Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Power Eraser to fix DNS Changer Bot issue led to BSOD in Windows Vista - HELP!


  • This topic is locked This topic is locked
7 replies to this topic

#1 Camillejnae

Camillejnae

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 05 March 2012 - 10:50 AM

My boss got a series of emails and letters from Comcast instructing him to fix hid DNS server bot issue due to the DNS Changer Bot problem they encountered. If he didn't do what they wanted his internet service would be disconnected or interrupted. He asked me to do the "do-it-yourself" process to correct the problem because I am better with computers than he is.NOTE: He is running Windows Vista on an Acer Desktop Computer.



So I went to the site Comcast said to go to: http://xfinity.comcast.net/constantguard/botassistance/dnsbot, got started on the DIY guide in which the first step is to download and run Norton's Power Eraser : "Download Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx". I did this and followed the instructions on Nortons site, and its tutorial to the "t". I even created a manual Restore Point and Backed up his personal info to my 1TB just in case something went wrong. When it forced the restart, and reloaded I got the blue screen of death saying that windows was being shut down due to an error that may harm the computer. I could start the computer in Safe Mode but I could not get it to connect to the internet in Safe Mode. I ran all the necessary tests on the memory and integrity through Safe Mode and nothing comes up corrupted or wrong. I cannot start up the computer normally - only in Safe Mode.I do see the Norton Power Eraser Log but I'm not sure if it deleted something that was needed for normal start-up - I'm assuming it did, because it's the only thing different before the computer crashed.



Tried the F8 trick to restart from the Last Good Configuration - NO GO. Tried restarting it in Debug mode, NO GO. Tried to boot using "msconfig" and only boot using certain programs from Microsoft only, NO GO. Tried to do a System Restore in Safe Mode (via Command Prompt), NO GO.I have tried all these things in Administrator mode and in the regular user mode, NO GO.



I'm at a loss at this point - I've been on many forums and cannot find anyone that is using Windows Vista who has a fix for this. It is clearly because of this Eraser tool but it won't let me go back to my restore point, it gives me another error code, in addition to the BSOD error codes. If anyone can help I would appreciate it - if you need the Norton logs, Error codes, etc. please respond and I'll be happy to post.



Thank you.



Camille

Edited by Budapest, 05 March 2012 - 03:52 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:43 AM

Posted 06 March 2012 - 01:57 AM

Copy the tools from a clean PC to infected one

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand
  • Local time:05:43 PM

Posted 06 March 2012 - 03:23 AM

The user for this thread is on 3 different forums.

Quads

#4 Camillejnae

Camillejnae
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 06 March 2012 - 11:15 AM

Yes, Quads I'm on 3 different forums because no one has been able to help me fix the problem unfortunately - 3 heads are better than one in this case, and my frustration level is at an all time high. Forgive me if I think asking 300 people as supposed to 3 people will help me get the answers I need...I'm just fed up at this point. Hope that is not a bad thing...just trying to get some help.

@narenxp: I will do this as soon as I get home from work and post the logs.

UPDATE: I was able to bypass the BSOD by simultaneously clicking F10 and Alt while computer was booting up. This allowed me TEMPORARILY to boot up normally (not in safe mode). I was logged in for 3 hours, in which I did a system restore to 3 days ago, ran 3 anti-virus and anti-malware programs (microsoft's pc fix, AVG, and Malware Bytes), removed 7 or 8 Trojans. I searched extensively for the Norton program but it was no where to be found. I then did a restart (because I was prompted after all the spring cleaning I was doing) and guess what....BSOD again with the same error codes.

I will post all logs and back-up material when I get home.

Thanks!

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:43 AM

Posted 08 March 2012 - 05:51 AM

Following instructions from different people may mess up your PC.Also i did not ask you to run malwarebytes or AVG.Its useless to run them if your PC is infected by rootkits.Run the tools instructed before.

good luck

#6 Camillejnae

Camillejnae
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 08 March 2012 - 09:52 AM

@narenxp - Look babe, don't get snippity LOL, come down a notch. I ran Malwarebytes and AVG prior to seeing your message - I work 9a-9p everyday so I'm limited to when I can check these sites. I'm taking multiple opinions because NOTHING has worked u to this point. I will run the tools you asked me to run and post to forums as soon as I get a chance. Thanks for your help.

