (KB2570947)
Mise à jour de sécurité pour Windows XP (KB2592799)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour pour Windows Internet Explorer 8 (KB2598845)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2467659)
Mise à jour pour Windows XP (KB2492386)
Mise à jour pour Windows XP (KB2541763)
Mise à jour pour Windows XP (KB2641690)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Mozilla Firefox 8.0.1 (x86 fr)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NVIDIA Drivers
OptionalContentQFolder
Otto
PC-Doctor 5 pour Windows
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
RandMap
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Services Internet
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack*3
.
==== Event Viewer Messages From Past Week ========
.
03/12/2011 17:06:32, Informations: Windows File Protection [64001] - Tentative de remplacement du fichier système protégé c:\windows\system32\powercfg.exe. Ce fichier a été restauré en utilisant sa version initiale pour maintenir la stabilité du système. La version du fichier incorrect est 5.1.3565.0, la version du fichier système actuel est 5.1.2600.2180.
.
==== End Of File ===========================
 
Lets get two more tools to use; aswMBR and Tdsskiller. Both will check for rootkits;

Please download aswmbr.exeto your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply



Please download TDSS Killer.exe and save it to your desktop

Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)

Please post the log report
 
here are the logs:


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 19:41:51
-----------------------------
19:41:51.687 OS Version: Windows 5.1.2600 Service Pack 3
19:41:51.687 Number of processors: 2 586 0x604
19:41:51.687 ComputerName: NOM-FB9B15D2723 UserName:
19:41:52.812 Initialize success
19:42:40.640 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:42:40.640 Disk 0 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 3
19:42:40.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
19:42:40.640 Disk 1 Vendor: SAMSUNG_ 1AQ1 Size: 1907729MB BusType: 3
19:42:40.640 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-c
19:42:40.640 Disk 2 Vendor: Maxtor_6L300R0 BAJ41G20 Size: 286188MB BusType: 3
19:42:42.656 Disk 2 MBR read successfully
19:42:42.656 Disk 2 MBR scan
19:42:42.656 Disk 2 unknown MBR code
19:42:42.656 Disk 2 scanning sectors +586099395
19:42:42.718 Disk 2 scanning C:\WINDOWS\system32\drivers
19:42:50.390 Service scanning
19:42:52.656 Modules scanning
19:42:57.531 Disk 2 trace - called modules:
19:42:57.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:42:57.546 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x86784ab8]
19:42:57.546 3 CLASSPNP.SYS[f7670fd7] -> nt!IofCallDriver -> \Device\00000067[0x86787e98]
19:42:57.546 5 ACPI.sys[f74e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x85e0bb00]
19:42:57.546 Scan finished successfully
19:43:30.890 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrateur\Bureau\MBR.dat"
19:43:30.921 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrateur\Bureau\aswMBR.txt"

