Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD crashes laptop


  • This topic is locked This topic is locked
21 replies to this topic

#1 cris4b

cris4b

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 26 December 2011 - 12:05 PM

My Toshiba Qosmio laptop has crashed on a regular basis. Locks up, blue screen of death, manual shut down and reboot necessary. Hijack This log file indicates several "unknown owner" or "no file exists" entries and I don't know what they are. I had Kaspersky installed for 1 year, now AVG Free in last two weeks. Updated video card driver after researching web forums for this common thread. Crashed again this morning and I downloaded Hijack This and ran. Ran virus scan through safe mode with no hits. Let me know if I should post the Hijack this log and how to do so.
Cris4b

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 01 January 2012 - 12:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434537 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 03 January 2012 - 08:35 PM

Toshiba Qosmio X505, Windows 7 home premium, SP2, 64 bit, I7, Nvdia GeForce GTX 460M video card. The issue is sudden lockup and crash. Sometimes the mouse and keyboard lock up, last time the blue screen appeared and had to be shut down. Within last few months I upgraded the video driver. Running AVG Free AV. I don't have many programs installed, DraftSight CAD, Photoshop Elements, Open Office are the largest. When using Elements and saving files, "not responding" shows in title bar briefly, then the file saves. I have noticed this in some other programs. Any assistance is greatly appreciated. Cris4b

Ran the DDS scan, it is below, the other file Attach is attached.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Chris at 20:20:25 on 2012-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.1615 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Users\Chris\Downloads\HijackThis.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DE093A69-E723-4B53-BFD6-711E74D4749B} - hxxp://jiva.eaglabs.com/Jiva/cab/evans.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E64A3C7-4A70-4C48-82B9-6F7D6422E289} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E64A3C7-4A70-4C48-82B9-6F7D6422E289}\252434D275966496 : DhcpNameServer = 192.168.1.202
TCP: Interfaces\{9E64A3C7-4A70-4C48-82B9-6F7D6422E289}\344525D2533393 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9E64A3C7-4A70-4C48-82B9-6F7D6422E289}\348656D69627 : DhcpNameServer = 192.168.1.40
TCP: Interfaces\{D16AFEB5-9D70-4CC0-926D-1A2151D168FA} : DhcpNameServer = 10.50.0.14 10.50.0.61
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-10-4 103792]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TracSrvWrapper;Check Point Endpoint Security;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-9-26 4142608]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\windows\system32\DRIVERS\vnaap.sys --> C:\windows\system32\DRIVERS\vnaap.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-10-4 126392]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-23 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-23 136176]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-4 54136]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.scr=AutoCADLTScriptFile
.
=============== Created Last 30 ================
.
2011-12-30 22:49:12 -------- d-----w- C:\Users\Chris\VirtualBox VMs
2011-12-30 22:48:24 -------- d-----w- C:\Users\Chris\.VirtualBox
2011-12-30 22:47:50 224048 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2011-12-30 22:47:40 130864 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2011-12-30 22:47:35 -------- d-----w- C:\Program Files\Oracle
2011-12-19 18:45:22 146736 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2011-12-19 18:43:54 320816 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll
2011-12-19 18:43:54 165680 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2011-12-15 03:08:47 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-15 03:08:44 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-15 03:08:44 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-15 03:08:39 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-15 03:08:39 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-11 14:13:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG2012
2011-12-11 14:12:47 -------- d--h--w- C:\ProgramData\Common Files
2011-12-11 14:12:41 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2011-12-11 14:12:27 -------- d-----w- C:\windows\System32\drivers\AVG
2011-12-11 14:12:27 -------- d-----w- C:\ProgramData\AVG2012
2011-12-11 14:11:56 -------- d-----w- C:\Program Files (x86)\AVG
2011-12-11 14:04:00 -------- d-----w- C:\ProgramData\MFAData
2011-12-10 13:49:12 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4C0BDD-A5E1-40AA-9C0B-E7637CF101D7}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-01 03:18:44 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 05:02:13 0 ----a-w- C:\windows\SysWow64\shoCCB0.tmp
2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-10-14 10:25:25 0 ----a-w- C:\windows\SysWow64\shoE7F3.tmp
2011-10-11 01:42:24 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-10-11 01:42:24 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-10-07 11:23:46 283728 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2011-10-06 22:37:26 103720 ----a-w- C:\Users\Chris\GoToAssistDownloadHelper.exe
.
============= FINISH: 20:20:41.01 ===============

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:10 AM

Posted 04 January 2012 - 12:33 PM

Hello cris4b,

  • Please download Listparts64
    Run the tool, click Scan and post the log (Result.txt) it makes.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • List last 10 Event Viewer log
  • List Devices
  • List Minidump Files.
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

#5 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 07 January 2012 - 02:11 PM

Thanks. I ran the first one, ListParts, and the log follows:

ListParts by Farbar
Ran by Chris on 07-01-2012 at 14:08:13
Windows 7 (X64)
Running From: C:\Users\Chris\Downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 71%
Total physical RAM: 4084.48 MB
Available physical RAM: 1181.42 MB
Total Pagefile: 8167.16 MB
Available Pagefile: 4719.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (TI105970W0D) (Fixed) (Total:227.52 GB) (Free:161.41 GB) NTFS
3 Drive e: (Data) (Fixed) (Total:225.42 GB) (Free:215.24 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 227 GB 1501 MB
Partition 0 Extended 225 GB 228 GB
Partition 4 Logical 225 GB 228 GB
Partition 3 Primary 11 GB 454 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Partition 227 GB Healthy Boot

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Data NTFS Partition 225 GB Healthy

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.