#7 Camillejnae

Camillejnae
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 09 March 2012 - 08:01 PM

Below is the aswMBR log results:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 19:39:36
-----------------------------
19:39:36.790 OS Version: Windows 6.0.6002 Service Pack 2
19:39:36.790 Number of processors: 2 586 0x6B02
19:39:36.790 ComputerName: OWNERS-PC UserName: Owner
19:39:37.648 Initialize success
19:40:32.233 AVAST engine defs: 12030900
19:40:56.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
19:40:56.116 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 6
19:40:56.179 Disk 0 MBR read successfully
19:40:56.179 Disk 0 MBR scan
19:40:56.179 Disk 0 Windows VISTA default MBR code
19:40:56.194 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
19:40:56.241 Disk 0 scanning sectors +625139712
19:40:56.428 Disk 0 scanning C:\Windows\system32\drivers
19:41:34.430 Service scanning
19:41:35.553 Service ajuileky C:\Windows\system32\drivers\ajuileky.sys **HIDDEN**
19:41:36.099 Service AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys **HIDDEN**
19:41:36.099 Service AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys **HIDDEN**
19:41:36.099 Service AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys **HIDDEN**
19:41:36.099 Service Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys **HIDDEN**
19:41:36.099 Service Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys **HIDDEN**
19:41:43.041 Service MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys **HIDDEN**
19:41:43.587 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:41:57.924 Modules scanning
19:42:34.272 Disk 0 trace - called modules:
19:42:34.303 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
19:42:34.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85701ac8]
19:42:34.318 3 CLASSPNP.SYS[89f9e8b3] -> nt!IofCallDriver -> [0x855ce700]
19:42:34.334 5 acpi.sys[8980a6bc] -> nt!IofCallDriver -> \Device\00000051[0x851b8c90]
19:42:35.083 AVAST engine scan C:\Windows
19:43:29.823 AVAST engine scan C:\Windows\system32
19:46:30.081 AVAST engine scan C:\Windows\system32\drivers
19:46:43.903 AVAST engine scan C:\Users\Owner
19:54:19.298 AVAST engine scan C:\ProgramData
19:55:48.592 Scan finished successfully
19:55:57.282 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
19:55:57.282 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"




