Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC has become unresponsive not sure what's wrong


  • Please log in to reply
16 replies to this topic

#1 SomersetGuy

SomersetGuy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 03 March 2012 - 06:00 PM

I have a Compaq Presario SR1803WM running XP Home Edition Version 2002 with service pack 3 installed. It has an Intel Celeron CPU 3.2 GHz with 2 GB Ram installed.

About a year ago the hard drive was not recognized on boot. I used Macrium Reflect Disk Imaging & Backup to image the old HD onto a new one.

The new HD is recognized but when the computer is booted it wants to do a CHKDSK which gets stuck at 1% complete verifying files. I ran CHKDSK in safe mode and it completes sucessfully without any errors.

When I cancel the CHKDSK it boots into Windows but the CPU is pegged at 100%, and becomes unresponsive.

It currently has no anti-virus software running on it because when I was trying to update AVG Free I received error messages. I read online to uninstall AVG delete all AVG folders and run a program from AVG to uninstall and clean up any old versions that left behind traces. I have not been able to reinstall AVG's new version.

Superantispyware and Malewarebytes Anti Malware have found nothing.

I also tried to reload the OS using the CD's I burned when I bought the PC ( I did not receive the OS on CD) When I tried that I get a message that the disks are not for this PC.

I really need some help.

Thanks.

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 04 March 2012 - 05:42 PM

Hi SomersetGuy, and welcome!! :thumbsup:

This does not seem to be related to malware, but I'd like to know a bit more about what's happening there.

The new HD is recognized but when the computer is booted it wants to do a CHKDSK which gets stuck at 1% complete verifying files. I ran CHKDSK in safe mode and it completes sucessfully without any errors.

Does this happen on every reboot? Have you tried running this from the command prompt with the /r switch:

Use the Windows Error Checking utility (Check Disk), with the options to scan the disk surface for errors, and attempt recovery of data and repair the disk.
  • Click Start > Run and in the runbox type in cmd and press enter.
    Then in the command prompt type the following code text:
    chkdsk /r
    This test will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.
A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
  • Go to Start > Run > and type eventvwr and press the <ENTER> key.
    The Event Viewer window will open.
  • In the left pane, click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Double-click on that entry to view the log.
  • Click on the Posted Image button to copy the log text to the clipboard.
  • Paste the log text into your next reply.
*************************

Also try and run the system file checker:

Click Start > Run and in the runbox type in sfc /scannow

Please include the space between the "c" and "/" then press enter.

Let me know if you are asked for a disk or if the scan finishes by itself!

*************************

You need an antivirus program! Here are two I recommend:

  • Please download and install an antivirus program, and make sure that you keep it updated.
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

bloopie

Edited by bloopie, 04 March 2012 - 05:46 PM.


#3 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 04 March 2012 - 08:56 PM

Hi Bloopie,

Thanks for your help!

When I tried to run chkdsk /r from the command prompt, I receive the following:

The type of the file system is NTFS.
Cannot lock the current drive.

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts< <Y/N>

I said Y and rebooted. It now gets past the file verification and gets stuck at 9% of verifying indexes (stage 2 of 5). After about 10 minutes the system shut down. I turned it back on and chkdsk started again and it has run for over 2 hours now and is still at 9% of verifying indexes (stage 2 of 5).

Earlier today I reinstalled IE8 because it was corrupted. I tried to download IE8 with Firefox. It downloaded the exe file but when I tried to install it it was corrupt. I was able to dowload the exe file on my Windows 7 machine and copy it to the XP machine using a thumb drive. IE8 now opens but takes forever to load google.com (my homepage) I tried to get to the Microsoft Update site but it crashed. I have my pc set to download updates automatically but when I cursor over the shield in the task bar it seems to be stuck at 30%.

I was reading through posts earlier today with some of the same symptoms I am experiencing the CPU getting pegged and IE not connecting and have run:

Security Check
Farbar Service Scanner
Mini Toolbox
m-bam
aswMBR

They all report info on the system and I felt I could get a jump on things. They all ran successfully ( m-bam quick scan took over 3 hours) until I ran aswMBR at which point the system blue screened:

DRIVER_IRQL_NOT_LESS_OR_EQUAL
STOP : 0x000000D1 (0xE1734000, 0x000000FF, 0x00000000, 0xAFB9BEa0)
aswMBR.sys Address AFB9BEA0 base at AFB980000 Datestamp 4f3c1fe1

The computer created a dump which it said was located at:
:

C:\Documents\[user}\Local Settings\Temp\WERa2d3.dir00\Mini030412-01.dmp
:

C:\Documents\[user}\Local Settings\Temp\WERa2d3.dir00\sysdata.xml

Using Windows Explorer (with hidden and system files shown) I could not see the "Local Settings" folder under C:\Documents\[user]

I opened Explorer XP (a 3-rd party replacement for Windows Explorer) and was able to see the Temp folder but there was no "WERa2d3.dir00" folder.

I did see the below folders and one of them had explorer.exe and iexplorer.exe.

RarSFX0
RarSFX1
RarSFX2

I started to search for these when you replied.

Should I let the scan disk continue to run?

Thanks

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 04 March 2012 - 11:36 PM

Hi again, interesting...

I was reading through posts earlier today with some of the same symptoms I am experiencing the CPU getting pegged and IE not connecting and have run:

Security Check
Farbar Service Scanner
Mini Toolbox
m-bam
aswMBR


Please do not update anything just yet! We need to check a few things first:

If you've ran these tools could you please post those logs here for review? If you have trouble finding the logs, please just ask. These logs could be crucial and posting them here now could save the time of me asking you to post them later. :thumbup2:
(These logs are OK to run in this forum, so post them all.)

That BSOD could be one of a few things...I'll need to see some logs to be sure.

Please post the logs of the tools you have ran in your next reply!
Also, if it's time for sleep where you are I'd suggest running the checkdisk during that time. If it's still stuck in the morning, then abandon the test.

Let me know how it goes! :thumbup2:

bloopie

#5 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 05 March 2012 - 10:04 AM

Hi Bloopie,

Missed you by a couple of minutes last night. I left the chkdsk running last night, this morning it was still at 9% of verifying indexes.

I didn't know that it was okay to post logs here. Here they are.

Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG 2011
Authentium AntiVirus SDK - 2
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
WinPatrol 2009 (Outdated! Latest version is WinPatrol 2011)
MVPS Hosts File
Index Dat Spy
Super Winspy v3.5
Spybot - Search & Destroy
SUPERAntiSpyware
TuneUp Companion 1.1.9
CCleaner (remove only)
Wise Disk Cleaner 5.83
Java™ 6 Update 30
Out of date Java installed!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe is disabled!
Common Files Authentium AntiVirus dvpapi.exe
Onlineeye gmxffcsrv.exe
``````````End of Log````````````

FSS


Farbar Service Scanner Version: 22-02-2012
Ran by Frank (administrator) on 04-03-2012 at 10:07:05
Running from "C:\Documents and Settings\Frank\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(13) Gpc(6) IPSec(4) Ndisrd(12) NetBT(5) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(3) Tcpip6(11)
0x11000000040000000100000002000000030000000B0000000E00000010000000110000000F00000005000000060000000700000008000000090000000A0000000C0000000D000000


**** End of log ****

Mini Toolbox
MiniToolBox by Farbar Version: 18-01-2012
Ran by Frank (administrator) on 04-03-2012 at 10:12:07
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com

There are 15166 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection 1 (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Windows IP Configuration Host Name . . . . . . . . . . . . : your-d0f670b45a Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : homeEthernet adapter Local Area Connection 1: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC Physical Address. . . . . . . . . : 00-15-F2-E4-41-01 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.7 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::215:f2ff:fee4:4101%4 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 71.250.0.12 fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Lease Obtained. . . . . . . . . . : 2012-03-04 10:05 Lease Expires . . . . . . . . . . : 2012-03-05 10:05Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-FB-D2-52-B8-96-6B Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 2001:0:4137:9e76:0:fbd2:52b8:966b IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5 Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : C0-A8-01-07 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.7%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : DisabledServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.164, 74.125.226.165, 74.125.226.162, 74.125.226.160
74.125.226.167, 74.125.226.166, 74.125.226.168, 74.125.226.169, 74.125.226.161
74.125.226.163, 74.125.226.174

Pinging google.com [173.194.43.14] with 32 bytes of data:Reply from 173.194.43.14: bytes=32 time=77ms TTL=53Reply from 173.194.43.14: bytes=32 time=28ms TTL=53Ping statistics for 173.194.43.14: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 28ms, Maximum = 77ms, Average = 52msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.127.62, 98.139.183.24, 209.191.122.70

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=128ms TTL=54Reply from 209.191.122.70: bytes=32 time=104ms TTL=54Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 104ms, Maximum = 128ms, Average = 116msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time=18ms TTL=64Reply from 127.0.0.1: bytes=32 time=18ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 18ms, Average = 18ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 f2 e4 41 01 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.7 192.168.1.7 20
192.168.1.0 255.255.255.0 192.168.1.7 192.168.1.7 20
192.168.1.7 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.7 192.168.1.7 20
224.0.0.0 240.0.0.0 192.168.1.7 192.168.1.7 20
255.255.255.255 255.255.255.255 192.168.1.7 192.168.1.7 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2012 11:19:11 PM) (Source: Application Error) (User: )
Description: Faulting application lrsmy14j.exe, version 1.0.15.15641, faulting module lrsmy14j.exe, version 1.0.15.15641, fault address 0x0000c676.
Processing media-specific event for [lrsmy14j.exe!ws!]

Error: (02/23/2012 07:52:42 PM) (Source: Application Error) (User: )
Description: Faulting application ccleaner.exe, version 1.40.0.520, faulting module unknown, version 0.0.0.0, fault address 0x71980c04.
Processing media-specific event for [ccleaner.exe!ws!]

Error: (02/23/2012 01:38:21 PM) (Source: MsiInstaller) (User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/23/2012 01:28:06 PM) (Source: Application Error) (User: )
Description: Faulting application spsetup115.exe, version 1.0.0.0, faulting module pfwww.dll, version 0.0.0.0, fault address 0x00001263.
Processing media-specific event for [spsetup115.exe!ws!]

Error: (02/23/2012 01:15:11 PM) (Source: Application Error) (User: )
Description: Faulting application spsetup115.exe, version 1.0.0.0, faulting module pfwww.dll, version 0.0.0.0, fault address 0x00001263.
Processing media-specific event for [spsetup115.exe!ws!]

Error: (02/22/2012 09:55:28 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (02/22/2012 09:05:02 PM) (Source: MsiInstaller) (User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/22/2012 08:08:19 PM) (Source: MsiInstaller) (User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/22/2012 07:36:09 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/22/2012 07:24:27 PM) (Source: MsiInstaller) (User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (03/04/2012 09:22:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%2

Error: (03/04/2012 09:22:22 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%MSIServer" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (03/04/2012 09:22:22 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%2

Error: (03/04/2012 09:22:22 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%MSIServer" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (03/04/2012 09:22:21 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%2

Error: (03/04/2012 09:22:21 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%MSIServer" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (03/04/2012 09:22:20 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%2

Error: (03/04/2012 09:22:20 AM) (Source: Service Control Manager) (User: )
Description: The dvpapi service hung on starting.

Error: (03/04/2012 09:22:20 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%MSIServer" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (03/04/2012 09:21:10 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (02/25/2012 11:19:11 PM) (Source: Application Error)(User: )
Description: lrsmy14j.exe1.0.15.15641lrsmy14j.exe1.0.15.156410000c676

Error: (02/23/2012 07:52:42 PM) (Source: Application Error)(User: )