19:44:58.0531 3588 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:44:58.0828 3588 ============================================================
19:44:58.0828 3588 Current date / time: 2011/12/04 19:44:58.0828
19:44:58.0828 3588 SystemInfo:
19:44:58.0828 3588
19:44:58.0828 3588 OS Version: 5.1.2600 ServicePack: 3.0
19:44:58.0828 3588 Product type: Workstation
19:44:58.0828 3588 ComputerName: NOM-FB9B15D2723
19:44:58.0828 3588 UserName: HP_Administrateur
19:44:58.0828 3588 Windows directory: C:\WINDOWS
19:44:58.0828 3588 System windows directory: C:\WINDOWS
19:44:58.0828 3588 Processor architecture: Intel x86
19:44:58.0828 3588 Number of processors: 2
19:44:58.0828 3588 Page size: 0x1000
19:44:58.0828 3588 Boot type: Normal boot
19:44:58.0828 3588 ============================================================
19:45:00.0609 3588 Initialize success
19:45:28.0031 4060 ============================================================
19:45:28.0031 4060 Scan started
19:45:28.0031 4060 Mode: Manual;
19:45:28.0031 4060 ============================================================
19:45:29.0265 4060 Abiosdsk - ok
19:45:29.0328 4060 abp480n5 - ok
19:45:29.0437 4060 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:45:29.0453 4060 ACPI - ok
19:45:29.0515 4060 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:45:29.0515 4060 ACPIEC - ok
19:45:29.0687 4060 adpu160m - ok
19:45:30.0140 4060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:45:30.0140 4060 aec - ok
19:45:30.0218 4060 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:45:30.0250 4060 AFD - ok
19:45:30.0453 4060 Aha154x - ok
19:45:30.0625 4060 aic78u2 - ok
19:45:30.0859 4060 aic78xx - ok
19:45:30.0953 4060 AliIde - ok
19:45:31.0046 4060 amsint - ok
19:45:31.0140 4060 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:45:31.0140 4060 Arp1394 - ok
19:45:31.0265 4060 asc - ok
19:45:31.0328 4060 asc3350p - ok
19:45:31.0562 4060 asc3550 - ok
19:45:31.0671 4060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:45:31.0671 4060 AsyncMac - ok
19:45:31.0812 4060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:45:31.0812 4060 atapi - ok
19:45:31.0937 4060 Atdisk - ok
19:45:32.0062 4060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:45:32.0062 4060 Atmarpc - ok
19:45:32.0140 4060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:45:32.0140 4060 audstub - ok
19:45:32.0234 4060 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
19:45:32.0234 4060 bb-run - ok
19:45:32.0265 4060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:45:32.0265 4060 Beep - ok
19:45:32.0343 4060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:45:32.0343 4060 cbidf2k - ok
19:45:32.0421 4060 cd20xrnt - ok
19:45:32.0500 4060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:45:32.0500 4060 Cdaudio - ok
19:45:32.0625 4060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:45:32.0625 4060 Cdfs - ok
19:45:32.0734 4060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:45:32.0750 4060 Cdrom - ok
19:45:32.0796 4060 Changer - ok
19:45:32.0875 4060 CmdIde - ok
19:45:33.0015 4060 Cpqarray - ok
19:45:33.0156 4060 dac2w2k - ok
19:45:33.0187 4060 dac960nt - ok
19:45:33.0265 4060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:45:33.0265 4060 Disk - ok
19:45:33.0421 4060 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
19:45:33.0468 4060 dmboot - ok
19:45:33.0609 4060 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
19:45:33.0609 4060 dmio - ok
19:45:33.0703 4060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:45:33.0703 4060 dmload - ok
19:45:33.0812 4060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:45:33.0812 4060 DMusic - ok
19:45:33.0890 4060 dpti2o - ok
19:45:34.0203 4060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:45:35.0046 4060 drmkaud - ok
19:45:35.0468 4060 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:45:35.0484 4060 E100B - ok
19:45:35.0890 4060 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:45:35.0890 4060 eamon - ok
19:45:36.0703 4060 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:45:36.0718 4060 ehdrv - ok
19:45:36.0828 4060 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
19:45:36.0828 4060 ELacpi - ok
19:45:37.0515 4060 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
19:45:37.0515 4060 ELhid - ok
19:45:38.0203 4060 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
19:45:38.0203 4060 ELkbd - ok
19:45:38.0437 4060 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
19:45:38.0437 4060 ELmon - ok
19:45:38.0812 4060 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
19:45:38.0812 4060 ELmou - ok
19:45:39.0156 4060 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\WINDOWS\system32\DRIVERS\epfw.sys
19:45:39.0156 4060 epfw - ok
19:45:39.0906 4060 Epfwndis (75d3bcd3e0eded0ab0f96d9a10ff01c9) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:45:39.0906 4060 Epfwndis - ok
19:45:40.0359 4060 epfwtdi (dc64f26f35e32c9472bbf8acd84060d3) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:45:40.0359 4060 epfwtdi - ok
19:45:40.0953 4060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:45:41.0265 4060 Fastfat - ok
19:45:41.0531 4060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:45:41.0531 4060 Fdc - ok
19:45:41.0578 4060 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
19:45:41.0578 4060 Fips - ok
19:45:41.0609 4060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:45:41.0609 4060 Flpydisk - ok
19:45:41.0671 4060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:45:41.0671 4060 FltMgr - ok
19:45:41.0718 4060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:45:41.0734 4060 Fs_Rec - ok
19:45:41.0765 4060 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:45:41.0765 4060 Ftdisk - ok
19:45:41.0812 4060 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
19:45:41.0812 4060 ftsata2 - ok
19:45:41.0875 4060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:45:41.0875 4060 Gpc - ok
19:45:41.0921 4060 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:45:41.0937 4060 HDAudBus - ok
19:45:41.0968 4060 hpn - ok
19:45:42.0078 4060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:45:42.0093 4060 HTTP - ok
19:45:42.0125 4060 i2omgmt - ok
19:45:42.0187 4060 i2omp - ok
19:45:42.0265 4060 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:45:42.0265 4060 i8042prt - ok
19:45:42.0453 4060 iaStor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iastor.sys
19:45:42.0453 4060 iaStor - ok
19:45:42.0515 4060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:45:42.0515 4060 Imapi - ok
19:45:42.0562 4060 ini910u - ok
19:45:42.0781 4060 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:45:42.0812 4060 IntcAzAudAddService - ok
19:45:42.0859 4060 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:45:42.0859 4060 IntelIde - ok
19:45:42.0906 4060 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:45:42.0906 4060 intelppm - ok
19:45:42.0984 4060 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:45:42.0984 4060 Ip6Fw - ok
19:45:43.0109 4060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:45:43.0109 4060 IpFilterDriver - ok
19:45:43.0281 4060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:45:43.0281 4060 IpInIp - ok
19:45:43.0328 4060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:45:43.0328 4060 IpNat - ok
19:45:43.0375 4060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:45:43.0375 4060 IPSec - ok
19:45:43.0421 4060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:45:43.0421 4060 IRENUM - ok
19:45:43.0500 4060 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:45:43.0500 4060 isapnp - ok
19:45:43.0562 4060 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:45:43.0562 4060 Kbdclass - ok
19:45:43.0625 4060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:45:43.0625 4060 kmixer - ok
19:45:43.0703 4060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:45:43.0703 4060 KSecDD - ok
19:45:43.0906 4060 lbrtfdc - ok
19:45:43.0968 4060 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
19:45:43.0968 4060 MBAMProtector - ok
19:45:44.0046 4060 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:45:44.0046 4060 MHNDRV - ok
19:45:44.0093 4060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:45:44.0093 4060 mnmdd - ok
19:45:44.0156 4060 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
19:45:44.0156 4060 Modem - ok
19:45:44.0218 4060 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:45:44.0218 4060 Mouclass - ok
19:45:44.0296 4060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:45:44.0296 4060 MountMgr - ok
19:45:44.0328 4060 mraid35x - ok
19:45:44.0375 4060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:45:44.0390 4060 MRxDAV - ok
19:45:44.0468 4060 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:45:44.0484 4060 MRxSmb - ok
19:45:44.0546 4060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:45:44.0546 4060 Msfs - ok
19:45:44.0765 4060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:45:44.0765 4060 MSKSSRV - ok
19:45:44.0843 4060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:45:44.0843 4060 MSPCLOCK - ok
19:45:44.0906 4060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:45:44.0906 4060 MSPQM - ok
19:45:44.0968 4060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:45:44.0968 4060 mssmbios - ok
19:45:45.0093 4060 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:45:45.0093 4060 Mup - ok
19:45:45.0203 4060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:45:45.0234 4060 NDIS - ok
19:45:45.0296 4060 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:45:45.0296 4060 NdisTapi - ok
19:45:45.0421 4060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:45:45.0421 4060 Ndisuio - ok
19:45:45.0578 4060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:45:45.0578 4060 NdisWan - ok
19:45:45.0625 4060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:45:45.0625 4060 NDProxy - ok
19:45:45.0687 4060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:45:45.0687 4060 NetBIOS - ok
19:45:45.0765 4060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:45:45.0781 4060 NetBT - ok
19:45:45.0843 4060 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:45:45.0843 4060 NIC1394 - ok
19:45:45.0906 4060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:45:45.0906 4060 Npfs - ok
19:45:45.0984 4060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:45:46.0046 4060 Ntfs - ok
19:45:46.0093 4060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:45:46.0093 4060 Null - ok
19:45:46.0296 4060 nv (c66a980b4b5e5f84351b286b9eb200bd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:45:46.0453 4060 nv - ok
19:45:46.0687 4060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:45:46.0703 4060 NwlnkFlt - ok
19:45:46.0750 4060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:45:46.0750 4060 NwlnkFwd - ok
19:45:46.0812 4060 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:45:46.0812 4060 ohci1394 - ok
19:45:46.0859 4060 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
19:45:46.0875 4060 Parport - ok
19:45:46.0906 4060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:45:46.0906 4060 PartMgr - ok
19:45:46.0953 4060 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
19:45:46.0953 4060 ParVdm - ok
19:45:47.0000 4060 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
19:45:47.0000 4060 PCI - ok
19:45:47.0046 4060 PCIDump - ok
19:45:47.0093 4060 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:45:47.0093 4060 PCIIde - ok
19:45:47.0156 4060 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:45:47.0156 4060 Pcmcia - ok
19:45:47.0203 4060 PDCOMP - ok
19:45:47.0234 4060 PDFRAME - ok
19:45:47.0265 4060 PDRELI - ok
19:45:47.0296 4060 PDRFRAME - ok
19:45:47.0328 4060 perc2 - ok
19:45:47.0375 4060 perc2hib - ok
19:45:47.0421 4060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:45:47.0421 4060 PptpMiniport - ok
19:45:47.0453 4060 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:45:47.0468 4060 Ps2 - ok
19:45:47.0500 4060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:45:47.0500 4060 PSched - ok
19:45:47.0531 4060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:45:47.0531 4060 Ptilink - ok
19:45:47.0578 4060 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:45:47.0578 4060 PxHelp20 - ok
19:45:47.0625 4060 ql1080 - ok
19:45:47.0656 4060 Ql10wnt - ok
19:45:47.0687 4060 ql12160 - ok
19:45:47.0718 4060 ql1240 - ok
19:45:47.0765 4060 ql1280 - ok
19:45:47.0796 4060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:45:47.0796 4060 RasAcd - ok
19:45:47.0843 4060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:45:47.0843 4060 Rasl2tp - ok
19:45:47.0906 4060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:45:47.0906 4060 RasPppoe - ok
19:45:47.0953 4060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:45:47.0953 4060 Raspti - ok
19:45:48.0140 4060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:45:48.0156 4060 Rdbss - ok
19:45:48.0234 4060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:45:48.0234 4060 RDPCDD - ok
19:45:48.0312 4060 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:45:48.0328 4060 rdpdr - ok
19:45:48.0406 4060 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:45:48.0406 4060 RDPWD - ok
19:45:48.0453 4060 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:45:48.0453 4060 redbook - ok
19:45:48.0656 4060 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:45:48.0656 4060 rtl8139 - ok
19:45:48.0750 4060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:45:48.0765 4060 Secdrv - ok
19:45:48.0859 4060 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
19:45:48.0859 4060 Serial - ok
19:45:48.0890 4060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:45:48.0890 4060 Sfloppy - ok
19:45:48.0937 4060 Simbad - ok
19:45:49.0140 4060 Sparrow - ok
19:45:49.0203 4060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:45:49.0203 4060 splitter - ok
19:45:49.0265 4060 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
19:45:49.0281 4060 sr - ok
19:45:49.0390 4060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:45:49.0406 4060 Srv - ok
19:45:49.0484 4060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:45:49.0484 4060 swenum - ok
19:45:49.0515 4060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:45:49.0515 4060 swmidi - ok
19:45:49.0703 4060 symc810 - ok
19:45:49.0750 4060 symc8xx - ok
19:45:49.0828 4060 sym_hi - ok
19:45:49.0859 4060 sym_u3 - ok
19:45:49.0906 4060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:45:49.0906 4060 sysaudio - ok
19:45:50.0078 4060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:45:50.0187 4060 Tcpip - ok
19:45:50.0265 4060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:45:50.0265 4060 TDPIPE - ok
19:45:50.0343 4060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:45:50.0343 4060 TDTCP - ok
19:45:50.0390 4060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:45:50.0390 4060 TermDD - ok
19:45:50.0562 4060 TosIde - ok
19:45:50.0640 4060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:45:50.0640 4060 Udfs - ok
19:45:50.0687 4060 ultra - ok
19:45:50.0750 4060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:45:50.0765 4060 Update - ok
19:45:50.0859 4060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:45:50.0859 4060 usbehci - ok
19:45:50.0921 4060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:45:50.0921 4060 usbhub - ok
19:45:51.0093 4060 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:45:51.0109 4060 usbstor - ok
19:45:51.0171 4060 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:45:51.0171 4060 usbuhci - ok
19:45:51.0203 4060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:45:51.0203 4060 VgaSave - ok
19:45:51.0250 4060 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:45:51.0250 4060 ViaIde - ok
19:45:51.0281 4060 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
19:45:51.0281 4060 VolSnap - ok
19:45:51.0328 4060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:45:51.0328 4060 Wanarp - ok
19:45:51.0375 4060 WDICA - ok
19:45:51.0421 4060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:45:51.0421 4060 wdmaud - ok
19:45:51.0546 4060 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:45:51.0546 4060 WudfPf - ok
19:45:51.0750 4060 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:45:51.0750 4060 WudfRd - ok
19:45:51.0781 4060 MBR (0x1B8) (fe3fdfe9b33e4927984d4971ab015308) \Device\Harddisk2\DR2
19:45:51.0812 4060 \Device\Harddisk2\DR2 - ok
19:45:51.0812 4060 MBR (0x1B8) (fe3fdfe9b33e4927984d4971ab015308) \Device\Harddisk0\DR0
19:45:51.0828 4060 \Device\Harddisk0\DR0 - ok
19:45:51.0828 4060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:45:51.0828 4060 \Device\Harddisk1\DR1 - ok
19:45:51.0843 4060 Boot (0x1200) (c2155667fd2b84ba582ee2ce6c49f7ed) \Device\Harddisk2\DR2\Partition0
19:45:51.0843 4060 \Device\Harddisk2\DR2\Partition0 - ok
19:45:51.0843 4060 Boot (0x1200) (2b2a524ea2fbe26d6cca197256d5f95d) \Device\Harddisk2\DR2\Partition1
19:45:51.0843 4060 \Device\Harddisk2\DR2\Partition1 - ok
19:45:51.0843 4060 Boot (0x1200) (0cd32d62a762641e4ca5d14d146963fe) \Device\Harddisk0\DR0\Partition0
19:45:51.0843 4060 \Device\Harddisk0\DR0\Partition0 - ok
19:45:51.0859 4060 Boot (0x1200) (23a00328fcb17bf9759750417f2057f0) \Device\Harddisk0\DR0\Partition1
19:45:51.0859 4060 \Device\Harddisk0\DR0\Partition1 - ok
19:45:51.0859 4060 Boot (0x1200) (ed6ab68c98e40570ebccce18f4fb8dc9) \Device\Harddisk1\DR1\Partition0
19:45:51.0859 4060 \Device\Harddisk1\DR1\Partition0 - ok
19:45:51.0859 4060 ============================================================
19:45:51.0859 4060 Scan finished
19:45:51.0859 4060 ============================================================
19:45:51.0875 4080 Detected object count: 0
19:45:51.0875 4080 Actual detected object count: 0
 