Below is the gmer scan results:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-09 19:31:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000051 Hitachi_ rev.ST2O
Running: xy1337ir.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwdiapow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[384] kernel32.dll!CreateThread 75E8CB2E 5 Bytes JMP 71357303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!EnableWindow 7630CD8B 5 Bytes JMP 71399A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!DefWindowProcA 7630DB88 7 Bytes JMP 7135952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!CreateWindowExA 7630DC2A 5 Bytes JMP 71363363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!CreateWindowExW 76311305 5 Bytes JMP 713BFF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!DefWindowProcW 763203B4 7 Bytes JMP 713B7C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!DialogBoxParamW 763310B0 5 Bytes JMP 712F170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!DialogBoxIndirectParamW 76332EF5 5 Bytes JMP 714E6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!DialogBoxParamA 76348152 5 Bytes JMP 714E62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!DialogBoxIndirectParamA 7634847D 5 Bytes JMP 714E639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!MessageBoxIndirectA 7635D4D9 5 Bytes JMP 714E6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!MessageBoxIndirectW 7635D5D3 5 Bytes JMP 714E61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!MessageBoxExA 7635D639 5 Bytes JMP 714E617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] USER32.dll!MessageBoxExW 7635D65D 5 Bytes JMP 714E6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[384] ole32.dll!OleLoadFromStream 761D1E80 5 Bytes JMP 714E6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\??\C:\Windows\system32\drivers\ajuileky.sys (*** hidden *** ) [SYSTEM] ajuileky <-- ROOTKIT !!!
Service system32\DRIVERS\AVGIDSDriver.Sys (*** hidden *** ) [DISABLED] AVGIDSDriver <-- ROOTKIT !!!
Service system32\DRIVERS\AVGIDSFilter.Sys (*** hidden *** ) [DISABLED] AVGIDSFilter <-- ROOTKIT !!!
Service system32\DRIVERS\AVGIDSShim.Sys (*** hidden *** ) [DISABLED] AVGIDSShim <-- ROOTKIT !!!
Service system32\DRIVERS\avgrkx86.sys (*** hidden *** ) [DISABLED] Avgrkx86 <-- ROOTKIT !!!
Service system32\DRIVERS\avgtdix.sys (*** hidden *** ) [DISABLED] Avgtdix <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\mbamswissarmy.sys (*** hidden *** ) [MANUAL] MBAMSwissArmy <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions RESTORE
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 692
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Owner\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Windows\system32\drivers\ajuileky.sys??\??\C:\Users\Owner\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Program Files\AVG\AVG2012\avgcfgx.dll.old??\??\C:\Program Files\AVG\AVG2012\avglogx.dll.old??\??\C:\Program Files\AVG\AVG2012\avgmfapx.exe.old??\??\C:\Program Files\AVG\AVG2012\avgmfarx.dll.old??\??\C:\Program Files\AVG\AVG2012\avgxpl.dll.old??\??\C:\Program Files\AVG\AVG2012\HtmLayout.dll.old??\??\C:\ProgramData\AVG2012\Temp\file3196.tmp??\??\C:\ProgramData\AVG2012\Temp\??\??\C:\ProgramData\AVG2012\log\avgcfg.log??\??\C:\ProgramData\AVG2012\log\avgcfg.log.lock??\??\C:\ProgramData\AVG2012\log\avgcore.log.lock??\??\C:\ProgramData\AVG2012\log\??\??\C:\ProgramData\AVG2012\fet\2cc4afc9c4af941c.dat??\??\C:\ProgramData\AVG2012\fet??\??\C:\ProgramData\AVG2012\??\??\C:\Program Files\AVG\AVG2012\??\??\C:\Program Files\AVG\??\??\C:\Config.Msi\5988fb.rbf??\??\C:\Config.Msi\5988fc.rbf??\??\C:\Config.Msi\5988fd.rbf??\??\C:\Config.Msi\59896c.rbf??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 61
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 344431213
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 78
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d8d5e1a1-b4ca-4844-aa24-e015a0e
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky@ImagePath \??\C:\Windows\system32\drivers\ajuileky.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\ajuileky@Args C:\Windows\system32\drivers\ajuileky.sys:changelist
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@ImagePath system32\DRIVERS\AVGIDSDriver.Sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@DisplayName AVGIDSDriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@DependOnService AVGIDSFilter?
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@Description AVG Technologies IDS Application Activity Monitor Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSDriver\Parameters@NamePrefix AVG
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@ImagePath system32\DRIVERS\AVGIDSFilter.Sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@DisplayName AVGIDSFilter
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@DependOnService AVGIDSShim?
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@Description AVG Technologies IDS Application Activity Monitor Filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSFilter\Parameters@NamePrefix AVG
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@ImagePath system32\DRIVERS\AVGIDSShim.Sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@DisplayName AVGIDSShim
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@Description AVG Technologies IDS Application Activity Monitor Shim Loader Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\AVGIDSShim\Parameters@NamePrefix AVG
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86@ImagePath system32\DRIVERS\avgrkx86.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86@DisplayName AVG Anti-Rootkit Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgrkx86@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@ImagePath system32\DRIVERS\avgtdix.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@DisplayName AVG TDI Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\Services\Avgtdix@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath \??\C:\Windows\system32\drivers\mbamswissarmy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 480
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B48E36EF-B8E0-4039-9F3F-6F6E3D17796B}@LeaseObtainedTime 1331005868
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B48E36EF-B8E0-4039-9F3F-6F6E3D17796B}@T1 1331049068
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B48E36EF-B8E0-4039-9F3F-6F6E3D17796B}@T2 1331081468
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B48E36EF-B8E0-4039-9F3F-6F6E3D17796B}@LeaseTerminatesTime 1331092268
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 7484
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 7485
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 7302 7308 7318 7328 7348 7392 7402 7440 7446 7462 7470
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedUserData\UsedDrives@MRUList cba
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report04549148
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 7484
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 7485
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-187694184-3806380526-134296880-1000@State 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-187694184-3806380526-134296880-1000@RefCount 0