Description: ccleaner.exe1.40.0.520unknown0.0.0.071980c04

Error: (02/23/2012 01:38:21 PM) (Source: MsiInstaller)(User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/23/2012 01:28:06 PM) (Source: Application Error)(User: )
Description: spsetup115.exe1.0.0.0pfwww.dll0.0.0.000001263

Error: (02/23/2012 01:15:11 PM) (Source: Application Error)(User: )
Description: spsetup115.exe1.0.0.0pfwww.dll0.0.0.000001263

Error: (02/22/2012 09:55:28 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (02/22/2012 09:05:02 PM) (Source: MsiInstaller)(User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/22/2012 08:08:19 PM) (Source: MsiInstaller)(User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/22/2012 07:36:09 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673be

Error: (02/22/2012 07:24:27 PM) (Source: MsiInstaller)(User: Frank)Frank
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

3D Image Commander 1.01
3D Text Commander 2.0 by Insofta Development (Version: 2.0)
7-Zip 4.65
ACDSee 10 Photo Manager (Version: 10.0.219)
AceMoney Lite
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware
Ad-Aware (Version: 8.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Reader 9.4.7 (Version: 9.4.7)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Advanced SystemCare 5 (Version: 5.1.0)
Alchemists Apprentice 1.00
AltDesk.1.9.1 (Version: 1.9.1)
AM-DeadLink 3.3 (Version: 3.3)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.1.116)
Asmw Eraser Pro
ATI - Software Uninstall Utility (Version: 6.14.10.1013)
ATI Control Panel (Version: 6.14.10.5186)
ATI Display Driver (Version: 8.522-080731a-067975C-ATI)
AusLogics Disk Defrag (Version: version 1.4)
Authentium AntiVirus SDK - 2 (Version: 4.94.4)
AutoUpdate (Version: 1.1)
AVG 2011 (Version: 10.0.1416)
AVG 2011 (Version: 10.0.2109)
AviSynth 2.5
Badongo (Version: 1.4.3)
BCArchive 1.0
BigFish Games - Puzzle Park 1.00
Blaze Video Magic 2.0
BlazePhoto 1.0
Bonjour (Version: 2.0.4.0)
Bonjour Print Services (Version: 2.0.2.0)
Build-a-lot (Version: 32.0.0.0)
C-Media USB WDM Audio Driver
CCleaner (remove only)
CDBurnerXP Pro 3 (Version: 3.0.116)
CDDRV_Installer (Version: 4.60)
Choice Guard (Version: 1.2.87.0)
Cleanse Uninstaller Pro 5 (Version: )
CleanUp!
Commander 1.29
Compaq Connections (remove only)
Compaq Organize
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Complex Evolution 5.0.2 (build 437)
Connection Manager
Corner-A ArtStudio (Version: 1.2.1)
Cover Commander 3.0 by Insofta Development (Version: 3.0)
CRTimer (Version: 1.0.0)
CutePDF Writer 2.5
Dassault Systemes Software Prerequisites x86 (Version: 8.0.2)
DeDup
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
Driver Detective (Version: 8.0.1)
DriverMax 4
Duplicate File Finder (Version: 1.1.1)
EASEUS Data Recovery Wizard 5.0.1
EASEUS Partition Master 5.5.1 Professional
erLT (Version: 1.12.0117)
ERUNT 1.1j
EvJO Photo-Image Resizer v2.5 (Version: 2.5)
ExplorerXP (remove only)
EZNetInfo
ezSAMWinDeDup un-install
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
FileZilla Client 3.3.1 (Version: 3.3.1)
FLV Player 1.3.3
Folderico 3.7.2 (Version: 3.7.2)
Foxonic Professional 3.2 (build 0019) (Version: 3.2 (build 0019))
Foxonic Professional 4.0 (build 0077) (Version: 4.0 (build 0077))
Free Download Manager 3.0
Free Hide Folder
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
FreeCommander 2008.06c (Version: 2008.06c)
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor (Version: 32.0.0.0)
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
Garmin City Navigator North America NT 2009 Update (Version: 10.0.1.0)
Garmin Communicator Plugin (Version: 2.6.4)
Garmin POI Loader (Version: 2.5.2.0)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin WebUpdater (Version: 2.4.2)
GiPo@MoveOnBoot 1.9.5 (Version: 1.9.5)
Gold Wave Editor Pro v10.2.2
GOM Player (Version: 2.1.21.4846)
Google Desktop (Version: 5.9.0911.03589)
Google Gmail Notifier
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.1536.6592)
Growl for Windows (Version: 2.0.6001)
GSplit 2.0 (Version: 2.0.0.2)
HDValet
Hoyle Card Games 2007 (Version: 1.2.0.0)
HP Boot Optimizer (Version: 2.0.5.1)
HP Rhapsody
HP Support Overview (Version: 1.0.0)
HP Update (Version: 5.002.008.001)
IEData
IKEA Home Planner Office
Incomedia WebSite X5 Smart
IncrediMail (Version: 5.8.6.4103)
Index Dat Spy
InstallShield Uninstall Information
Intel® Processor ID Utility (Version: 4.10.0000)
InterActual Player
iPhone Configuration Utility (Version: 2.1.0.163)
IrfanView (remove only)
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8064.206)
K-Lite Mega Codec Pack 4.7.5 (Version: 4.7.5)
KB884016
KB893803 (Version: 3.1)
KC Softwares AudioGrail
KC Softwares AVIToolbox
KC Softwares SUMo
KhalInstallWrapper (Version: 4.60.122)
LeaderTask 6.4.1 GAOTD edition
Lexmark X5100 Series
Linkman 7.5.0 (Version: 7.5.0)
Logitech QuickCam (Version: 6.02.0000)
Logitech SetPoint (Version: 4.60)
Logitech Updater (Version: 1.70)
magicJack (Version: 2.0.5703.3988)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MathPlayer (Version: 1.1 beta 3)
Media Player Classic - Home Cinema v. 1.3.1249.0
MediaInfo 0.7.7.4 (Version: 0.7.7.4)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (Version: 1.0.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Labs Ribbon Hero (Version: 1.0.0.3)
Microsoft Office Live Add-in 1.4 (Version: 2.0.3008.0)
Microsoft Office Outlook Connector (Version: 12.0.6414.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Picture It! Express 9 (Version: 9.0.0912)
Microsoft Picture It! Library 9 (Version: 9.0.0912)
Microsoft Scalable Fabric (Version: 1.0.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works (Version: 08.04.0623)
MKV Splitter (Version: 1.0.1)
MobileMe Control Panel (Version: 3.1.5.0)
MobileOptionPack
Monopoly by Parker Brothers (Version: 1.0.406.0)
Mozilla Firefox 4.0 (x86 en-US) (Version: 4.0)
Mozilla Thunderbird (2.0.0.17) (Version: 2.0.0.17 (en-US))
MPEG2 Codec(libmpeg2/mad)
MSI30-Beta1
MSN
MSN Encarta Plus Support Files (Version: 9.0.0801)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MultiStage Recovery 4.1
Nero 7 Essentials (Version: 7.02.5017)
nLite 1.4 (Version: 1.4)
NoClone 2007 Free Edition (Version: 4.1.17)
NoteTab Light (Remove only) (Version: 4.95)
Nuclear Coffee - ConvertVid
Onlineeye Pro (Version: 2.2.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Palringo
Paragon Backup & Recovery™ 10 Home Special Edition (Version: 90.00.0003)
Paragon Drive Backup™ 9 Personal Edition (Version: 90.00.0003)
Paragon Hard Disk Manager™ 2009 Special Edition (Version: 90.00.0003)
Paragon Partition Manager 2009 Special Edition
Paragon System Upgrade Utilities™ 2010 (Version: 90.00.0003)