****** End Of Log ******

MiniTool Box log results:

Ran by Chris (administrator) on 07-01-2012 at 14:10:30
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2012 01:38:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/07/2012 01:37:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/07/2012 00:06:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: Hoyle Puzzle Games.exe, version: 0.0.0.0, time stamp: 0x4a5b7b38
Faulting module name: Hoyle Puzzle Games.exe, version: 0.0.0.0, time stamp: 0x4a5b7b38
Exception code: 0xc0000005
Fault offset: 0x0031dcaa
Faulting process id: 0x21a4
Faulting application start time: 0xHoyle Puzzle Games.exe0
Faulting application path: Hoyle Puzzle Games.exe1
Faulting module path: Hoyle Puzzle Games.exe2
Report Id: Hoyle Puzzle Games.exe3

Error: (12/31/2011 00:48:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2011 00:47:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/30/2011 05:21:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17720, time stamp: 0x4eb4ba27
Exception code: 0xc0000005
Fault offset: 0x001b78f6
Faulting process id: 0x19a4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/30/2011 05:21:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17720, time stamp: 0x4eb4ba27
Exception code: 0xc0000005
Fault offset: 0x001b78f6
Faulting process id: 0x1a80
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/30/2011 05:21:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17720, time stamp: 0x4eb4ba27
Exception code: 0xc0000005
Fault offset: 0x001b78f6
Faulting process id: 0x1094
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/30/2011 00:10:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17720, time stamp: 0x4eb4ba27
Exception code: 0xc0000005
Fault offset: 0x001b78f6
Faulting process id: 0x1b2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/30/2011 00:09:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17720, time stamp: 0x4eb4ba27
Exception code: 0xc0000005
Fault offset: 0x001b78f6
Faulting process id: 0x174c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (12/26/2011 00:29:44 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/26/2011 10:44:42 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/26/2011 10:10:15 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/07/2012 01:38:05 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/07/2012 01:37:14 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/07/2012 00:06:26 PM) (Source: Application Error)(User: )
Description: Hoyle Puzzle Games.exe0.0.0.04a5b7b38Hoyle Puzzle Games.exe0.0.0.04a5b7b38c00000050031dcaa21a401cccd57420c5f8eC:\Program Files (x86)\Encore\Hoyle Puzzle Games 2010\Hoyle Puzzle Games.exeC:\Program Files (x86)\Encore\Hoyle Puzzle Games 2010\Hoyle Puzzle Games.exeee4efc04-3951-11e1-bb92-5482b6922414

Error: (12/31/2011 00:48:28 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/31/2011 00:47:44 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/30/2011 05:21:56 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912mshtml.dll8.0.7601.177204eb4ba27c0000005001b78f619a401ccc7416f3ffa36C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dllae32a19b-3334-11e1-bb92-5482b6922414

Error: (12/30/2011 05:21:52 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912mshtml.dll8.0.7601.177204eb4ba27c0000005001b78f61a8001ccc741510ee61cC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dllabcedff5-3334-11e1-bb92-5482b6922414

Error: (12/30/2011 05:21:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912mshtml.dll8.0.7601.177204eb4ba27c0000005001b78f6109401ccc7412d7b9544C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dll8d1fa2ed-3334-11e1-bb92-5482b6922414

Error: (12/30/2011 00:10:22 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912mshtml.dll8.0.7601.177204eb4ba27c0000005001b78f61b2c01ccc715e93055a0C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dll2824b736-3309-11e1-bb92-5482b6922414

Error: (12/30/2011 00:09:50 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912mshtml.dll8.0.7601.177204eb4ba27c0000005001b78f6174c01ccc715d5db2b18C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dll14d6dfc9-3309-11e1-bb92-5482b6922414


========================= Devices: ================================

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


Please advise.
Chris

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:10 AM

Posted 07 January 2012 - 07:00 PM

Hi Chris,

The logs shows what we wanted to see.

  • Please check and if needed set Windows to create mini crash dumps:
    • Go to Start => Right-click Computer and select Properties.
    • On the left pane select "Advanced system settings".
    • Under "startup and Recovery" press "Settings...".
    • Under "system failure":

      • "Write an event to the system log" should be selected.
      • "Automatically restart" should be unselected.
      • Under "Write debugging information" it should be set to "Small memory dump(256 KB)"
    • click "OK".
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). In any case please select Skip and click Continue. At this point we want to see if TDSSKiller runs and it it is able to detect the infection we see on ListParts log.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#7 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 08 January 2012 - 01:49 PM

Thanks for the feedback. Below are the contents of the log for TSSKiller.