---- EOF - GMER 1.0.15 ----


Below is the Log for TSS

18:53:17.0011 1504 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:53:17.0588 1504 ============================================================
18:53:17.0588 1504 Current date / time: 2012/03/09 18:53:17.0588
18:53:17.0588 1504 SystemInfo:
18:53:17.0588 1504
18:53:17.0588 1504 OS Version: 6.0.6002 ServicePack: 2.0
18:53:17.0588 1504 Product type: Workstation
18:53:17.0588 1504 ComputerName: OWNERS-PC
18:53:17.0588 1504 UserName: Owner
18:53:17.0588 1504 Windows directory: C:\Windows
18:53:17.0588 1504 System windows directory: C:\Windows
18:53:17.0588 1504 Processor architecture: Intel x86
18:53:17.0588 1504 Number of processors: 2
18:53:17.0588 1504 Page size: 0x1000
18:53:17.0588 1504 Boot type: Safe boot with network
18:53:17.0588 1504 ============================================================
18:53:17.0962 1504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:53:17.0962 1504 \Device\Harddisk0\DR0:
18:53:17.0962 1504 MBR used
18:53:17.0962 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
18:53:17.0994 1504 Initialize success
18:53:17.0994 1504 ============================================================
18:53:52.0392 0836 ============================================================
18:53:52.0392 0836 Scan started
18:53:52.0392 0836 Mode: Manual; TDLFS;
18:53:52.0392 0836 ============================================================
18:53:52.0969 0836 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:53:52.0969 0836 ACPI - ok
18:53:53.0078 0836 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:53:53.0094 0836 adp94xx - ok
18:53:53.0109 0836 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:53:53.0109 0836 adpahci - ok
18:53:53.0156 0836 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:53:53.0156 0836 adpu160m - ok
18:53:53.0250 0836 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:53:53.0265 0836 adpu320 - ok
18:53:53.0343 0836 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:53:53.0343 0836 AFD - ok
18:53:53.0515 0836 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\Windows\system32\DRIVERS\AGRSM.sys
18:53:53.0530 0836 AgereSoftModem - ok
18:53:53.0686 0836 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:53:53.0686 0836 agp440 - ok
18:53:53.0733 0836 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:53:53.0733 0836 aic78xx - ok
18:53:53.0733 0836 Suspicious service (Hidden): ajuileky
18:53:53.0858 0836 ajuileky (ad48d313e56f4cc7c67a6c0dd9047b03) C:\Windows\system32\drivers\ajuileky.sys
18:53:53.0858 0836 ajuileky ( HiddenService.Multi.Generic ) - warning
18:53:53.0858 0836 ajuileky - detected HiddenService.Multi.Generic (1)
18:53:53.0874 0836 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:53:53.0874 0836 aliide - ok
18:53:53.0983 0836 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:53:53.0998 0836 amdagp - ok
18:53:54.0030 0836 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:53:54.0030 0836 amdide - ok
18:53:54.0123 0836 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:53:54.0123 0836 AmdK7 - ok
18:53:54.0154 0836 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
18:53:54.0154 0836 AmdK8 - ok
18:53:54.0232 0836 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:53:54.0232 0836 arc - ok
18:53:54.0310 0836 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:53:54.0310 0836 arcsas - ok
18:53:54.0357 0836 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:54.0357 0836 AsyncMac - ok
18:53:54.0388 0836 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:53:54.0388 0836 atapi - ok
18:53:54.0420 0836 Suspicious service (Hidden): AVGIDSDriver
18:53:54.0466 0836 AVGIDSDriver ( HiddenService.Multi.Generic ) - warning
18:53:54.0466 0836 AVGIDSDriver - detected HiddenService.Multi.Generic (1)
18:53:54.0466 0836 Suspicious service (Hidden): AVGIDSFilter
18:53:54.0482 0836 AVGIDSFilter ( HiddenService.Multi.Generic ) - warning
18:53:54.0482 0836 AVGIDSFilter - detected HiddenService.Multi.Generic (1)
18:53:54.0482 0836 Suspicious service (Hidden): AVGIDSShim
18:53:54.0498 0836 AVGIDSShim ( HiddenService.Multi.Generic ) - warning
18:53:54.0498 0836 AVGIDSShim - detected HiddenService.Multi.Generic (1)
18:53:54.0498 0836 Suspicious service (Hidden): Avgrkx86
18:53:54.0498 0836 Avgrkx86 ( HiddenService.Multi.Generic ) - warning
18:53:54.0498 0836 Avgrkx86 - detected HiddenService.Multi.Generic (1)
18:53:54.0498 0836 Suspicious service (Hidden): Avgtdix
18:53:54.0513 0836 Avgtdix ( HiddenService.Multi.Generic ) - warning
18:53:54.0513 0836 Avgtdix - detected HiddenService.Multi.Generic (1)
18:53:54.0560 0836 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:53:54.0576 0836 Beep - ok
18:53:54.0654 0836 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:53:54.0654 0836 blbdrive - ok
18:53:54.0700 0836 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:53:54.0700 0836 bowser - ok
18:53:54.0794 0836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:53:54.0794 0836 BrFiltLo - ok
18:53:54.0841 0836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:53:54.0841 0836 BrFiltUp - ok
18:53:54.0872 0836 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:53:54.0872 0836 Brserid - ok
18:53:54.0934 0836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:53:54.0950 0836 BrSerWdm - ok
18:53:54.0981 0836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:53:54.0981 0836 BrUsbMdm - ok
18:53:54.0997 0836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:53:54.0997 0836 BrUsbSer - ok