Paragon Total Defrag 2009
PC-Doctor 5 for Windows (Version: 5.00.3311.03)
PCHand Screen Capture (GOTD Version) 1.8.0.2
PCHand Screen Recorder (GOTD Version) 1.8.5.2
Perfect Automation (Version: 2.3.3)
Picasa 2 (Version: 2.0)
Power Favorites 1.7.1
PPSDKRedistributables (Version: 6.32)
Private Eye
Process Tamer 2.11.01
Quicken 2006 (Version: 15.1.1.29)
QuickTime (Version: 7.69.80.9)
Quintessential Player (Version: 4.51)
Radialpoint Security Services (Version: 128.0.0)
Real Alternative 1.7.5 (Version: 1.7.5)
Realtek High Definition Audio Driver (Version: 2.03)
Rhapsody Player Engine (Version: 1.0.2.636)
Safari (Version: 5.33.20.27)
SCRABBLE Deluxe (Version: 1.0.44)
Security Task Manager 1.6f (Version: 1.6f)
Segoe UI (Version: 14.0.4327.805)
SiSoftware Sandra Lite 2009.SP2 (Version: 15.72.2009.1)
Smart CD Catalog 2.53 Professional
Smart Defrag 1.0
SnowFox DVD Ripper 1.7.0.3
Software Informer 1.0 BETA
Sonic Express Labeler (Version: 2.1.0)
Sonic RecordNow Audio (Version: 2.0.4)
Sonic RecordNow Copy (Version: 2.0.4)
Sonic RecordNow Data (Version: 2.0.4)
Sonic Update Manager (Version: 3.0.0)
Sothink DHTML Menu 9 (Version: 9.3)
Sothink HD Movie Maker (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Stickies 6.7a
Super Winspy v3.5
SUPERAntiSpyware (Version: 4.38.1004)
System Requirements Lab
The Ultimate Home
TreeSize Professional 3.3.3
TuneUp Companion 1.1.9 (Version: 1.1.9)
Tweak UI
Uninstall TONKA Monster Trucks
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
URL Gather 1.5
US Airways TravelDesk
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veo Digital Studio
Veo Stingray
Virtual Disk 2.01
Virtual Earth - 3DVIA (Beta) (Version: 6.205.08149)
Virtual Earth 3D (Beta) (Version: 3.0.808.29001)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
VisualRoute
VLC media player 1.0.5 (Version: 1.0.5)
WD Diagnostics (Version: 1.09.0002)
WinAce Archiver (Version: 2.6)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Family Safety (Version: 14.0.8064.206)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)
Windows Live Mail (Version: 14.0.8064.0206)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live OneCare safety scanner
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8064.0206)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack (Version: 1.0.0)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Windows Vista Upgrade Advisor (Version: 1.0.4)
WinPatrol (Version: 24.0.2012)
WinPatrol 2009 (Version: 17.0.2010.0)
WinRAR archiver
WinUtilities 9.66 Pro
WinX DVD Copy
WinX DVD Ripper Platinum 5.9.2
WinX DVD Ripper Special Edition
Wise Disk Cleaner 5.83
Wise PC Engineer 6.3.3
Wondershare Audio Converter(Build 4.2.0.56)
Wondershare DVD Ripper Platinum(Build 4.2.0.16)
Wondershare Video Converter Platinum(Build 4.2.0.56)
xplorer˛ lite (Version: 1.7 L)
Yahoo! Messenger
YouTubeGet 4.9.7
YPOPs! 0.9.5.14
Zinio Reader
ZPaint 1.4

========================= Devices: ================================

Name: VIA USB Enhanced Host Controller
Description: VIA USB Enhanced Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: VIA Technologies
Service: usbehci
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 1982.48 MB
Available physical RAM: 1537.18 MB
Total Pagefile: 5927.52 MB
Available Pagefile: 5418.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.11 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:67.73 GB) (Free:16.67 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:9.98 GB) (Free:3.51 GB) FAT32
5 Drive g: (New Volume) (Fixed) (Total:71.32 GB) (Free:68.26 GB) NTFS
6 Drive z: (Virtual Disk) (Fixed) (Total:100 GB) (Free:100 GB) Virtual Disk

========================= Users: ========================================

User accounts for \\YOUR-D0F670B45A

Administrator Frank Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****


m-bam


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Frank :: YOUR-D0F670B45A [administrator]

2012-03-04 11:05
mbam-log-2012-03-04 (11-05-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242032
Time elapsed: 3 hour(s), 58 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Once again the computer Blue Screened when I was running aswMBR.

Thanks

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 05 March 2012 - 05:02 PM

Hi again,

Antivirus/Firewall Check:
AVG 2011
Authentium AntiVirus SDK - 2


This is suggesting that you have two antivirus programs installed. Is this Security Check log up to date?

I would suggest you uninstall both of these programs now if they haven't been uninstalled yet.

Go here to get the AVG Uninstaller: http://www.avg.com/us-en/utilities

And for Authentium AV, follow these instructions:

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it
    Authentium AntiVirus
    
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish.

After this is done, then install one of the AV programs I recommended earlier. Then run a new Security Check scan and post the log here in your next reply.

Also now try again to run ASWmbr and post the log if successful, and let me know if you have any problems.

bloopie

#7 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 05 March 2012 - 07:38 PM

Hey Bloopie,


Before I left this morning I tried to install avast! Free AntiVirus which looked like it installed successfully. It started a "quick" scan and I left it running while I was gone. When I came home tonight it was still running. It finished a little while ago. I rebooted the machine and now when I click on
the avast! Free Antivirus icon on the desktop I receive the following message:

The application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

I ran the AVG Uninstaller and received an avgremover.log and an avgremover_msilog.txt file.

When I ran Revo Uninstaller Authentium AV was not in the list.

SecurityCheck is running now. I'll post the log file when it finishes.

Should I try to install avast! Antivirus again?

Thanks

Edited by SomersetGuy, 05 March 2012 - 08:16 PM.


#8 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 05 March 2012 - 08:36 PM

Ok SecurityCheck finished and now there are three antivirus programs.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
AVG 2011
Authentium AntiVirus SDK - 2
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
WinPatrol 2009 (Outdated! Latest version is WinPatrol 2011)
MVPS Hosts File
Index Dat Spy
Super Winspy v3.5
Spybot - Search & Destroy
SUPERAntiSpyware
TuneUp Companion 1.1.9
CCleaner (remove only)
Wise Disk Cleaner 5.83
Java™ 6 Update 30
Out of date Java installed!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe is disabled!
Common Files Authentium AntiVirus dvpapi.exe
Onlineeye gmxffcsrv.exe
``````````End of Log````````````