hi,

here is some malwarebyte protection logs i just noticed on the W7 box that was not looking infected but who may be...:


protection-log-2011-11-27

09:13:29 admin MESSAGE Protection started successfully
09:13:33 admin MESSAGE IP Protection started successfully
18:38:23 admin MESSAGE Scheduled update executed successfully
18:39:55 admin MESSAGE IP Protection stopped
18:39:58 admin MESSAGE Database updated successfully
18:39:59 admin MESSAGE IP Protection started successfully
22:59:42 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54278, Process: firefox.exe)
23:00:39 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54504, Process: firefox.exe)
23:01:03 admin IP-BLOCK 94.100.19.132 (Type: outgoing, Port: 54613, Process: firefox.exe)


protection-log-2011-12-04
10:12:16 admin MESSAGE Protection started successfully
10:12:20 admin MESSAGE IP Protection started successfully
21:44:05 admin IP-BLOCK 82.98.86.163 (Type: outgoing, Port: 51936, Process: firefox.exe)
21:44:05 admin IP-BLOCK 89.149.227.56 (Type: outgoing, Port: 51992, Process: firefox.exe)
21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52010, Process: firefox.exe)
21:44:05 admin IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52011, Process: firefox.exe)
 
Logs look ok. For the XP machine:

Please also download MBRcheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)

It will show a Black screen with some information that will contain either the below line if no problem is found:

Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.

MBRCheck will create a log on your desktop named similar to MBRCheck_07.16.10_00.32.33.txt which is based on the date and time.

Post the log in your reply.
 