18:53:55.0090 0836 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:53:55.0090 0836 BTHMODEM - ok
18:53:55.0153 0836 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:53:55.0153 0836 cdfs - ok
18:53:55.0200 0836 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:53:55.0200 0836 cdrom - ok
18:53:55.0278 0836 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:53:55.0278 0836 circlass - ok
18:53:55.0324 0836 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:53:55.0324 0836 CLFS - ok
18:53:55.0449 0836 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:53:55.0449 0836 cmdide - ok
18:53:55.0449 0836 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:53:55.0465 0836 Compbatt - ok
18:53:55.0496 0836 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:53:55.0496 0836 crcdisk - ok
18:53:55.0558 0836 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:53:55.0574 0836 Crusoe - ok
18:53:55.0636 0836 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:53:55.0636 0836 DfsC - ok
18:53:55.0761 0836 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:53:55.0761 0836 disk - ok
18:53:55.0870 0836 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:53:55.0870 0836 drmkaud - ok
18:53:55.0917 0836 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:53:55.0933 0836 DXGKrnl - ok
18:53:56.0026 0836 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:53:56.0042 0836 E1G60 - ok
18:53:56.0089 0836 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:53:56.0089 0836 Ecache - ok
18:53:56.0198 0836 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:53:56.0198 0836 elxstor - ok
18:53:56.0245 0836 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:53:56.0245 0836 ErrDev - ok
18:53:56.0370 0836 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:53:56.0370 0836 exfat - ok
18:53:56.0401 0836 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:53:56.0401 0836 fastfat - ok
18:53:56.0510 0836 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:53:56.0510 0836 fdc - ok
18:53:56.0541 0836 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:53:56.0541 0836 FileInfo - ok
18:53:56.0572 0836 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:53:56.0572 0836 Filetrace - ok
18:53:56.0635 0836 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:56.0635 0836 flpydisk - ok
18:53:56.0666 0836 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:53:56.0666 0836 FltMgr - ok
18:53:56.0760 0836 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:53:56.0760 0836 Fs_Rec - ok
18:53:56.0791 0836 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:53:56.0791 0836 gagp30kx - ok
18:53:56.0931 0836 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:53:56.0931 0836 HdAudAddService - ok
18:53:56.0962 0836 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:53:56.0978 0836 HDAudBus - ok
18:53:57.0040 0836 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:53:57.0040 0836 HidBth - ok
18:53:57.0072 0836 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:53:57.0072 0836 HidIr - ok
18:53:57.0150 0836 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:53:57.0150 0836 HidUsb - ok
18:53:57.0196 0836 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:53:57.0196 0836 HpCISSs - ok
18:53:57.0259 0836 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:53:57.0274 0836 HTTP - ok
18:53:57.0352 0836 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:53:57.0368 0836 i2omp - ok
18:53:57.0462 0836 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:57.0462 0836 i8042prt - ok
18:53:57.0508 0836 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:53:57.0508 0836 iaStorV - ok
18:53:57.0602 0836 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:53:57.0602 0836 iirsp - ok
18:53:57.0680 0836 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
18:53:57.0711 0836 IntcAzAudAddService - ok
18:53:57.0820 0836 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:53:57.0820 0836 intelide - ok
18:53:57.0836 0836 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:53:57.0836 0836 intelppm - ok
18:53:57.0914 0836 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:57.0914 0836 IpFilterDriver - ok
18:53:57.0945 0836 IpInIp - ok
18:53:57.0992 0836 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:53:57.0992 0836 IPMIDRV - ok
18:53:58.0039 0836 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:53:58.0039 0836 IPNAT - ok
18:53:58.0101 0836 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:53:58.0101 0836 IRENUM - ok
18:53:58.0164 0836 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:53:58.0164 0836 isapnp - ok
18:53:58.0195 0836 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:53:58.0210 0836 iScsiPrt - ok
18:53:58.0257 0836 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:53:58.0257 0836 iteatapi - ok
18:53:58.0320 0836 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:53:58.0320 0836 iteraid - ok
18:53:58.0366 0836 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:58.0366 0836 kbdclass - ok
18:53:58.0429 0836 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:58.0429 0836 kbdhid - ok
18:53:58.0507 0836 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:53:58.0507 0836 KSecDD - ok
18:53:58.0600 0836 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:53:58.0600 0836 lltdio - ok
18:53:58.0647 0836 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:53:58.0647 0836 LSI_FC - ok