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 05 March 2012 - 09:34 PM

Hi again,

Okay, something's wrong here.

AVG 2011 (Version: 10.0.1416)
AVG 2011 (Version: 10.0.2109)

These two show as programs installed, please check your add/remove programs list to see if they are present. If so, uninstall that.

And I'd like you to try another MBAM scan, but this time in safemode and with RKill beforehand!

Please reboot into Safemode With Networking, here's how: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer after RKill runs, or you will need to run the application again.

Now update MBAM and run a full scan, then post the log here for review.

bloopie

#10 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 06 March 2012 - 08:07 PM

Hi Bloopie,

I cannot get the PC to boot into Safe Mode. It gets stuck at windows\system32\drivers\hotcore3.sys. This belongs to Paragon Software that I had downloaded a few years ago from Download of the Day.

This has happened before but if I kept trying I could get into Safe Mode, it is not working now.

I tries to run Rkill.com and Rkill.exe both run for about an hour and a half then the black DOS box opens. I don't think either is working.

this is what appears in the DOS box:

SED: can't read Settings\Temp\osname.txt. No such file or directory.

The system cannot find the file Settings\Temp\osname.txt.

The system cannot find the path specified.

Terminating known malware processes.

Please be patient.

The system cannot find the path specified.

C:\Docume~1\Frank\Local

The system cannot find the path specified.

sed.exe : cant read Settings\Temp\rksl.log. No such file or directory.
sed.exe : cant read Settings\Temp\rkstart.log. No such file or directory.
sed.exe : cant read Settings\Temp\rkel.log. No such file or directory.
sed.exe : cant read Settings\Temp\rkend.log. No such file or directory.


Then the box disappeared. I am pretty sure that I copied those down correctly.

The log file doesn't list any processes that were stopped.


I am in the process of trying to install Avast again, this time it didn't do a scan and requested a reboot.

Any ideas?

Thanks again.

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 06 March 2012 - 09:17 PM

Hi again SomersetGuy,

We may need to take a closer look in another topic, but before that, have you ensured that the AVG and other AV programs are not present in your Add/Remove list? Please verify this for me!

Try and run a GMER scan as follows:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

After running GMER, please run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Please don't forget the GMER as well as the TDSSKiller logs in your next reply!! Also don't forget my AV question at the top of this post.

Sometimes malware does not show itself at first glance, but when we dig deeper we find some things worth looking at. :thumbup2:
***************************

One more thing:

I did see the below folders and one of them had explorer.exe and iexplorer.exe.

RarSFX0
RarSFX1
RarSFX2


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    *RarSFX0*
    *RarSFX1*
    *RarSFX2*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Sorry for the workload, but please try to post all the logs I asked for here for review as these may be crucial!

Let me know of any problems you may have with these instructions!

bloopie

#12 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 March 2012 - 03:09 AM

Hey Bloopie,

AVG, Authentium nor Verizon Security Suite appear in the Add/Remove list. Avast antivirus does appear in the Add/Remove List, but it does not load and I get windows security warnings that my computer may be at risk because no anti virus is installed.

I did some googling on the processes running in the process monitor. I found dvpapi.exe which from what I found online is Authentium Antivirus SDK version 2, packaged as Verizon Security Suite which most likely was added back when I had Verizon DSL.

I tried to run GMER but it blue screened :

1st Time

PAGE_FAULT_IN_NONPAGED_AREA

Rebooted and ran 2nd time:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Rebooted and ran the 3rd time WITHOUT Devices selected:

System is attempting to access memory beyond the end of the allocation. This usually indicates a system-driver synchronization issue.

I CANNOT get into Safe Mode.

TDSSKILLER found nothing. Here is the log:

00:00:16.0750 3260 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
00:00:23.0546 3260 ============================================================
00:00:23.0906 3260 Current date / time: 2012/03/07 00:00:23.0546
00:00:23.0906 3260 SystemInfo:
00:00:23.0906 3260
00:00:25.0218 3260 OS Version: 5.1.2600 ServicePack: 3.0
00:00:25.0218 3260 Product type: Workstation
00:00:25.0437 3260 ComputerName: YOUR-D0F670B45A
00:00:26.0140 3260 UserName: Frank
00:00:26.0171 3260 Windows directory: C:\WINDOWS
00:00:26.0171 3260 System windows directory: C:\WINDOWS
00:00:29.0062 3260 Processor architecture: Intel x86
00:00:29.0062 3260 Number of processors: 1
00:00:29.0062 3260 Page size: 0x1000
00:00:29.0062 3260 Boot type: Normal boot
00:00:30.0359 3260 ============================================================
00:01:46.0468 3260 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:01:50.0031 3260 Drive \Device\Harddisk1\DR4 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:01:51.0375 3260 \Device\Harddisk0\DR0:
00:01:52.0015 3260 MBR used
00:01:52.0578 3260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x87775CB
00:01:52.0578 3260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x877760A, BlocksNum 0x13FE5D9
00:01:52.0578 3260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9B75BE3, BlocksNum 0x8EA2EDE
00:01:52.0578 3260 \Device\Harddisk1\DR4:
00:01:52.0625 3260 MBR used
00:01:52.0625 3260 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A7FC1
00:02:00.0796 3260 Initialize success
00:02:00.0796 3260 ============================================================
00:02:40.0609 3532 ============================================================
00:02:40.0687 3532 Scan started
00:02:40.0687 3532 Mode: Manual;
00:02:40.0687 3532 ============================================================
00:02:54.0062 3532 Abiosdsk - ok
00:02:56.0250 3532 abp480n5 - ok
00:02:58.0265 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:02:59.0671 3532 ACPI - ok
00:03:03.0640 3532 ACPIEC - ok
00:03:05.0312 3532 adpu160m - ok
00:03:07.0578 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:03:08.0437 3532 aec - ok
00:03:10.0859 3532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:03:11.0031 3532 AFD - ok
00:03:12.0671 3532 Aha154x - ok
00:03:13.0625 3532 aic78u2 - ok
00:03:15.0859 3532 aic78xx - ok
00:03:18.0125 3532 AliIde - ok
00:03:20.0500 3532 amsint - ok
00:03:24.0171 3532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:03:24.0640 3532 Arp1394 - ok
00:03:27.0078 3532 asc - ok
00:03:29.0265 3532 asc3350p - ok
00:03:30.0937 3532 asc3550 - ok
00:03:35.0421 3532 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
00:03:35.0796 3532 aswMon2 - ok
00:03:38.0750 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:03:40.0281 3532 AsyncMac - ok
00:03:42.0953 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:03:43.0015 3532 atapi - ok
00:03:44.0000 3532 Atdisk - ok
00:03:50.0875 3532 ati2mtag (7e682d97868cefae5d2bbd23ebbf7207) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:04:00.0546 3532 ati2mtag - ok
00:04:02.0000 3532 ATICDSDr - ok
00:04:04.0203 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:04:05.0468 3532 Atmarpc - ok
00:04:08.0000 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:04:08.0671 3532 audstub - ok
00:04:14.0281 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:04:14.0328 3532 Beep - ok
00:04:15.0703 3532 BioNT_BS (43e08169407eb3687350818abbc1aac9) C:\Program Files\Paragon Software\Total Defrag 2009\bluescrn\BioNT_bs.sys
00:04:16.0015 3532 BioNT_BS - ok
00:04:19.0078 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:04:19.0125 3532 cbidf2k - ok
00:04:21.0109 3532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:04:21.0859 3532 CCDECODE - ok
00:04:25.0015 3532 cd20xrnt - ok
00:04:27.0015 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:07:12.0015 3532 Cdaudio - ok
00:08:29.0640 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:08:30.0734 3532 Cdfs - ok
00:08:37.0031 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:08:37.0875 3532 Cdrom - ok
00:08:39.0031 3532 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\Quintessential Player\cdrpdacc.sys
00:08:41.0203 3532 CDRPDACC - ok
00:08:49.0578 3532 CmdIde - ok
00:08:57.0718 3532 cmuda2 (7bf58fa324cfecbdfff8150281eeb998) C:\WINDOWS\system32\drivers\cmuda2.sys
00:09:03.0953 3532 cmuda2 - ok
00:09:12.0375 3532 Cpqarray - ok
00:09:19.0593 3532 CSS DVP (d7cde6905f84b438ed3de5997c9b2cfa) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
00:09:20.0265 3532 CSS DVP - ok
00:09:26.0843 3532 dac2w2k - ok
00:09:31.0984 3532 dac960nt - ok
00:09:39.0671 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:09:39.0734 3532 Disk - ok
00:09:52.0000 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:09:55.0859 3532 dmboot - ok
00:11:22.0437 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:11:24.0593 3532 dmio - ok
00:11:32.0484 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:11:32.0593 3532 dmload - ok
00:11:37.0515 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:11:37.0609 3532 DMusic - ok
00:11:45.0234 3532 dpti2o - ok
00:11:50.0593 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:11:50.0687 3532 drmkaud - ok
00:11:58.0703 3532 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
00:11:59.0890 3532 epmntdrv - ok
00:12:06.0437 3532 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
00:12:07.0093 3532 EuGdiDrv - ok
00:12:16.0390 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:12:16.0843 3532 Fastfat - ok
00:12:24.0984 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:12:25.0343 3532 Fdc - ok
00:12:29.0984 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:12:30.0109 3532 Fips - ok
00:12:36.0484 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:12:36.0546 3532 Flpydisk - ok
00:12:43.0000 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:12:43.0656 3532 FltMgr - ok
00:12:48.0843 3532 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
00:12:48.0859 3532 fssfltr - ok
00:12:59.0015 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:12:59.0109 3532 Fs_Rec - ok
00:13:05.0000 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:13:05.0531 3532 Ftdisk - ok
00:13:09.0906 3532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
00:13:09.0968 3532 GEARAspiWDM - ok
00:13:12.0687 3532 getbus - ok
00:13:17.0187 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:13:19.0984 3532 Gpc - ok
00:13:22.0796 3532 GPU-Z - ok
00:13:31.0468 3532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:13:32.0953 3532 HDAudBus - ok
00:13:38.0765 3532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:13:38.0796 3532 HidUsb - ok
00:13:44.0468 3532 hotcore3 (39ae0be51f51a660ce2b14af9be8548f) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
00:13:44.0781 3532 hotcore3 - ok
00:13:49.0156 3532 hpn - ok
00:13:52.0953 3532 HSFHWBS2 (0205764933ebe09b2c0bcbfc005ed939) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
00:13:54.0421 3532 HSFHWBS2 - ok
00:14:02.0000 3532 HSF_DP (a784c4e750b6a6d9bf77062105103c38) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
00:14:07.0328 3532 HSF_DP - ok
00:14:14.0921 3532 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
00:14:16.0953 3532 HSXHWBS2 - ok