here are the 3 logs for the W7 box, MBR check found something see below:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R720
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 159):
0x83016000 \SystemRoot\system32\ntoskrnl.exe
0x83419000 \SystemRoot\system32\halmacpi.dll
0x80BC0000 \SystemRoot\system32\kdcom.dll
0x8B823000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B8A8000 \SystemRoot\system32\PSHED.dll
0x8B8B9000 \SystemRoot\system32\BOOTVID.dll
0x8B8C1000 \SystemRoot\system32\CLFS.SYS
0x8B903000 \SystemRoot\system32\CI.dll
0x8B9AE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BA1F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BA2D000 \SystemRoot\system32\drivers\ACPI.sys
0x8BA75000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8BA7E000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BA86000 \SystemRoot\system32\drivers\pci.sys
0x8BAB0000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BABB000 \SystemRoot\System32\drivers\partmgr.sys
0x8BACC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BAD4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BADF000 \SystemRoot\system32\drivers\volmgr.sys
0x8BAEF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BB3A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BC22000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BCFC000 \SystemRoot\system32\drivers\atapi.sys
0x8BD05000 \SystemRoot\system32\drivers\ataport.SYS
0x8BD28000 \SystemRoot\system32\drivers\msahci.sys
0x8BD32000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8BD40000 \SystemRoot\system32\drivers\amdxata.sys
0x8BD49000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BD7D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BD8E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BEBD000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BEE8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BEFB000 \SystemRoot\System32\Drivers\cng.sys
0x8BF58000 \SystemRoot\System32\drivers\pcw.sys
0x8BF66000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C023000 \SystemRoot\system32\drivers\ndis.sys
0x8C0DA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C118000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C13D000 \SystemRoot\System32\drivers\tcpip.sys
0x8C287000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C2B8000 \SystemRoot\system32\drivers\volsnap.sys
0x8C2F7000 \SystemRoot\System32\Drivers\spldr.sys
0x8C2FF000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C32C000 \SystemRoot\System32\Drivers\mup.sys
0x8C33C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C344000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C376000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C387000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x9290B000 \SystemRoot\system32\drivers\cdrom.sys
0x9292A000 \SystemRoot\System32\Drivers\Null.SYS
0x92931000 \SystemRoot\System32\Drivers\Beep.SYS
0x92938000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x92955000 \SystemRoot\System32\drivers\vga.sys
0x92961000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92982000 \SystemRoot\System32\drivers\watchdog.sys
0x9298F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92997000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9299F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x929A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x929B2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x929C0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x929D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x929E3000 \SystemRoot\system32\drivers\afd.sys
0x92A3D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92A6F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x92A76000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92A95000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x92AA6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92AB4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92AC7000 \SystemRoot\system32\drivers\termdd.sys
0x92AD8000 \??\C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
0x92AE0000 \??\C:\windows\system32\Drivers\SABI.sys
0x92AE8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92B29000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92B33000 \SystemRoot\system32\drivers\mssmbios.sys
0x92B3D000 \SystemRoot\System32\drivers\discache.sys
0x92B49000 \SystemRoot\System32\Drivers\dfsc.sys
0x92B61000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92B6F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93818000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x93D58000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93E0F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93E48000 \SystemRoot\system32\drivers\HDAudBus.sys
0x93E67000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93E72000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x93EBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93ECC000 \SystemRoot\system32\DRIVERS\athr.sys
0x93800000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x92B90000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x9380A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92BE1000 \SystemRoot\system32\drivers\i8042prt.sys
0x92800000 \SystemRoot\system32\drivers\kbdclass.sys
0x8C3B9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9380E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9280D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x93810000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C000000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C012000 \SystemRoot\system32\drivers\CompositeBus.sys
0x8C3F3000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x8BF6F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8BF81000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BF99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BFA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BFC6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BFDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93816000 \SystemRoot\system32\drivers\swenum.sys
0x8BB50000 \SystemRoot\system32\drivers\ks.sys
0x8BB84000 \SystemRoot\system32\drivers\umbus.sys
0x8BB92000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BBD6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94026000 \SystemRoot\system32\drivers\HdAudio.sys
0x94076000 \SystemRoot\system32\drivers\portcls.sys
0x940A5000 \SystemRoot\system32\drivers\drmk.sys
0x940BE000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x94363000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9436E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x94381000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94388000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x970E0000 \SystemRoot\System32\win32k.sys
0x94393000 \SystemRoot\System32\drivers\Dxapi.sys
0x9439D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x943B4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x943BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x943D6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x94000000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9281A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9400D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97340000 \SystemRoot\System32\TSDDD.dll
0x97370000 \SystemRoot\System32\cdd.dll
0x8B800000 \SystemRoot\system32\drivers\luafv.sys
0x9B82F000 \SystemRoot\system32\DRIVERS\eamon.sys
0x9B8FB000 \SystemRoot\system32\drivers\WudfPf.sys
0x9B915000 \SystemRoot\system32\DRIVERS\epfw.sys
0x9B938000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B948000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B98E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B99E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B9B1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9B9DB000 \SystemRoot\system32\drivers\HTTP.sys
0x9BA60000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BA79000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BA8B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BAAE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9BAE9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BB1C000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x9BB2A000 \SystemRoot\system32\drivers\peauth.sys
0x9BBC1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BBCB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BBEC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3807000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3857000 \SystemRoot\System32\DRIVERS\srv.sys
0xA38A9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA38CA000 \??\C:\windows\system32\drivers\mbam.sys
0x97010000 \SystemRoot\System32\ATMFD.DLL
0xA3B97000 \SystemRoot\system32\DRIVERS\udfs.sys
0x773B0000 \Windows\System32\ntdll.dll
0x47720000 \Windows\System32\smss.exe
0x775F0000 \Windows\System32\apisetschema.dll

Processes (total 83):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
468 csrss.exe
544 C:\Windows\System32\wininit.exe
552 csrss.exe
592 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\winlogon.exe
772 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\atiesrxx.exe
976 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\atieclxx.exe
1384 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\spoolsv.exe
1608 C:\Windows\System32\svchost.exe
1716 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1748 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1776 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1800 C:\Program Files\Bonjour\mDNSResponder.exe
1832 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
1884 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
1920 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2004 C:\Windows\System32\Rezip.exe
2036 C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
400 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
1912 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
396 C:\Windows\System32\svchost.exe
540 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1472 C:\Windows\System32\svchost.exe
1244 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
2228 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
2680 C:\Windows\System32\svchost.exe
2740 WUDFHost.exe
3396 C:\Windows\System32\svchost.exe
3924 C:\Windows\System32\dwm.exe
4000 C:\Windows\System32\taskhost.exe
4064 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2076 C:\Windows\System32\taskeng.exe
2476 C:\Windows\System32\svchost.exe
1668 C:\Program Files\Windows Media Player\wmpnetwk.exe
2952 C:\Windows\System32\SearchIndexer.exe
1872 C:\Windows\explorer.exe
1860 C:\Windows\System32\svchost.exe
3064 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3796 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
3788 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
4092 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
740 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1812 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3220 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4860 C:\Program Files\ESET\ESET Smart Security\egui.exe
5064 C:\Windows\WindowsMobile\wmdc.exe
5424 C:\Program Files\Mozilla Firefox\firefox.exe
5940 C:\Program Files\Mozilla Firefox\plugin-container.exe
3392 C:\Program Files\iTunes\iTunesHelper.exe
4448 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
1208 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
2144 C:\Program Files\iPod\bin\iPodService.exe
1808 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
6700 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
7056 C:\Program Files\ICQ7.0\ICQ.exe
12256 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
15220 C:\Program Files\OpenOffice.org 3\program\soffice.exe
15376 C:\Program Files\OpenOffice.org 3\program\soffice.bin
24496 C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
23312 C:\Program Files\Internet Explorer\iexplore.exe
5820 C:\Program Files\Internet Explorer\iexplore.exe
1092 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
23016 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
25612 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
22920 C:\Windows\System32\audiodg.exe
26320 C:\Windows\System32\dllhost.exe
25036 dllhost.exe
1348 dllhost.exe
26560 C:\data\security\MBRCheck.exe
24712 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000068`0bf00000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0001SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