13:44:28.0126 1632 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:44:28.0516 1632 ============================================================
13:44:28.0516 1632 Current date / time: 2012/01/08 13:44:28.0516
13:44:28.0516 1632 SystemInfo:
13:44:28.0516 1632
13:44:28.0516 1632 OS Version: 6.1.7601 ServicePack: 1.0
13:44:28.0516 1632 Product type: Workstation
13:44:28.0516 1632 ComputerName: LESSA
13:44:28.0516 1632 UserName: Chris
13:44:28.0516 1632 Windows directory: C:\windows
13:44:28.0516 1632 System windows directory: C:\windows
13:44:28.0516 1632 Running under WOW64
13:44:28.0516 1632 Processor architecture: Intel x64
13:44:28.0516 1632 Number of processors: 8
13:44:28.0516 1632 Page size: 0x1000
13:44:28.0516 1632 Boot type: Normal boot
13:44:28.0516 1632 ============================================================
13:44:29.0140 1632 Initialize success
13:44:33.0477 8860 ============================================================
13:44:33.0477 8860 Scan started
13:44:33.0477 8860 Mode: Manual;
13:44:33.0477 8860 ============================================================
13:44:34.0756 8860 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:44:34.0756 8860 1394ohci - ok
13:44:34.0787 8860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:44:34.0787 8860 ACPI - ok
13:44:34.0834 8860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:44:34.0834 8860 AcpiPmi - ok
13:44:34.0912 8860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
13:44:34.0928 8860 adp94xx - ok
13:44:35.0021 8860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
13:44:35.0021 8860 adpahci - ok
13:44:35.0068 8860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
13:44:35.0068 8860 adpu320 - ok
13:44:35.0115 8860 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
13:44:35.0131 8860 AFD - ok
13:44:35.0177 8860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:44:35.0177 8860 agp440 - ok
13:44:35.0271 8860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:44:35.0271 8860 aliide - ok
13:44:35.0287 8860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:44:35.0287 8860 amdide - ok
13:44:35.0333 8860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
13:44:35.0333 8860 AmdK8 - ok
13:44:35.0349 8860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:44:35.0349 8860 AmdPPM - ok
13:44:35.0396 8860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:44:35.0396 8860 amdsata - ok
13:44:35.0427 8860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
13:44:35.0427 8860 amdsbs - ok
13:44:35.0474 8860 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:44:35.0474 8860 amdxata - ok
13:44:35.0583 8860 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:44:35.0583 8860 AppID - ok
13:44:35.0630 8860 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
13:44:35.0630 8860 arc - ok
13:44:35.0645 8860 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
13:44:35.0661 8860 arcsas - ok
13:44:35.0723 8860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:44:35.0723 8860 AsyncMac - ok
13:44:35.0817 8860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:44:35.0833 8860 atapi - ok
13:44:35.0879 8860 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
13:44:35.0879 8860 AVGIDSDriver - ok
13:44:35.0926 8860 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
13:44:35.0926 8860 AVGIDSEH - ok
13:44:35.0957 8860 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
13:44:35.0957 8860 AVGIDSFilter - ok
13:44:35.0989 8860 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
13:44:35.0989 8860 Avgldx64 - ok
13:44:36.0020 8860 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
13:44:36.0035 8860 Avgmfx64 - ok
13:44:36.0254 8860 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
13:44:36.0254 8860 Avgrkx64 - ok
13:44:36.0301 8860 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
13:44:36.0301 8860 Avgtdia - ok
13:44:36.0363 8860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
13:44:36.0363 8860 b06bdrv - ok
13:44:36.0457 8860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:44:36.0457 8860 b57nd60a - ok
13:44:36.0472 8860 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:44:36.0488 8860 Beep - ok
13:44:36.0519 8860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:44:36.0519 8860 blbdrive - ok
13:44:36.0550 8860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:44:36.0566 8860 bowser - ok
13:44:36.0581 8860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:44:36.0581 8860 BrFiltLo - ok
13:44:36.0597 8860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:44:36.0597 8860 BrFiltUp - ok
13:44:36.0613 8860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:44:36.0628 8860 Brserid - ok
13:44:36.0691 8860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:44:36.0691 8860 BrSerWdm - ok
13:44:36.0722 8860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:44:36.0722 8860 BrUsbMdm - ok
13:44:36.0737 8860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:44:36.0753 8860 BrUsbSer - ok
13:44:36.0769 8860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
13:44:36.0784 8860 BTHMODEM - ok
13:44:36.0815 8860 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:44:36.0815 8860 cdfs - ok
13:44:36.0862 8860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
13:44:36.0862 8860 cdrom - ok
13:44:36.0940 8860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
13:44:36.0940 8860 circlass - ok
13:44:36.0987 8860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:44:36.0987 8860 CLFS - ok
13:44:37.0049 8860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:44:37.0049 8860 CmBatt - ok
13:44:37.0081 8860 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:44:37.0081 8860 cmdide - ok
13:44:37.0190 8860 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
13:44:37.0190 8860 CNG - ok
13:44:37.0237 8860 CnxtHdAudService (a7d943bcfb70f1f053c274b348267b55) C:\windows\system32\drivers\CHDRT64.sys