18:53:58.0725 0836 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:53:58.0725 0836 LSI_SAS - ok
18:53:58.0772 0836 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:53:58.0772 0836 LSI_SCSI - ok
18:53:58.0834 0836 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:53:58.0834 0836 luafv - ok
18:53:58.0866 0836 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:53:58.0866 0836 MBAMProtector - ok
18:53:58.0928 0836 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
18:53:58.0928 0836 MBAMSwissArmy - ok
18:53:59.0006 0836 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:53:59.0006 0836 megasas - ok
18:53:59.0084 0836 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:53:59.0084 0836 MegaSR - ok
18:53:59.0146 0836 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:53:59.0146 0836 Modem - ok
18:53:59.0256 0836 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:53:59.0256 0836 monitor - ok
18:53:59.0302 0836 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:53:59.0302 0836 mouclass - ok
18:53:59.0349 0836 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:53:59.0349 0836 mouhid - ok
18:53:59.0380 0836 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:53:59.0380 0836 MountMgr - ok
18:53:59.0458 0836 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:53:59.0458 0836 MpFilter - ok
18:53:59.0536 0836 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:53:59.0552 0836 mpio - ok
18:53:59.0583 0836 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:53:59.0583 0836 MpNWMon - ok
18:53:59.0630 0836 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:53:59.0630 0836 mpsdrv - ok
18:53:59.0708 0836 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:53:59.0708 0836 Mraid35x - ok
18:53:59.0802 0836 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:53:59.0802 0836 MRxDAV - ok
18:53:59.0833 0836 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:59.0833 0836 mrxsmb - ok
18:53:59.0880 0836 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:59.0880 0836 mrxsmb10 - ok
18:53:59.0911 0836 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:59.0911 0836 mrxsmb20 - ok
18:54:00.0004 0836 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:54:00.0004 0836 msahci - ok
18:54:00.0020 0836 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:54:00.0036 0836 msdsm - ok
18:54:00.0114 0836 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:54:00.0114 0836 Msfs - ok
18:54:00.0129 0836 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:54:00.0129 0836 msisadrv - ok
18:54:00.0223 0836 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:54:00.0238 0836 MSKSSRV - ok
18:54:00.0285 0836 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:54:00.0285 0836 MSPCLOCK - ok
18:54:00.0394 0836 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:54:00.0394 0836 MSPQM - ok
18:54:00.0457 0836 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:54:00.0457 0836 MsRPC - ok
18:54:00.0504 0836 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:54:00.0504 0836 mssmbios - ok
18:54:00.0597 0836 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:54:00.0597 0836 MSTEE - ok
18:54:00.0660 0836 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:54:00.0660 0836 Mup - ok
18:54:00.0753 0836 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:54:00.0753 0836 NativeWifiP - ok
18:54:00.0816 0836 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:54:00.0831 0836 NDIS - ok
18:54:00.0909 0836 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:54:00.0909 0836 NdisTapi - ok
18:54:00.0925 0836 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:54:00.0925 0836 Ndisuio - ok
18:54:00.0956 0836 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:54:00.0956 0836 NdisWan - ok
18:54:01.0003 0836 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:54:01.0003 0836 NDProxy - ok
18:54:01.0065 0836 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:54:01.0065 0836 NetBIOS - ok
18:54:01.0112 0836 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:54:01.0112 0836 netbt - ok
18:54:01.0174 0836 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:54:01.0174 0836 nfrd960 - ok
18:54:01.0237 0836 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:54:01.0237 0836 NisDrv - ok
18:54:01.0284 0836 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:54:01.0284 0836 Npfs - ok
18:54:01.0330 0836 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:54:01.0330 0836 nsiproxy - ok
18:54:01.0393 0836 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:54:01.0408 0836 Ntfs - ok
18:54:01.0471 0836 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:54:01.0471 0836 ntrigdigi - ok
18:54:01.0518 0836 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:54:01.0518 0836 Null - ok
18:54:01.0564 0836 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:54:01.0564 0836 NVENETFD - ok
18:54:01.0674 0836 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
18:54:01.0674 0836 NVHDA - ok
18:54:01.0908 0836 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:54:02.0079 0836 nvlddmkm - ok
18:54:02.0142 0836 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:54:02.0142 0836 nvraid - ok
18:54:02.0188 0836 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
18:54:02.0188 0836 nvsmu - ok
18:54:02.0266 0836 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:54:02.0266 0836 nvstor - ok
18:54:02.0313 0836 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
18:54:02.0313 0836 nvstor32 - ok