23:08:00.0197 10936 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:08:01.0066 10936 ============================================================
23:08:01.0066 10936 Current date / time: 2011/12/04 23:08:01.0066
23:08:01.0066 10936 SystemInfo:
23:08:01.0066 10936
23:08:01.0066 10936 OS Version: 6.1.7601 ServicePack: 1.0
23:08:01.0066 10936 Product type: Workstation
23:08:01.0066 10936 ComputerName: ADMIN-PC
23:08:01.0066 10936 UserName: admin
23:08:01.0066 10936 Windows directory: C:\windows
23:08:01.0066 10936 System windows directory: C:\windows
23:08:01.0066 10936 Processor architecture: Intel x86
23:08:01.0066 10936 Number of processors: 2
23:08:01.0066 10936 Page size: 0x1000
23:08:01.0066 10936 Boot type: Normal boot
23:08:01.0066 10936 ============================================================
23:08:01.0860 10936 Initialize success
23:08:03.0221 11096 ============================================================
23:08:03.0221 11096 Scan started
23:08:03.0221 11096 Mode: Manual;
23:08:03.0221 11096 ============================================================
23:08:03.0737 11096 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
23:08:03.0738 11096 1394ohci - ok
23:08:03.0796 11096 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
23:08:03.0798 11096 ACPI - ok
23:08:03.0874 11096 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
23:08:03.0874 11096 AcpiPmi - ok
23:08:03.0940 11096 AdfuUd (9ed5d777a31ee654b0899cd1d2e778ba) C:\windows\system32\Drivers\AdfuUd.sys
23:08:03.0940 11096 AdfuUd - ok
23:08:04.0005 11096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
23:08:04.0011 11096 adp94xx - ok
23:08:04.0030 11096 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
23:08:04.0035 11096 adpahci - ok
23:08:04.0055 11096 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
23:08:04.0056 11096 adpu320 - ok
23:08:04.0178 11096 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
23:08:04.0180 11096 AFD - ok
23:08:04.0363 11096 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
23:08:04.0370 11096 AgereSoftModem - ok
23:08:04.0412 11096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
23:08:04.0413 11096 agp440 - ok
23:08:04.0509 11096 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
23:08:04.0511 11096 aic78xx - ok
23:08:04.0588 11096 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
23:08:04.0588 11096 aliide - ok
23:08:04.0642 11096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
23:08:04.0645 11096 amdagp - ok
23:08:04.0687 11096 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
23:08:04.0688 11096 amdide - ok
23:08:04.0723 11096 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
23:08:04.0726 11096 AmdK8 - ok
23:08:04.0745 11096 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
23:08:04.0747 11096 AmdPPM - ok
23:08:04.0804 11096 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
23:08:04.0805 11096 amdsata - ok
23:08:04.0834 11096 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
23:08:04.0837 11096 amdsbs - ok
23:08:04.0877 11096 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
23:08:04.0877 11096 amdxata - ok
23:08:04.0939 11096 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
23:08:04.0939 11096 AppID - ok
23:08:05.0034 11096 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
23:08:05.0036 11096 arc - ok
23:08:05.0055 11096 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
23:08:05.0057 11096 arcsas - ok
23:08:05.0087 11096 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
23:08:05.0109 11096 AsyncMac - ok
23:08:05.0207 11096 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
23:08:05.0207 11096 atapi - ok
23:08:05.0302 11096 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
23:08:05.0312 11096 athr - ok
23:08:05.0517 11096 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
23:08:05.0617 11096 atikmdag - ok
23:08:05.0760 11096 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
23:08:05.0767 11096 b06bdrv - ok
23:08:05.0805 11096 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
23:08:05.0810 11096 b57nd60x - ok
23:08:05.0864 11096 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
23:08:05.0865 11096 Beep - ok
23:08:05.0905 11096 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
23:08:05.0909 11096 blbdrive - ok
23:08:06.0065 11096 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
23:08:06.0084 11096 bowser - ok
23:08:06.0121 11096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:08:06.0122 11096 BrFiltLo - ok
23:08:06.0141 11096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:08:06.0142 11096 BrFiltUp - ok
23:08:06.0270 11096 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
23:08:06.0275 11096 Brserid - ok
23:08:06.0308 11096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
23:08:06.0313 11096 BrSerWdm - ok
23:08:06.0345 11096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
23:08:06.0346 11096 BrUsbMdm - ok
23:08:06.0499 11096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
23:08:06.0500 11096 BrUsbSer - ok
23:08:06.0635 11096 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
23:08:06.0653 11096 BthEnum - ok
23:08:06.0756 11096 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
23:08:06.0758 11096 BTHMODEM - ok
23:08:06.0794 11096 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
23:08:06.0796 11096 BthPan - ok
23:08:06.0866 11096 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
23:08:06.0874 11096 BTHPORT - ok
23:08:06.0905 11096 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
23:08:06.0924 11096 BTHUSB - ok
23:08:06.0956 11096 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
23:08:06.0958 11096 cdfs - ok
23:08:07.0027 11096 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
23:08:07.0028 11096 cdrom - ok
23:08:07.0060 11096 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
23:08:07.0062 11096 circlass - ok
23:08:07.0087 11096 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
23:08:07.0091 11096 CLFS - ok
23:08:07.0145 11096 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
23:08:07.0146 11096 CmBatt - ok
23:08:07.0201 11096 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
23:08:07.0201 11096 cmdide - ok
23:08:07.0274 11096 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
23:08:07.0281 11096 CNG - ok
23:08:07.0398 11096 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
23:08:07.0418 11096 Compbatt - ok
23:08:07.0524 11096 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
23:08:07.0525 11096 CompositeBus - ok
23:08:07.0571 11096 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
23:08:07.0573 11096 crcdisk - ok
23:08:07.0716 11096 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
23:08:07.0717 11096 DfsC - ok
23:08:07.0757 11096 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
23:08:07.0757 11096 discache - ok
23:08:07.0862 11096 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
23:08:07.0864 11096 Disk - ok
23:08:07.0904 11096 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
23:08:07.0905 11096 drmkaud - ok
23:08:07.0971 11096 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
23:08:07.0978 11096 DXGKrnl - ok
23:08:08.0063 11096 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\windows\system32\DRIVERS\eamon.sys
23:08:08.0065 11096 eamon - ok
23:08:08.0186 11096 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
23:08:08.0286 11096 ebdrv - ok
23:08:08.0415 11096 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\windows\system32\DRIVERS\ehdrv.sys
23:08:08.0416 11096 ehdrv - ok
23:08:08.0554 11096 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
23:08:08.0562 11096 elxstor - ok
23:08:08.0592 11096 epfw (39f48a0784be8465cd1ac80b36d61613) C:\windows\system32\DRIVERS\epfw.sys
23:08:08.0594 11096 epfw - ok
23:08:08.0625 11096 Epfwndis (3b47010b2425b69826004767e59045ba) C:\windows\system32\DRIVERS\Epfwndis.sys
23:08:08.0626 11096 Epfwndis - ok
23:08:08.0651 11096 epfwwfp (702a4695ca4ebdefa30235dda300c9d0) C:\windows\system32\DRIVERS\epfwwfp.sys
23:08:08.0652 11096 epfwwfp - ok
23:08:08.0708 11096 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
23:08:08.0709 11096 ErrDev - ok
23:08:08.0768 11096 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
23:08:08.0777 11096 exfat - ok
23:08:08.0840 11096 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
23:08:08.0845 11096 fastfat - ok
23:08:08.0964 11096 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
23:08:08.0967 11096 fdc - ok
23:08:09.0047 11096 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
23:08:09.0050 11096 FileInfo - ok
23:08:09.0154 11096 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
23:08:09.0156 11096 Filetrace - ok
23:08:09.0197 11096 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
23:08:09.0199 11096 flpydisk - ok
23:08:09.0230 11096 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
23:08:09.0234 11096 FltMgr - ok
23:08:09.0265 11096 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
23:08:09.0267 11096 FsDepends - ok
23:08:09.0309 11096 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
23:08:09.0312 11096 fssfltr - ok
23:08:09.0362 11096 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
23:08:09.0363 11096 Fs_Rec - ok
23:08:09.0439 11096 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
23:08:09.0442 11096 fvevol - ok
23:08:09.0528 11096 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
23:08:09.0531 11096 gagp30kx - ok
23:08:09.0650 11096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:09.0660 11096 GEARAspiWDM - ok
23:08:09.0741 11096 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
23:08:09.0743 11096 hcw85cir - ok
23:08:09.0803 11096 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
23:08:09.0806 11096 HdAudAddService - ok
23:08:09.0911 11096 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
23:08:09.0912 11096 HDAudBus - ok
23:08:09.0944 11096 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
23:08:09.0946 11096 HidBatt - ok
23:08:09.0964 11096 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
23:08:09.0965 11096 HidBth - ok
23:08:09.0980 11096 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
23:08:09.0983 11096 HidIr - ok
23:08:10.0055 11096 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
23:08:10.0055 11096 HidUsb - ok
23:08:10.0114 11096 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
23:08:10.0115 11096 HpSAMD - ok
23:08:10.0224 11096 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
23:08:10.0230 11096 HTTP - ok
23:08:10.0310 11096 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
23:08:10.0311 11096 hwpolicy - ok
23:08:10.0380 11096 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
23:08:10.0382 11096 i8042prt - ok
23:08:10.0431 11096 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
23:08:10.0434 11096 iaStor - ok
23:08:10.0537 11096 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
23:08:10.0543 11096 iaStorV - ok
23:08:10.0755 11096 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
23:08:10.0885 11096 igfx - ok
23:08:10.0993 11096 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
23:08:10.0996 11096 iirsp - ok
23:08:11.0143 11096 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
23:08:11.0207 11096 IntcAzAudAddService - ok
23:08:11.0399 11096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
23:08:11.0400 11096 intelide - ok
23:08:11.0462 11096 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
23:08:11.0463 11096 intelppm - ok
23:08:11.0497 11096 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:08:11.0499 11096 IpFilterDriver - ok
23:08:11.0576 11096 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
23:08:11.0577 11096 IPMIDRV - ok
23:08:11.0611 11096 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
23:08:11.0613 11096 IPNAT - ok
23:08:11.0724 11096 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
23:08:11.0727 11096 IRENUM - ok
23:08:11.0798 11096 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
23:08:11.0800 11096 isapnp - ok
23:08:11.0826 11096 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
23:08:11.0827 11096 iScsiPrt - ok
23:08:11.0939 11096 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
23:08:11.0942 11096 kbdclass - ok
23:08:12.0014 11096 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
23:08:12.0034 11096 kbdhid - ok
23:08:12.0100 11096 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
23:08:12.0103 11096 KSecDD - ok
23:08:12.0139 11096 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
23:08:12.0143 11096 KSecPkg - ok
23:08:12.0245 11096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
23:08:12.0278 11096 lltdio - ok
23:08:12.0317 11096 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
23:08:12.0320 11096 LSI_FC - ok
23:08:12.0343 11096 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
23:08:12.0345 11096 LSI_SAS - ok
23:08:12.0362 11096 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:08:12.0364 11096 LSI_SAS2 - ok
23:08:12.0384 11096 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:08:12.0386 11096 LSI_SCSI - ok
23:08:12.0420 11096 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
23:08:12.0423 11096 luafv - ok
23:08:12.0541 11096 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
23:08:12.0542 11096 MBAMProtector - ok
23:08:12.0659 11096 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
23:08:12.0715 11096 megasas - ok
23:08:12.0749 11096 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
23:08:12.0754 11096 MegaSR - ok
23:08:12.0777 11096 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
23:08:12.0779 11096 Modem - ok
23:08:12.0814 11096 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
23:08:12.0815 11096 monitor - ok
23:08:12.0878 11096 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
23:08:12.0879 11096 mouclass - ok
23:08:12.0919 11096 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
23:08:12.0921 11096 mouhid - ok
23:08:12.0977 11096 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
23:08:13.0009 11096 mountmgr - ok
23:08:13.0065 11096 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
23:08:13.0066 11096 mpio - ok
23:08:13.0097 11096 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
23:08:13.0099 11096 mpsdrv - ok
23:08:13.0143 11096 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
23:08:13.0145 11096 MRxDAV - ok
23:08:13.0210 11096 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
23:08:13.0212 11096 mrxsmb - ok
23:08:13.0274 11096 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:08:13.0277 11096 mrxsmb10 - ok
23:08:13.0304 11096 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:08:13.0305 11096 mrxsmb20 - ok
23:08:13.0350 11096 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
23:08:13.0351 11096 msahci - ok
23:08:13.0397 11096 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
23:08:13.0398 11096 msdsm - ok
23:08:13.0572 11096 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
23:08:13.0573 11096 Msfs - ok
23:08:13.0736 11096 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
23:08:13.0737 11096 mshidkmdf - ok