13:44:37.0252 8860 CnxtHdAudService - ok
13:44:37.0346 8860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
13:44:37.0361 8860 Compbatt - ok
13:44:37.0408 8860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
13:44:37.0408 8860 CompositeBus - ok
13:44:37.0439 8860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
13:44:37.0439 8860 crcdisk - ok
13:44:37.0502 8860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:44:37.0502 8860 DfsC - ok
13:44:37.0517 8860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:44:37.0533 8860 discache - ok
13:44:37.0595 8860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
13:44:37.0595 8860 Disk - ok
13:44:37.0627 8860 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:44:37.0642 8860 drmkaud - ok
13:44:37.0689 8860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:44:37.0705 8860 DXGKrnl - ok
13:44:37.0798 8860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
13:44:37.0829 8860 ebdrv - ok
13:44:37.0954 8860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
13:44:37.0954 8860 elxstor - ok
13:44:38.0001 8860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:44:38.0001 8860 ErrDev - ok
13:44:38.0032 8860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:44:38.0032 8860 exfat - ok
13:44:38.0063 8860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:44:38.0063 8860 fastfat - ok
13:44:38.0095 8860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
13:44:38.0095 8860 fdc - ok
13:44:38.0188 8860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:44:38.0188 8860 FileInfo - ok
13:44:38.0204 8860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:44:38.0204 8860 Filetrace - ok
13:44:38.0235 8860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
13:44:38.0235 8860 flpydisk - ok
13:44:38.0282 8860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:44:38.0297 8860 FltMgr - ok
13:44:38.0313 8860 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:44:38.0313 8860 FsDepends - ok
13:44:38.0329 8860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
13:44:38.0329 8860 Fs_Rec - ok
13:44:38.0375 8860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:44:38.0375 8860 fvevol - ok
13:44:38.0453 8860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
13:44:38.0453 8860 gagp30kx - ok
13:44:38.0531 8860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:44:38.0531 8860 hcw85cir - ok
13:44:38.0594 8860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:44:38.0609 8860 HdAudAddService - ok
13:44:38.0672 8860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
13:44:38.0687 8860 HDAudBus - ok
13:44:38.0719 8860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
13:44:38.0719 8860 HidBatt - ok
13:44:38.0750 8860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
13:44:38.0765 8860 HidBth - ok
13:44:38.0781 8860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
13:44:38.0781 8860 HidIr - ok
13:44:38.0812 8860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
13:44:38.0812 8860 HidUsb - ok
13:44:38.0875 8860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:44:38.0875 8860 HpSAMD - ok
13:44:38.0921 8860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:44:38.0937 8860 HTTP - ok
13:44:39.0015 8860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:44:39.0015 8860 hwpolicy - ok
13:44:39.0046 8860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
13:44:39.0046 8860 i8042prt - ok
13:44:39.0093 8860 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
13:44:39.0093 8860 iaStor - ok
13:44:39.0155 8860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:44:39.0155 8860 iaStorV - ok
13:44:39.0249 8860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
13:44:39.0265 8860 iirsp - ok
13:44:39.0280 8860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:44:39.0280 8860 intelide - ok
13:44:39.0311 8860 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:44:39.0311 8860 intelppm - ok
13:44:39.0358 8860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:44:39.0358 8860 IpFilterDriver - ok
13:44:39.0421 8860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:44:39.0421 8860 IPMIDRV - ok
13:44:39.0499 8860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:44:39.0499 8860 IPNAT - ok
13:44:39.0530 8860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:44:39.0530 8860 IRENUM - ok
13:44:39.0545 8860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:44:39.0545 8860 isapnp - ok
13:44:39.0577 8860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:44:39.0577 8860 iScsiPrt - ok
13:44:39.0639 8860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
13:44:39.0655 8860 kbdclass - ok
13:44:39.0717 8860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:44:39.0717 8860 kbdhid - ok
13:44:39.0764 8860 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
13:44:39.0764 8860 KSecDD - ok
13:44:39.0811 8860 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
13:44:39.0811 8860 KSecPkg - ok
13:44:39.0842 8860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:44:39.0842 8860 ksthunk - ok
13:44:39.0889 8860 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\windows\system32\DRIVERS\L1C62x64.sys
13:44:39.0889 8860 L1C - ok
13:44:39.0982 8860 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:44:39.0982 8860 lltdio - ok
13:44:40.0029 8860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
13:44:40.0045 8860 LSI_FC - ok
13:44:40.0060 8860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
13:44:40.0060 8860 LSI_SAS - ok
13:44:40.0091 8860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:44:40.0091 8860 LSI_SAS2 - ok
13:44:40.0107 8860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:44:40.0107 8860 LSI_SCSI - ok
13:44:40.0138 8860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:44:40.0138 8860 luafv - ok
13:44:40.0154 8860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
13:44:40.0169 8860 megasas - ok