18:54:02.0422 0836 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:54:02.0422 0836 nv_agp - ok
18:54:02.0422 0836 NwlnkFlt - ok
18:54:02.0438 0836 NwlnkFwd - ok
18:54:02.0485 0836 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:54:02.0485 0836 ohci1394 - ok
18:54:02.0578 0836 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:54:02.0578 0836 Parport - ok
18:54:02.0610 0836 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:54:02.0610 0836 partmgr - ok
18:54:02.0672 0836 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:54:02.0672 0836 Parvdm - ok
18:54:02.0703 0836 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:54:02.0703 0836 pci - ok
18:54:02.0812 0836 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:54:02.0812 0836 pciide - ok
18:54:02.0859 0836 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:54:02.0859 0836 pcmcia - ok
18:54:02.0937 0836 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:54:02.0953 0836 PEAUTH - ok
18:54:03.0000 0836 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:54:03.0000 0836 PptpMiniport - ok
18:54:03.0062 0836 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:54:03.0062 0836 Processor - ok
18:54:03.0124 0836 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:54:03.0124 0836 PSched - ok
18:54:03.0249 0836 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:54:03.0265 0836 ql2300 - ok
18:54:03.0343 0836 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:54:03.0358 0836 ql40xx - ok
18:54:03.0390 0836 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:54:03.0390 0836 QWAVEdrv - ok
18:54:03.0452 0836 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:54:03.0452 0836 RasAcd - ok
18:54:03.0468 0836 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:54:03.0468 0836 Rasl2tp - ok
18:54:03.0499 0836 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:54:03.0499 0836 RasPppoe - ok
18:54:03.0546 0836 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:54:03.0546 0836 RasSstp - ok
18:54:03.0561 0836 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:54:03.0561 0836 rdbss - ok
18:54:03.0639 0836 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:54:03.0639 0836 RDPCDD - ok
18:54:03.0670 0836 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:54:03.0670 0836 rdpdr - ok
18:54:03.0733 0836 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:54:03.0733 0836 RDPENCDD - ok
18:54:03.0780 0836 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:54:03.0795 0836 RDPWD - ok
18:54:03.0873 0836 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:54:03.0873 0836 rspndr - ok
18:54:03.0904 0836 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:54:03.0920 0836 sbp2port - ok
18:54:03.0998 0836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:54:03.0998 0836 secdrv - ok
18:54:04.0029 0836 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:54:04.0029 0836 Serenum - ok
18:54:04.0076 0836 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:54:04.0076 0836 Serial - ok
18:54:04.0123 0836 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:54:04.0123 0836 sermouse - ok
18:54:04.0170 0836 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:54:04.0170 0836 sffdisk - ok
18:54:04.0201 0836 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:54:04.0201 0836 sffp_mmc - ok
18:54:04.0263 0836 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:54:04.0263 0836 sffp_sd - ok
18:54:04.0310 0836 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:54:04.0310 0836 sfloppy - ok
18:54:04.0372 0836 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:54:04.0388 0836 sisagp - ok
18:54:04.0419 0836 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:54:04.0435 0836 SiSRaid2 - ok
18:54:04.0497 0836 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:54:04.0497 0836 SiSRaid4 - ok
18:54:04.0560 0836 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:54:04.0560 0836 Smb - ok
18:54:04.0606 0836 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:54:04.0606 0836 spldr - ok
18:54:04.0669 0836 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:54:04.0669 0836 srv - ok
18:54:04.0700 0836 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:54:04.0700 0836 srv2 - ok
18:54:04.0731 0836 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:54:04.0731 0836 srvnet - ok
18:54:04.0794 0836 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:54:04.0794 0836 swenum - ok
18:54:04.0825 0836 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:54:04.0825 0836 Symc8xx - ok
18:54:04.0887 0836 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:54:04.0887 0836 Sym_hi - ok
18:54:04.0950 0836 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:54:04.0965 0836 Sym_u3 - ok
18:54:05.0028 0836 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
18:54:05.0028 0836 Tcpip - ok
18:54:05.0106 0836 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
18:54:05.0121 0836 Tcpip6 - ok
18:54:05.0184 0836 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
18:54:05.0184 0836 tcpipreg - ok
18:54:05.0246 0836 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:54:05.0246 0836 TDPIPE - ok
18:54:05.0324 0836 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:54:05.0324 0836 TDTCP - ok
18:54:05.0386 0836 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:54:05.0386 0836 tdx - ok
18:54:05.0449 0836 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:54:05.0449 0836 TermDD - ok
18:54:05.0496 0836 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:54:05.0496 0836 tssecsrv - ok