23:08:13.0824 11096 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
23:08:13.0826 11096 msisadrv - ok
23:08:13.0897 11096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
23:08:13.0898 11096 MSKSSRV - ok
23:08:13.0919 11096 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
23:08:13.0920 11096 MSPCLOCK - ok
23:08:13.0944 11096 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
23:08:13.0945 11096 MSPQM - ok
23:08:13.0969 11096 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
23:08:13.0977 11096 MsRPC - ok
23:08:14.0025 11096 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
23:08:14.0027 11096 mssmbios - ok
23:08:14.0074 11096 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
23:08:14.0075 11096 MSTEE - ok
23:08:14.0087 11096 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
23:08:14.0120 11096 MTConfig - ok
23:08:14.0152 11096 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
23:08:14.0154 11096 Mup - ok
23:08:14.0204 11096 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
23:08:14.0208 11096 NativeWifiP - ok
23:08:14.0285 11096 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
23:08:14.0289 11096 NDIS - ok
23:08:14.0327 11096 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
23:08:14.0330 11096 NdisCap - ok
23:08:14.0355 11096 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
23:08:14.0357 11096 NdisTapi - ok
23:08:14.0427 11096 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
23:08:14.0428 11096 Ndisuio - ok
23:08:14.0501 11096 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
23:08:14.0502 11096 NdisWan - ok
23:08:14.0551 11096 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
23:08:14.0552 11096 NDProxy - ok
23:08:14.0586 11096 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
23:08:14.0588 11096 NetBIOS - ok
23:08:14.0636 11096 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
23:08:14.0638 11096 NetBT - ok
23:08:14.0679 11096 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
23:08:14.0681 11096 nfrd960 - ok
23:08:14.0711 11096 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
23:08:14.0712 11096 Npfs - ok
23:08:14.0736 11096 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
23:08:14.0754 11096 nsiproxy - ok
23:08:14.0833 11096 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
23:08:14.0868 11096 Ntfs - ok
23:08:14.0900 11096 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
23:08:14.0901 11096 Null - ok
23:08:14.0961 11096 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
23:08:14.0963 11096 nvraid - ok
23:08:15.0023 11096 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
23:08:15.0026 11096 nvstor - ok
23:08:15.0070 11096 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
23:08:15.0073 11096 nv_agp - ok
23:08:15.0139 11096 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
23:08:15.0140 11096 ohci1394 - ok
23:08:15.0191 11096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
23:08:15.0193 11096 Parport - ok
23:08:15.0238 11096 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
23:08:15.0239 11096 partmgr - ok
23:08:15.0263 11096 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
23:08:15.0264 11096 Parvdm - ok
23:08:15.0318 11096 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
23:08:15.0320 11096 pci - ok
23:08:15.0378 11096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
23:08:15.0383 11096 pciide - ok
23:08:15.0464 11096 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
23:08:15.0468 11096 pcmcia - ok
23:08:15.0513 11096 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
23:08:15.0516 11096 pcw - ok
23:08:15.0562 11096 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
23:08:15.0585 11096 PEAUTH - ok
23:08:15.0671 11096 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
23:08:15.0673 11096 PptpMiniport - ok
23:08:15.0688 11096 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
23:08:15.0690 11096 Processor - ok
23:08:15.0749 11096 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
23:08:15.0751 11096 Psched - ok
23:08:15.0817 11096 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
23:08:15.0878 11096 ql2300 - ok
23:08:16.0048 11096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
23:08:16.0049 11096 ql40xx - ok
23:08:16.0131 11096 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
23:08:16.0133 11096 QWAVEdrv - ok
23:08:16.0178 11096 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
23:08:16.0179 11096 RasAcd - ok
23:08:16.0261 11096 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
23:08:16.0263 11096 RasAgileVpn - ok
23:08:16.0301 11096 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
23:08:16.0303 11096 Rasl2tp - ok
23:08:16.0399 11096 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
23:08:16.0402 11096 RasPppoe - ok
23:08:16.0427 11096 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
23:08:16.0429 11096 RasSstp - ok
23:08:16.0491 11096 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
23:08:16.0495 11096 rdbss - ok
23:08:16.0541 11096 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
23:08:16.0543 11096 rdpbus - ok
23:08:16.0620 11096 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
23:08:16.0648 11096 RDPCDD - ok
23:08:16.0747 11096 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
23:08:16.0748 11096 RDPENCDD - ok
23:08:16.0779 11096 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
23:08:16.0780 11096 RDPREFMP - ok
23:08:16.0842 11096 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
23:08:16.0846 11096 RDPWD - ok
23:08:16.0961 11096 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
23:08:16.0965 11096 rdyboost - ok
23:08:17.0068 11096 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
23:08:17.0071 11096 RFCOMM - ok
23:08:17.0156 11096 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
23:08:17.0159 11096 rspndr - ok
23:08:17.0193 11096 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
23:08:17.0196 11096 RTL8167 - ok
23:08:17.0328 11096 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
23:08:17.0329 11096 SABI - ok
23:08:17.0542 11096 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
23:08:17.0543 11096 sbp2port - ok
23:08:17.0728 11096 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
23:08:17.0729 11096 scfilter - ok
23:08:17.0921 11096 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
23:08:17.0927 11096 SDHookDriver - ok
23:08:18.0075 11096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
23:08:18.0077 11096 secdrv - ok
23:08:18.0160 11096 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
23:08:18.0178 11096 Serenum - ok
23:08:18.0294 11096 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
23:08:18.0300 11096 Serial - ok
23:08:18.0487 11096 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
23:08:18.0488 11096 sermouse - ok
23:08:18.0600 11096 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
23:08:18.0601 11096 sffdisk - ok
23:08:18.0617 11096 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
23:08:18.0618 11096 sffp_mmc - ok
23:08:18.0648 11096 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
23:08:18.0649 11096 sffp_sd - ok
23:08:18.0679 11096 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
23:08:18.0680 11096 sfloppy - ok
23:08:18.0775 11096 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
23:08:18.0778 11096 sisagp - ok
23:08:18.0828 11096 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:08:18.0830 11096 SiSRaid2 - ok
23:08:18.0871 11096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
23:08:18.0872 11096 SiSRaid4 - ok
23:08:18.0944 11096 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
23:08:18.0946 11096 Smb - ok
23:08:19.0054 11096 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
23:08:19.0055 11096 spldr - ok
23:08:19.0131 11096 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
23:08:19.0135 11096 srv - ok
23:08:19.0171 11096 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
23:08:19.0176 11096 srv2 - ok
23:08:19.0194 11096 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
23:08:19.0195 11096 srvnet - ok
23:08:19.0240 11096 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
23:08:19.0241 11096 stexstor - ok
23:08:19.0289 11096 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
23:08:19.0290 11096 swenum - ok
23:08:19.0369 11096 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
23:08:19.0411 11096 SynTP - ok
23:08:19.0508 11096 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
23:08:19.0572 11096 Tcpip - ok
23:08:19.0627 11096 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
23:08:19.0636 11096 TCPIP6 - ok
23:08:19.0703 11096 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
23:08:19.0704 11096 tcpipreg - ok
23:08:19.0755 11096 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
23:08:19.0756 11096 TDPIPE - ok
23:08:19.0806 11096 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
23:08:19.0807 11096 TDTCP - ok
23:08:19.0861 11096 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
23:08:19.0862 11096 tdx - ok
23:08:19.0925 11096 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
23:08:19.0926 11096 TermDD - ok
23:08:20.0092 11096 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
23:08:20.0093 11096 tssecsrv - ok
23:08:20.0197 11096 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
23:08:20.0198 11096 TsUsbFlt - ok
23:08:20.0282 11096 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
23:08:20.0284 11096 tunnel - ok
23:08:20.0313 11096 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
23:08:20.0315 11096 uagp35 - ok
23:08:20.0369 11096 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
23:08:20.0374 11096 udfs - ok
23:08:20.0449 11096 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
23:08:20.0452 11096 uliagpkx - ok
23:08:20.0720 11096 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
23:08:20.0722 11096 umbus - ok
23:08:20.0776 11096 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
23:08:20.0778 11096 UmPass - ok
23:08:20.0868 11096 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
23:08:20.0870 11096 USBAAPL - ok
23:08:20.0940 11096 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
23:08:20.0944 11096 usbccgp - ok
23:08:21.0062 11096 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
23:08:21.0065 11096 usbcir - ok
23:08:21.0226 11096 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
23:08:21.0227 11096 usbehci - ok
23:08:21.0385 11096 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
23:08:21.0418 11096 usbhub - ok
23:08:21.0481 11096 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
23:08:21.0499 11096 usbohci - ok
23:08:21.0515 11096 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
23:08:21.0516 11096 usbprint - ok
23:08:21.0622 11096 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
23:08:21.0625 11096 usbscan - ok
23:08:21.0698 11096 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:08:21.0700 11096 USBSTOR - ok
23:08:21.0745 11096 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
23:08:21.0746 11096 usbuhci - ok
23:08:21.0854 11096 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
23:08:21.0855 11096 usbvideo - ok
23:08:21.0935 11096 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
23:08:21.0936 11096 vdrvroot - ok
23:08:21.0981 11096 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
23:08:21.0982 11096 vga - ok
23:08:22.0013 11096 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
23:08:22.0015 11096 VgaSave - ok
23:08:22.0086 11096 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
23:08:22.0091 11096 vhdmp - ok
23:08:22.0147 11096 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
23:08:22.0192 11096 viaagp - ok
23:08:22.0275 11096 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
23:08:22.0277 11096 ViaC7 - ok
23:08:22.0324 11096 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
23:08:22.0326 11096 viaide - ok
23:08:22.0375 11096 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
23:08:22.0377 11096 volmgr - ok
23:08:22.0400 11096 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
23:08:22.0406 11096 volmgrx - ok
23:08:22.0479 11096 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
23:08:22.0483 11096 volsnap - ok
23:08:22.0729 11096 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
23:08:22.0732 11096 vsmraid - ok
23:08:22.0752 11096 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
23:08:22.0771 11096 vwifibus - ok
23:08:22.0822 11096 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
23:08:22.0824 11096 vwififlt - ok
23:08:22.0864 11096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
23:08:22.0866 11096 WacomPen - ok
23:08:22.0959 11096 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:08:22.0960 11096 WANARP - ok
23:08:22.0991 11096 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:08:22.0992 11096 Wanarpv6 - ok
23:08:23.0122 11096 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
23:08:23.0123 11096 Wd - ok
23:08:23.0158 11096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
23:08:23.0166 11096 Wdf01000 - ok
23:08:23.0288 11096 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
23:08:23.0289 11096 WfpLwf - ok
23:08:23.0307 11096 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
23:08:23.0308 11096 WIMMount - ok
23:08:23.0592 11096 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
23:08:23.0594 11096 WINUSB - ok
23:08:23.0776 11096 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
23:08:23.0777 11096 WmiAcpi - ok
23:08:23.0892 11096 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
23:08:23.0893 11096 ws2ifsl - ok
23:08:23.0957 11096 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
23:08:23.0958 11096 WudfPf - ok
23:08:24.0078 11096 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
23:08:24.0079 11096 WUDFRd - ok
23:08:24.0184 11096 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
23:08:24.0191 11096 yukonw7 - ok
23:08:24.0280 11096 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
23:08:24.0596 11096 \Device\Harddisk0\DR0 - ok
23:08:24.0602 11096 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
23:08:24.0642 11096 \Device\Harddisk1\DR1 - ok
23:08:24.0647 11096 Boot (0x1200) (35ad429c41eabd3cb5aa0c137174f74e) \Device\Harddisk0\DR0\Partition0
23:08:24.0649 11096 \Device\Harddisk0\DR0\Partition0 - ok
23:08:24.0678 11096 Boot (0x1200) (8ef57f636c3472629962a8279554bffc) \Device\Harddisk0\DR0\Partition1
23:08:24.0680 11096 \Device\Harddisk0\DR0\Partition1 - ok
23:08:24.0710 11096 Boot (0x1200) (18763aeac0ee39fec1defec9b7171ab2) \Device\Harddisk0\DR0\Partition2
23:08:24.0721 11096 \Device\Harddisk0\DR0\Partition2 - ok
23:08:24.0730 11096 Boot (0x1200) (c17c16547be32acadda8a1f42eeb1198) \Device\Harddisk1\DR1\Partition0
23:08:24.0731 11096 \Device\Harddisk1\DR1\Partition0 - ok
23:08:24.0732 11096 ============================================================
23:08:24.0732 11096 Scan finished
23:08:24.0732 11096 ============================================================
23:08:24.0749 11700 Detected object count: 0
23:08:24.0749 11700 Actual detected object count: 0
23:09:48.0844 10880 Deinitialize success