13:44:40.0185 8860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
13:44:40.0185 8860 MegaSR - ok
13:44:40.0201 8860 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:44:40.0201 8860 Modem - ok
13:44:40.0216 8860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:44:40.0216 8860 monitor - ok
13:44:40.0263 8860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
13:44:40.0263 8860 mouclass - ok
13:44:40.0357 8860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:44:40.0357 8860 mouhid - ok
13:44:40.0403 8860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:44:40.0403 8860 mountmgr - ok
13:44:40.0435 8860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:44:40.0435 8860 mpio - ok
13:44:40.0450 8860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:44:40.0466 8860 mpsdrv - ok
13:44:40.0513 8860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:44:40.0513 8860 MRxDAV - ok
13:44:40.0544 8860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:44:40.0559 8860 mrxsmb - ok
13:44:40.0637 8860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:44:40.0653 8860 mrxsmb10 - ok
13:44:40.0669 8860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:44:40.0669 8860 mrxsmb20 - ok
13:44:40.0731 8860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
13:44:40.0731 8860 msahci - ok
13:44:40.0762 8860 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:44:40.0762 8860 msdsm - ok
13:44:40.0793 8860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:44:40.0793 8860 Msfs - ok
13:44:40.0825 8860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:44:40.0840 8860 mshidkmdf - ok
13:44:40.0856 8860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:44:40.0856 8860 msisadrv - ok
13:44:40.0934 8860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:44:40.0934 8860 MSKSSRV - ok
13:44:40.0981 8860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:44:40.0981 8860 MSPCLOCK - ok
13:44:41.0012 8860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:44:41.0012 8860 MSPQM - ok
13:44:41.0059 8860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:44:41.0059 8860 MsRPC - ok
13:44:41.0105 8860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
13:44:41.0105 8860 mssmbios - ok
13:44:41.0168 8860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:44:41.0168 8860 MSTEE - ok
13:44:41.0230 8860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
13:44:41.0230 8860 MTConfig - ok
13:44:41.0261 8860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:44:41.0261 8860 Mup - ok
13:44:41.0324 8860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:44:41.0324 8860 NativeWifiP - ok
13:44:41.0386 8860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:44:41.0402 8860 NDIS - ok
13:44:41.0464 8860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:44:41.0464 8860 NdisCap - ok
13:44:41.0527 8860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:44:41.0527 8860 NdisTapi - ok
13:44:41.0573 8860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:44:41.0589 8860 Ndisuio - ok
13:44:41.0620 8860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:44:41.0636 8860 NdisWan - ok
13:44:41.0667 8860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:44:41.0667 8860 NDProxy - ok
13:44:41.0745 8860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:44:41.0745 8860 NetBIOS - ok
13:44:41.0792 8860 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:44:41.0792 8860 NetBT - ok
13:44:41.0870 8860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
13:44:41.0870 8860 nfrd960 - ok
13:44:41.0948 8860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:44:41.0948 8860 Npfs - ok
13:44:41.0979 8860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:44:41.0979 8860 nsiproxy - ok
13:44:42.0041 8860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:44:42.0073 8860 Ntfs - ok
13:44:42.0135 8860 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:44:42.0135 8860 Null - ok
13:44:42.0197 8860 NVHDA (10204955027011e08a9dc27737a48a54) C:\windows\system32\drivers\nvhda64v.sys
13:44:42.0197 8860 NVHDA - ok
13:44:42.0447 8860 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\windows\system32\DRIVERS\nvlddmkm.sys
13:44:42.0619 8860 nvlddmkm - ok
13:44:42.0712 8860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:44:42.0712 8860 nvraid - ok
13:44:42.0743 8860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:44:42.0743 8860 nvstor - ok
13:44:42.0790 8860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:44:42.0790 8860 nv_agp - ok
13:44:42.0821 8860 O2MDGRDR (e66fe47f60c2e5b9bbf43552771ad569) C:\windows\system32\DRIVERS\o2mdgx64.sys
13:44:42.0837 8860 O2MDGRDR - ok
13:44:42.0853 8860 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\windows\system32\DRIVERS\o2sdgx64.sys
13:44:42.0853 8860 O2SDGRDR - ok
13:44:42.0868 8860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:44:42.0884 8860 ohci1394 - ok
13:44:42.0946 8860 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
13:44:42.0946 8860 Parport - ok
13:44:42.0993 8860 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
13:44:42.0993 8860 partmgr - ok
13:44:43.0055 8860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:44:43.0055 8860 pci - ok
13:44:43.0087 8860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
13:44:43.0102 8860 pciide - ok
13:44:43.0118 8860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
13:44:43.0118 8860 pcmcia - ok
13:44:43.0133 8860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:44:43.0133 8860 pcw - ok
13:44:43.0165 8860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:44:43.0180 8860 PEAUTH - ok
13:44:43.0258 8860 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
13:44:43.0274 8860 PGEffect - ok
13:44:43.0336 8860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:44:43.0352 8860 PptpMiniport - ok
13:44:43.0383 8860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
13:44:43.0383 8860 Processor - ok