00:14:25.0718 3532 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
00:14:33.0984 3532 HSX_DP - ok
00:14:40.0593 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:14:43.0203 3532 HTTP - ok
00:14:48.0531 3532 i2omp - ok
00:14:53.0234 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:14:53.0328 3532 i8042prt - ok
00:14:59.0750 3532 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
00:15:06.0078 3532 iaStor - ok
00:15:15.0265 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:15:15.0500 3532 Imapi - ok
00:15:22.0250 3532 ini910u - ok
00:15:38.0859 3532 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:16:00.0906 3532 IntcAzAudAddService - ok
00:16:06.0078 3532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:16:06.0906 3532 IntelIde - ok
00:16:09.0859 3532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:16:12.0765 3532 intelppm - ok
00:16:18.0109 3532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:16:18.0453 3532 Ip6Fw - ok
00:16:24.0234 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:16:24.0484 3532 IpFilterDriver - ok
00:16:28.0640 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:16:28.0781 3532 IpInIp - ok
00:16:33.0234 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:16:33.0953 3532 IpNat - ok
00:16:38.0250 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:16:38.0359 3532 IPSec - ok
00:16:41.0750 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:16:41.0843 3532 IRENUM - ok
00:16:47.0406 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:16:47.0437 3532 isapnp - ok
00:16:54.0062 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:16:54.0093 3532 Kbdclass - ok
00:16:59.0812 3532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:17:00.0765 3532 kbdhid - ok
00:17:05.0640 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:17:07.0468 3532 kmixer - ok
00:17:11.0781 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:17:11.0843 3532 KSecDD - ok
00:17:15.0390 3532 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
00:17:17.0328 3532 L8042Kbd - ok
00:17:25.0046 3532 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
00:17:25.0078 3532 L8042mou - ok
00:17:31.0875 3532 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
00:17:32.0625 3532 Lbd - ok
00:17:39.0546 3532 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
00:17:39.0593 3532 LHidFilt - ok
00:17:47.0906 3532 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
00:17:49.0453 3532 LMouKE - ok
00:17:54.0703 3532 MaBtc (a8876c6e27f9a22151b4cbd0ea2e7c8b) C:\WINDOWS\system32\DRIVERS\MABTC.sys
00:17:55.0078 3532 MaBtc - ok
00:17:59.0796 3532 MaBtPort (4f5f2fa619fd4795979de13e8a03aec4) C:\WINDOWS\system32\DRIVERS\mabtport.sys
00:18:00.0250 3532 MaBtPort - ok
00:18:05.0500 3532 MaBtVad (336baa362be86361ed60168d33412d3b) C:\WINDOWS\system32\DRIVERS\MaBtVad.sys
00:18:05.0562 3532 MaBtVad - ok
00:18:10.0078 3532 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
00:18:10.0812 3532 MaRdPnp - ok
00:18:17.0578 3532 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
00:18:17.0609 3532 MaVctrl - ok
00:18:24.0328 3532 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:18:24.0515 3532 mdmxsdk - ok
00:18:30.0453 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:18:31.0078 3532 mnmdd - ok
00:18:35.0406 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:18:35.0484 3532 Modem - ok
00:18:39.0718 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:18:39.0750 3532 Mouclass - ok
00:18:46.0109 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:18:46.0359 3532 mouhid - ok
00:18:51.0296 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:18:51.0343 3532 MountMgr - ok
00:18:54.0781 3532 mraid35x - ok
00:18:56.0468 3532 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
00:18:56.0609 3532 MREMPR5 - ok
00:18:59.0078 3532 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
00:18:59.0296 3532 MRENDIS5 - ok
00:19:04.0687 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:19:05.0187 3532 MRxDAV - ok
00:19:09.0359 3532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:19:11.0453 3532 MRxSmb - ok
00:19:17.0421 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:19:17.0453 3532 Msfs - ok
00:19:21.0843 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:19:22.0328 3532 MSKSSRV - ok
00:19:28.0375 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:19:28.0515 3532 MSPCLOCK - ok
00:19:32.0843 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:19:33.0203 3532 MSPQM - ok
00:19:37.0359 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:19:37.0546 3532 mssmbios - ok
00:19:41.0281 3532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:19:41.0312 3532 MSTEE - ok
00:19:44.0015 3532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:19:44.0187 3532 Mup - ok
00:19:49.0921 3532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:19:49.0984 3532 NABTSFEC - ok
00:19:54.0687 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:19:55.0265 3532 NDIS - ok
00:19:59.0250 3532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:19:59.0281 3532 NdisIP - ok
00:20:06.0453 3532 Ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
00:20:06.0515 3532 Ndisrd - ok
00:20:10.0859 3532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:20:10.0906 3532 NdisTapi - ok
00:20:14.0359 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:20:14.0406 3532 Ndisuio - ok
00:20:17.0781 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:20:18.0250 3532 NdisWan - ok
00:20:21.0937 3532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:20:22.0125 3532 NDProxy - ok
00:20:26.0046 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:20:26.0093 3532 NetBIOS - ok
00:20:30.0000 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:20:30.0875 3532 NetBT - ok
00:20:35.0015 3532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:20:35.0359 3532 NIC1394 - ok
00:20:39.0046 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:20:39.0109 3532 Npfs - ok
00:20:43.0359 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:20:50.0718 3532 Ntfs - ok
00:20:53.0812 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:20:53.0843 3532 Null - ok
00:20:57.0593 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:20:57.0875 3532 NwlnkFlt - ok
00:21:00.0406 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:21:00.0531 3532 NwlnkFwd - ok
00:21:03.0625 3532 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
00:21:04.0687 3532 NwlnkIpx - ok
00:21:07.0687 3532 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
00:21:07.0875 3532 NwlnkNb - ok
00:21:11.0453 3532 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
00:21:12.0125 3532 NwlnkSpx - ok
00:21:15.0421 3532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:21:15.0500 3532 ohci1394 - ok
00:21:19.0406 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:21:19.0453 3532 Parport - ok
00:21:23.0250 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:21:23.0296 3532 PartMgr - ok
00:21:27.0171 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:21:27.0203 3532 ParVdm - ok
00:21:31.0937 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:21:32.0187 3532 PCI - ok
00:21:35.0828 3532 PCIDump - ok
00:21:40.0750 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:21:40.0781 3532 PCIIde - ok