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 23:06:58
-----------------------------
23:06:58.047 OS Version: Windows 6.1.7601 Service Pack 1
23:06:58.047 Number of processors: 2 586 0x170A
23:06:58.115 ComputerName: ADMIN-PC UserName: admin
23:07:03.017 Initialize success
23:07:07.616 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:07:07.618 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
23:07:07.672 Disk 0 MBR read successfully
23:07:07.674 Disk 0 MBR scan
23:07:07.676 Disk 0 unknown MBR code
23:07:07.680 Disk 0 scanning sectors +976771072
23:07:07.783 Disk 0 scanning C:\windows\system32\drivers
23:07:21.760 Service scanning
23:07:22.973 Modules scanning
23:07:30.906 Disk 0 trace - called modules:
23:07:30.948 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:07:30.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dac030]
23:07:30.956 3 CLASSPNP.SYS[8c38b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f5f028]
23:07:30.961 Scan finished successfully
23:07:47.746 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
23:07:47.753 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
 
here is the MBR Check logs for the XP box, MBR check found something see below:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7B10000 \WINDOWS\system32\KDCOM.DLL
0xF7A20000 \WINDOWS\system32\BOOTVID.dll
0xF74E0000 ACPI.sys
0xF7B12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74CF000 pci.sys
0xF7610000 isapnp.sys
0xF7620000 ohci1394.sys
0xF7630000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7BD8000 pciide.sys
0xF7890000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B14000 viaide.sys
0xF7B16000 intelide.sys
0xF7640000 MountMgr.sys
0xF74B0000 ftdisk.sys
0xF7B18000 dmload.sys
0xF748A000 dmio.sys
0xF7898000 PartMgr.sys
0xF7650000 VolSnap.sys
0xF73CA000 iastor.sys
0xF73B2000 atapi.sys
0xF736F000 ftsata2.sys
0xF7357000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7660000 disk.sys
0xF7670000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7337000 fltmgr.sys
0xF7325000 sr.sys
0xF7680000 bb-run.sys
0xF7690000 PxHelp20.sys
0xF730E000 KSecDD.sys
0xF7281000 Ntfs.sys
0xF7254000 NDIS.sys
0xF723A000 Mup.sys
0xF7830000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7940000 \SystemRoot\system32\DRIVERS\ELacpi.sys
0xF6E0B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6DF7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6DCF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7948000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6DAB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7950000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7840000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6D83000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF6D6F000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7850000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7958000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B3A000 \??\C:\WINDOWS\System32\Drivers\Elmou.sys
0xF7960000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7968000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7B3C000 \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
0xF7860000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7870000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7880000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D4C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0xF7D45000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D35000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7970000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C84000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7700000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7978000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7980000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6C25000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7710000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BC7000 \SystemRoot\system32\DRIVERS\update.sys
0xF720A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7730000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF4189000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF4165000 \SystemRoot\system32\drivers\portcls.sys
0xF7740000 \SystemRoot\system32\drivers\drmk.sys
0xF7750000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B46000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B48000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D2B000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B4A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF40F5000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF79A8000 \SystemRoot\System32\drivers\vga.sys
0xF7B4C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B4E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6BBF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF40C2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4069000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF4056000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
0xF4030000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF4008000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7760000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3FE6000 \SystemRoot\System32\drivers\afd.sys
0xF7770000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3FBB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7780000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF3F4B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7790000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7B50000 \??\C:\WINDOWS\System32\Drivers\Elmon.sys
0xF6BA7000 \??\C:\WINDOWS\System32\Drivers\Elhid.sys
0xF79C8000 \??\C:\WINDOWS\System32\Drivers\HIDPARSE.SYS
0xF79D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF3E87000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3E6F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BAA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF411D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78E0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C9C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF45B000 \SystemRoot\System32\ATMFD.DLL
0xBA4BD000 \SystemRoot\system32\DRIVERS\eamon.sys
0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xBA46D000 \SystemRoot\system32\DRIVERS\epfw.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9FF8000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA43D000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7810000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB968D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9534000 \SystemRoot\System32\Drivers\HTTP.sys
0xB94B4000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA44D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
952 C:\WINDOWS\system32\smss.exe
1024 csrss.exe
1052 C:\WINDOWS\system32\winlogon.exe
1096 C:\WINDOWS\system32\services.exe
1108 C:\WINDOWS\system32\lsass.exe
1296 C:\WINDOWS\system32\svchost.exe
1424 svchost.exe
1548 C:\WINDOWS\system32\svchost.exe
1624 svchost.exe
1784 svchost.exe
2024 C:\WINDOWS\system32\spoolsv.exe
284 C:\WINDOWS\explorer.exe
388 C:\WINDOWS\ehome\ehtray.exe
472 C:\WINDOWS\RTHDCPL.EXE
480 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
524 C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
556 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
564 C:\Program Files\ESET\ESET Smart Security\egui.exe
572 C:\WINDOWS\system32\rundll32.exe
568 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
584 C:\Program Files\Messenger\msmsgs.exe
596 C:\WINDOWS\system32\ctfmon.exe
752 svchost.exe
800 C:\WINDOWS\ehome\ehrecvr.exe
816 C:\WINDOWS\ehome\ehSched.exe
828 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
1008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1176 C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
1600 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1680 C:\WINDOWS\system32\nvsvc32.exe
1884 svchost.exe
2160 C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
2368 C:\WINDOWS\system32\wuauclt.exe
2404 mcrdsvc.exe
3380 C:\WINDOWS\system32\dllhost.exe
3748 alg.exe
4040 C:\WINDOWS\ehome\ehmsas.exe
2736 C:\Program Files\Mozilla Firefox\firefox.exe
3756 C:\hp\KBD\kbd.exe
2916 C:\WINDOWS\system\hpsysdrv.exe
896 C:\Documents and Settings\HP_Administrateur\Bureau\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000044`28098a00 (FAT32)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000038`82bc8800 (FAT32)