13:44:43.0445 8860 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:44:43.0445 8860 Psched - ok
13:44:43.0477 8860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
13:44:43.0477 8860 PxHlpa64 - ok
13:44:43.0570 8860 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
13:44:43.0570 8860 QIOMem - ok
13:44:43.0633 8860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
13:44:43.0664 8860 ql2300 - ok
13:44:43.0695 8860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
13:44:43.0695 8860 ql40xx - ok
13:44:43.0711 8860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:44:43.0711 8860 QWAVEdrv - ok
13:44:43.0789 8860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:44:43.0789 8860 RasAcd - ok
13:44:43.0820 8860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:44:43.0835 8860 RasAgileVpn - ok
13:44:43.0867 8860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:44:43.0882 8860 Rasl2tp - ok
13:44:43.0898 8860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:44:43.0898 8860 RasPppoe - ok
13:44:43.0913 8860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:44:43.0913 8860 RasSstp - ok
13:44:43.0945 8860 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:44:43.0945 8860 rdbss - ok
13:44:44.0023 8860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
13:44:44.0023 8860 rdpbus - ok
13:44:44.0054 8860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:44:44.0054 8860 RDPCDD - ok
13:44:44.0069 8860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:44:44.0069 8860 RDPENCDD - ok
13:44:44.0101 8860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:44:44.0101 8860 RDPREFMP - ok
13:44:44.0147 8860 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
13:44:44.0147 8860 RDPWD - ok
13:44:44.0194 8860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:44:44.0210 8860 rdyboost - ok
13:44:44.0272 8860 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
13:44:44.0272 8860 regi - ok
13:44:44.0350 8860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:44:44.0350 8860 rspndr - ok
13:44:44.0397 8860 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
13:44:44.0428 8860 rtl8192se - ok
13:44:44.0506 8860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:44:44.0506 8860 sbp2port - ok
13:44:44.0553 8860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:44:44.0553 8860 scfilter - ok
13:44:44.0584 8860 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
13:44:44.0584 8860 sdbus - ok
13:44:44.0631 8860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:44:44.0631 8860 secdrv - ok
13:44:44.0725 8860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
13:44:44.0725 8860 Serenum - ok
13:44:44.0756 8860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
13:44:44.0756 8860 Serial - ok
13:44:44.0803 8860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
13:44:44.0803 8860 sermouse - ok
13:44:44.0834 8860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:44:44.0834 8860 sffdisk - ok
13:44:44.0849 8860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:44:44.0849 8860 sffp_mmc - ok
13:44:44.0865 8860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:44:44.0865 8860 sffp_sd - ok
13:44:44.0881 8860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
13:44:44.0881 8860 sfloppy - ok
13:44:44.0927 8860 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
13:44:44.0927 8860 Sftfs - ok
13:44:45.0021 8860 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
13:44:45.0021 8860 Sftplay - ok
13:44:45.0037 8860 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
13:44:45.0037 8860 Sftredir - ok
13:44:45.0052 8860 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
13:44:45.0068 8860 Sftvol - ok
13:44:45.0115 8860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:44:45.0115 8860 SiSRaid2 - ok
13:44:45.0146 8860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
13:44:45.0146 8860 SiSRaid4 - ok
13:44:45.0177 8860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:44:45.0193 8860 Smb - ok
13:44:45.0255 8860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:44:45.0255 8860 spldr - ok
13:44:45.0317 8860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:44:45.0333 8860 srv - ok
13:44:45.0364 8860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:44:45.0364 8860 srv2 - ok
13:44:45.0395 8860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:44:45.0395 8860 srvnet - ok
13:44:45.0442 8860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
13:44:45.0442 8860 stexstor - ok
13:44:45.0536 8860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
13:44:45.0536 8860 swenum - ok
13:44:45.0583 8860 SynTP (12a35e44d8647985fcdb8d298a590134) C:\windows\system32\DRIVERS\SynTP.sys
13:44:45.0598 8860 SynTP - ok
13:44:45.0676 8860 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
13:44:45.0707 8860 Tcpip - ok
13:44:45.0801 8860 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
13:44:45.0817 8860 TCPIP6 - ok
13:44:45.0863 8860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:44:45.0863 8860 tcpipreg - ok
13:44:45.0895 8860 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:44:45.0895 8860 tdcmdpst - ok
13:44:45.0926 8860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:44:45.0926 8860 TDPIPE - ok
13:44:45.0957 8860 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
13:44:45.0957 8860 TDTCP - ok
13:44:45.0973 8860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:44:45.0988 8860 tdx - ok
13:44:46.0019 8860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
13:44:46.0035 8860 TermDD - ok
13:44:46.0113 8860 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
13:44:46.0113 8860 Thpdrv - ok
13:44:46.0160 8860 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
13:44:46.0160 8860 Thpevm - ok
13:44:46.0222 8860 Tosrfcom - ok
13:44:46.0253 8860 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
13:44:46.0269 8860 tosrfec - ok
13:44:46.0316 8860 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:44:46.0316 8860 tos_sps64 - ok