18:54:05.0558 0836 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:54:05.0558 0836 tunmp - ok
18:54:05.0574 0836 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:54:05.0574 0836 tunnel - ok
18:54:05.0636 0836 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:54:05.0636 0836 uagp35 - ok
18:54:05.0683 0836 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:54:05.0683 0836 udfs - ok
18:54:05.0745 0836 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:54:05.0745 0836 uliagpkx - ok
18:54:05.0823 0836 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:54:05.0823 0836 uliahci - ok
18:54:05.0839 0836 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:54:05.0870 0836 UlSata - ok
18:54:05.0917 0836 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:54:05.0917 0836 ulsata2 - ok
18:54:05.0948 0836 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:54:05.0964 0836 umbus - ok
18:54:05.0995 0836 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:54:05.0995 0836 usbccgp - ok
18:54:06.0073 0836 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:54:06.0073 0836 usbcir - ok
18:54:06.0135 0836 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:54:06.0135 0836 usbehci - ok
18:54:06.0182 0836 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:54:06.0182 0836 usbhub - ok
18:54:06.0229 0836 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:54:06.0229 0836 usbohci - ok
18:54:06.0276 0836 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:54:06.0276 0836 usbprint - ok
18:54:06.0354 0836 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:54:06.0354 0836 usbscan - ok
18:54:06.0432 0836 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:54:06.0432 0836 USBSTOR - ok
18:54:06.0478 0836 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:54:06.0478 0836 usbuhci - ok
18:54:06.0556 0836 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:54:06.0556 0836 vga - ok
18:54:06.0603 0836 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:54:06.0603 0836 VgaSave - ok
18:54:06.0650 0836 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:54:06.0650 0836 viaagp - ok
18:54:06.0697 0836 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:54:06.0697 0836 ViaC7 - ok
18:54:06.0759 0836 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:54:06.0759 0836 viaide - ok
18:54:06.0790 0836 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:54:06.0790 0836 volmgr - ok
18:54:06.0837 0836 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:54:06.0837 0836 volmgrx - ok
18:54:06.0900 0836 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:54:06.0900 0836 volsnap - ok
18:54:06.0978 0836 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:54:06.0978 0836 vsmraid - ok
18:54:07.0087 0836 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:54:07.0087 0836 WacomPen - ok
18:54:07.0118 0836 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:07.0118 0836 Wanarp - ok
18:54:07.0134 0836 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:07.0134 0836 Wanarpv6 - ok
18:54:07.0227 0836 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:54:07.0243 0836 Wd - ok
18:54:07.0274 0836 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:54:07.0274 0836 Wdf01000 - ok
18:54:07.0383 0836 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:54:07.0383 0836 WmiAcpi - ok
18:54:07.0477 0836 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:54:07.0477 0836 WpdUsb - ok
18:54:07.0586 0836 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:54:07.0586 0836 ws2ifsl - ok
18:54:07.0711 0836 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:54:07.0726 0836 WUDFRd - ok
18:54:07.0742 0836 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:54:07.0882 0836 \Device\Harddisk0\DR0 - ok
18:54:07.0882 0836 Boot (0x1200) (568950a3ddd6ba90f7055e70adffb90e) \Device\Harddisk0\DR0\Partition0
18:54:07.0882 0836 \Device\Harddisk0\DR0\Partition0 - ok
18:54:07.0882 0836 ============================================================
18:54:07.0882 0836 Scan finished
18:54:07.0882 0836 ============================================================
18:54:07.0898 1124 Detected object count: 6
18:54:07.0898 1124 Actual detected object count: 6
18:54:52.0686 1124 C:\Windows\system32\drivers\ajuileky.sys - copied to quarantine
18:54:52.0686 1124 ajuileky ( HiddenService.Multi.Generic ) - User select action: Quarantine
18:54:52.0686 1124 AVGIDSDriver ( HiddenService.Multi.Generic ) - skipped by user
18:54:52.0686 1124 AVGIDSDriver ( HiddenService.Multi.Generic ) - User select action: Skip
18:54:52.0686 1124 AVGIDSFilter ( HiddenService.Multi.Generic ) - skipped by user
18:54:52.0686 1124 AVGIDSFilter ( HiddenService.Multi.Generic ) - User select action: Skip
18:54:52.0686 1124 AVGIDSShim ( HiddenService.Multi.Generic ) - skipped by user
18:54:52.0686 1124 AVGIDSShim ( HiddenService.Multi.Generic ) - User select action: Skip
18:54:52.0701 1124 Avgrkx86 ( HiddenService.Multi.Generic ) - skipped by user
18:54:52.0701 1124 Avgrkx86 ( HiddenService.Multi.Generic ) - User select action: Skip
18:54:52.0701 1124 Avgtdix ( HiddenService.Multi.Generic ) - skipped by user
18:54:52.0701 1124 Avgtdix ( HiddenService.Multi.Generic ) - User select action: Skip
18:55:41.0170 1408 Deinitialize success

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:43 AM

Posted 13 March 2012 - 12:37 PM

I am closing the topic at the request of the user.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users