PhysicalDrive2 Model Number: Maxtor6L300R0, Rev: BAJ41G20
PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
PhysicalDrive1 Model Number: SAMSUNGHD204UI, Rev: 1AQ10001

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: 1CA67A0BFF17E11956F16C348FF70DEC63296236
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1CA67A0BFF17E11956F16C348FF70DEC63296236
1863 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
The unknown code most likely is because commercially purchased machines can use custom MBR code, like HP, Gateway, Acer etc
Lets see if Gmer can dig up anything:

Download the gmer utility and save to your desktop.

Extract the contents of the zipped file to your desktop

Double click GMER.exe to start.

If it gives you a warning about rootkit activity and asks if you want to run a scan...select--> NO

In the right panel, you will see several boxes that, by default, have already been checked. Please uncheck the following ...

* IAT/EAT

* Drives/Partition other than Systemdrive (typically C:\)

* Show All <--don't miss this one

click the Scan button & wait for it to finish.

When the scan is complete, click Save and save the log to your desktop. Post the log in your reply.

I wont be back on line for 16 hrs or so.......
 
hi shelf life

here is the log from the XP box:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 22:31:17
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-c Maxtor_6L300R0 rev.BAJ41G20
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fgpirfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF411E4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xF411E7F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF411EAB0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF411E5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xF411E8B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF411E350]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF411E410]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF411E570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF411E630]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF411E530]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF411E4F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF411E670]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xF411E870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF411E3B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF411E430]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xF411E830]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF411E370]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF411E470]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF411E5F0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CC8 80504564 4 Bytes [B0, EA, 11, F4] {MOV AL, 0xea; ADC ESP, ESI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes CALL E3653A1A
.text ntkrnlpa.exe!ZwCallbackReturn + 2FA4 80504840 4 Bytes CALL BE693C56
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B0, E3, 11, F4, 30, E4, 11, ...] {MOV AL, 0xe3; ADC ESP, ESI; XOR AH, AH; ADC ESP, ESI; XOR AL, CH; ADC ESP, ESI}
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6E0B380, 0x24192E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 01263690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Elkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
I also did a scan on the XP box with mbr.exe -t from gmer.net see bellow:


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L300R0 rev.BAJ41G20 -> Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-c

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk2\DR2[0x8676DAB8]
3 CLASSPNP[0xF7670FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000067[0x867C5A38]
5 ACPI[0xF74E6620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T1L0-c[0x85E24D98]
kernel: MBR read successfully
user & kernel MBR OK
 
hi shelf life,

Do you think I can use the features of the samsung recovery utility to recover the W7 box, or will it recover the virus/rootkit with it ?

I will do a gmer scan on the W7 box tonight and post the log, yesterday I did one, but it took ages to complete & I had to cancel it, however I saw a lot of JMP instructions on different exe. and it does not look very good.

Bye
philippe
 
You must log in or register to reply here.
Back
Top