13:44:46.0441 8860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:44:46.0441 8860 tssecsrv - ok
13:44:46.0472 8860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:44:46.0487 8860 TsUsbFlt - ok
13:44:46.0519 8860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:44:46.0519 8860 tunnel - ok
13:44:46.0550 8860 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:44:46.0550 8860 TVALZ - ok
13:44:46.0581 8860 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:44:46.0597 8860 TVALZFL - ok
13:44:46.0659 8860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
13:44:46.0675 8860 uagp35 - ok
13:44:46.0721 8860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:44:46.0721 8860 udfs - ok
13:44:46.0784 8860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:44:46.0784 8860 uliagpkx - ok
13:44:46.0799 8860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
13:44:46.0815 8860 umbus - ok
13:44:46.0831 8860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
13:44:46.0831 8860 UmPass - ok
13:44:46.0877 8860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:44:46.0877 8860 usbccgp - ok
13:44:46.0940 8860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:44:46.0940 8860 usbcir - ok
13:44:46.0971 8860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
13:44:46.0971 8860 usbehci - ok
13:44:47.0002 8860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:44:47.0002 8860 usbhub - ok
13:44:47.0018 8860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:44:47.0018 8860 usbohci - ok
13:44:47.0049 8860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:44:47.0049 8860 usbprint - ok
13:44:47.0080 8860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:44:47.0080 8860 USBSTOR - ok
13:44:47.0096 8860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:44:47.0096 8860 usbuhci - ok
13:44:47.0127 8860 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
13:44:47.0127 8860 usbvideo - ok
13:44:47.0205 8860 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\windows\system32\DRIVERS\VBoxDrv.sys
13:44:47.0205 8860 VBoxDrv - ok
13:44:47.0236 8860 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\windows\system32\DRIVERS\VBoxNetAdp.sys
13:44:47.0252 8860 VBoxNetAdp - ok
13:44:47.0299 8860 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\windows\system32\DRIVERS\VBoxNetFlt.sys
13:44:47.0299 8860 VBoxNetFlt - ok
13:44:47.0361 8860 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
13:44:47.0361 8860 VBoxUSBMon - ok
13:44:47.0455 8860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:44:47.0455 8860 vdrvroot - ok
13:44:47.0501 8860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:44:47.0501 8860 vga - ok
13:44:47.0517 8860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:44:47.0517 8860 VgaSave - ok
13:44:47.0548 8860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:44:47.0548 8860 vhdmp - ok
13:44:47.0579 8860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:44:47.0595 8860 viaide - ok
13:44:47.0626 8860 vna_ap (a96afa32f73c065b9ae9d1554cdd00fc) C:\windows\system32\DRIVERS\vnaap.sys
13:44:47.0626 8860 vna_ap - ok
13:44:47.0735 8860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:44:47.0735 8860 volmgr - ok
13:44:47.0782 8860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:44:47.0782 8860 volmgrx - ok
13:44:47.0813 8860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
13:44:47.0829 8860 volsnap - ok
13:44:47.0860 8860 vsdatant (a3f2942adc5112cdfe32d9cc352d4d4c) C:\windows\system32\DRIVERS\vsdatant.sys
13:44:47.0860 8860 vsdatant - ok
13:44:47.0954 8860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
13:44:47.0969 8860 vsmraid - ok
13:44:47.0985 8860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:44:47.0985 8860 vwifibus - ok
13:44:48.0032 8860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:44:48.0032 8860 vwififlt - ok
13:44:48.0047 8860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:44:48.0047 8860 vwifimp - ok
13:44:48.0079 8860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
13:44:48.0079 8860 WacomPen - ok
13:44:48.0125 8860 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:44:48.0141 8860 WANARP - ok
13:44:48.0141 8860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:44:48.0141 8860 Wanarpv6 - ok
13:44:48.0250 8860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
13:44:48.0250 8860 Wd - ok
13:44:48.0281 8860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:44:48.0297 8860 Wdf01000 - ok
13:44:48.0406 8860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:44:48.0406 8860 WfpLwf - ok
13:44:48.0422 8860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:44:48.0422 8860 WIMMount - ok
13:44:48.0500 8860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
13:44:48.0515 8860 WinUsb - ok
13:44:48.0531 8860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
13:44:48.0531 8860 WmiAcpi - ok
13:44:48.0578 8860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:44:48.0578 8860 ws2ifsl - ok
13:44:48.0671 8860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:44:48.0687 8860 WudfPf - ok
13:44:48.0734 8860 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:44:48.0734 8860 WUDFRd - ok
13:44:48.0827 8860 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:44:48.0890 8860 \Device\Harddisk0\DR0 - ok
13:44:48.0921 8860 Boot (0x1200) (7fe4bf52844c4def6931b139c56fc882) \Device\Harddisk0\DR0\Partition0
13:44:48.0921 8860 \Device\Harddisk0\DR0\Partition0 - ok
13:44:48.0937 8860 Boot (0x1200) (1f9f773f07170abde02f9e5aa0dd89c0) \Device\Harddisk0\DR0\Partition1
13:44:48.0937 8860 \Device\Harddisk0\DR0\Partition1 - ok
13:44:48.0937 8860 ============================================================
13:44:48.0937 8860 Scan finished
13:44:48.0937 8860 ============================================================
13:44:48.0952 5604 Detected object count: 0
13:44:48.0952 5604 Actual detected object count: 0

#8 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 08 January 2012 - 02:01 PM

I did download and install a virtual box, Oracle, a free program on 12/31/11. Inside the virtual PC, I installed Windows XP. I have a VPN for work, Check Point Endpoint Security that I startup and then run the Virtual XP so I can use IE7 for a database that is on our company server. I experienced no issues from this install and all the other issues were from prior to this install. The logs have been run since the install. Please let me know if this is an issue.
Chris

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:10 AM

Posted 08 January 2012 - 03:18 PM

What I see is a possible prior infection. It is not active any more.
It is too soon to say what is causing the BSOD. Please tell me if you get another BSOD, as from now on the system should make a minidump file we can read.

  • Please delete your copy of ListParts and download the latest Listparts64
  • Download Attached File  fix.txt   26bytes   34 downloads
    The fix.list should be saved in the same directory as ListParts.
    Run Listparts, click Fix.
    When it is finished click Scan and post the log (Result.txt) it makes.


#10 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 12 January 2012 - 09:02 PM

Thanks for your reply. I downloaded, ran fix, then the scan. The results are posted below.

ListParts by Farbar
Ran by Chris on 12-01-2012 at 20:59:41
Windows 7 (X64)
Running From: C:\Users\Chris\Downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 4084.48 MB
Available physical RAM: 2599.53 MB
Total Pagefile: 8167.16 MB
Available Pagefile: 6459.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105970W0D) (Fixed) (Total:227.52 GB) (Free:165.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Data) (Fixed) (Total:225.42 GB) (Free:215.23 GB) NTFS
4 Drive f: (HDDRECOVERY) (Fixed) (Total:11.35 GB) (Free:0.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 227 GB 1501 MB
Partition 0 Extended 225 GB 228 GB
Partition 4 Logical 225 GB 228 GB
Partition 3 Primary 11 GB 454 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Partition 227 GB Healthy Boot

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Data NTFS Partition 225 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HDDRECOVERY NTFS Partition 11 GB Healthy



****** End Of Log ******

I appreciate your help on this. If a BSOD occurs again, I will certainly let you know.
Cris

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:10 AM

Posted 13 January 2012 - 09:05 AM

Looks the partition that we unhided is a recovery partition. We are going to hide it again.

Download
The fix.list should be saved in the same directory as ListParts.
Run ListParts, click Fix.
When it is finished click Scan and post the log (Result.txt) it makes.

Let's give this a couple of days to see if you get a BSOD.

#12 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 14 January 2012 - 08:04 PM

Ok, downloaded. Ran fix, then scan and the result log is pasted below. PC has been running fine, although IE has had some issues. Even though I am connected through wireless, the not found page loaded twice this evening. Had to refresh. AVG warning came up from system tray telling me I had unusual activity in IE. Seems random. I will keep checking and let you know if I have BSOD again. Appreciate all your help. Would like to know what the ListParts utility does when running fix and scan though.
Chris

ListParts by Farbar
Ran by Chris on 14-01-2012 at 19:58:24
Windows 7 (X64)
Running From: C:\Users\Chris\Downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 43%
Total physical RAM: 4084.48 MB
Available physical RAM: 2297.95 MB
Total Pagefile: 8167.16 MB
Available Pagefile: 6035.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105970W0D) (Fixed) (Total:227.52 GB) (Free:163.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Data) (Fixed) (Total:225.42 GB) (Free:215.23 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 227 GB 1501 MB
Partition 0 Extended 225 GB 228 GB
Partition 4 Logical 225 GB 228 GB
Partition 3 Primary 11 GB 454 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Partition 227 GB Healthy Boot

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Data NTFS Partition 225 GB Healthy

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.



****** End Of Log ******

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:10 AM

Posted 15 January 2012 - 07:08 AM

ListParts shows partitions on the system. A recent malware (TDL4) from TDSS rootkit creates its own partition. We unhided a partition to see what is in it and it looks that partition is OK.

Let's give this another couple of days to see if crashes.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:10 AM

Posted 18 January 2012 - 07:33 AM

Seems there is no crash since we started, could we close the topic?

#15 cris4b

cris4b
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 23 January 2012 - 07:44 PM

BSOD again on reawakening from hibernation 1/23/12 about 30 minutes ago. Seems ok now. Description from Event viewer is as follows:


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 0000000000000004
BCP2: 0000000000000258
BCP3: FFFFFA8003D56B60
BCP4: FFFFF80004AB1510
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\012312-25350-01.dmp
C:\Users\Chris\AppData\Local\Temp\WER-52634-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt



Any suggestions?

Cris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users