00:21:45.0609 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:21:45.0718 3532 Pcmcia - ok
00:21:48.0140 3532 perc2 - ok
00:21:50.0343 3532 perc2hib - ok
00:21:55.0578 3532 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
00:21:55.0718 3532 Point32 - ok
00:21:58.0671 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:21:58.0718 3532 PptpMiniport - ok
00:22:02.0312 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:22:02.0640 3532 PSched - ok
00:22:05.0734 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:22:05.0765 3532 Ptilink - ok
00:22:09.0484 3532 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:22:09.0515 3532 PxHelp20 - ok
00:22:11.0734 3532 ql1080 - ok
00:22:13.0734 3532 Ql10wnt - ok
00:22:15.0828 3532 ql12160 - ok
00:22:18.0359 3532 ql1240 - ok
00:22:20.0125 3532 ql1280 - ok
00:22:22.0703 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:22:23.0031 3532 RasAcd - ok
00:22:26.0953 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:22:26.0984 3532 Rasl2tp - ok
00:22:30.0515 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:22:30.0562 3532 RasPppoe - ok
00:22:34.0453 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:22:34.0500 3532 Raspti - ok
00:22:38.0843 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:22:39.0453 3532 Rdbss - ok
00:22:41.0562 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:22:41.0687 3532 RDPCDD - ok
00:22:44.0828 3532 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:22:45.0421 3532 RDPWD - ok
00:22:47.0953 3532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:22:48.0187 3532 redbook - ok
00:22:50.0406 3532 rootrepeal - ok
00:22:52.0906 3532 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
00:22:53.0250 3532 RTL8023xp - ok
00:22:55.0281 3532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:22:55.0312 3532 rtl8139 - ok
00:22:57.0265 3532 SANDRA (24c68978d48f41084dc00159aa07fab8) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
00:22:57.0437 3532 SANDRA - ok
00:22:58.0500 3532 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:22:58.0765 3532 SASDIFSV - ok
00:23:00.0046 3532 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:23:00.0640 3532 SASKUTIL - ok
00:23:02.0953 3532 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
00:23:03.0140 3532 sbp2port - ok
00:23:06.0500 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:23:06.0531 3532 Secdrv - ok
00:23:10.0015 3532 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:23:10.0343 3532 Serenum - ok
00:23:12.0796 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:23:12.0828 3532 Serial - ok
00:23:16.0234 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:23:16.0375 3532 Sfloppy - ok
00:23:18.0984 3532 Simbad - ok
00:23:20.0906 3532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:23:21.0062 3532 SLIP - ok
00:23:23.0937 3532 Sparrow - ok
00:23:26.0156 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:23:26.0203 3532 splitter - ok
00:23:28.0343 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:23:28.0453 3532 sr - ok
00:23:31.0125 3532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:23:32.0171 3532 Srv - ok
00:23:34.0625 3532 StarOpen (c32c98285d37c258321b5fa84371c6ee) C:\WINDOWS\system32\drivers\StarOpen.sys
00:23:34.0671 3532 StarOpen - ok
00:23:37.0906 3532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:23:38.0078 3532 streamip - ok
00:23:41.0218 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:23:41.0250 3532 swenum - ok
00:23:43.0687 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:23:43.0718 3532 swmidi - ok
00:23:47.0062 3532 symc810 - ok
00:23:48.0906 3532 symc8xx - ok
00:23:51.0609 3532 sym_hi - ok
00:23:53.0265 3532 sym_u3 - ok
00:23:55.0828 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:23:56.0031 3532 sysaudio - ok
00:23:59.0531 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:24:00.0593 3532 Tcpip - ok
00:24:03.0765 3532 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
00:24:04.0406 3532 Tcpip6 - ok
00:24:06.0578 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:24:06.0625 3532 TDPIPE - ok
00:24:08.0140 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:24:08.0171 3532 TDTCP - ok
00:24:10.0421 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:24:10.0734 3532 TermDD - ok
00:24:13.0765 3532 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
00:24:13.0812 3532 tmcomm - ok
00:24:15.0453 3532 TosIde - ok
00:24:18.0125 3532 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
00:24:18.0468 3532 TrueSight - ok
00:24:21.0515 3532 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
00:24:21.0625 3532 tunmp - ok
00:24:23.0703 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:24:23.0750 3532 Udfs - ok
00:24:26.0593 3532 UimBus (a25e0481da469c3af6ad18c1534b874c) C:\WINDOWS\system32\DRIVERS\UimBus.sys
00:24:26.0625 3532 UimBus - ok
00:24:28.0734 3532 Uim_IM (ec2ede874e0eb50a509269676cf5f4bd) C:\WINDOWS\system32\Drivers\Uim_IM.sys
00:24:28.0828 3532 Uim_IM - ok
00:24:30.0515 3532 ultra - ok
00:24:33.0453 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:24:34.0796 3532 Update - ok
00:24:37.0843 3532 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:24:37.0890 3532 USBAAPL - ok
00:24:40.0765 3532 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:24:40.0812 3532 usbaudio - ok
00:24:43.0125 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:24:43.0234 3532 usbccgp - ok
00:24:45.0406 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:24:45.0500 3532 usbehci - ok
00:24:47.0687 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:24:48.0218 3532 usbhub - ok
00:24:50.0671 3532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:24:50.0703 3532 usbohci - ok
00:24:53.0750 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:24:53.0781 3532 usbprint - ok
00:24:56.0125 3532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:24:56.0171 3532 usbscan - ok
00:24:59.0531 3532 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:24:59.0562 3532 usbstor - ok
00:25:02.0203 3532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:25:02.0234 3532 usbuhci - ok
00:25:03.0671 3532 VDDriver (6cdcd3f8266c4ec1b669a229e7641a35) C:\Program Files\Virtual Disk\VDDriver.sys
00:25:03.0781 3532 VDDriver - ok
00:25:05.0953 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:25:05.0984 3532 VgaSave - ok
00:25:07.0796 3532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:25:07.0828 3532 ViaIde - ok
00:25:10.0890 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:25:11.0000 3532 VolSnap - ok
00:25:13.0453 3532 vulfnths - ok
00:25:15.0765 3532 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
00:25:15.0796 3532 vulfntrs - ok
00:25:20.0140 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:25:20.0187 3532 Wanarp - ok
00:25:23.0343 3532 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
00:25:23.0531 3532 wanatw - ok
00:25:27.0234 3532 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:25:29.0078 3532 Wdf01000 - ok
00:25:32.0125 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:25:32.0187 3532 wdmaud - ok
00:25:37.0218 3532 winachsf (b49d4b52d446f8cdd8b7767c28024b11) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:25:39.0640 3532 winachsf - ok
00:25:44.0562 3532 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:25:46.0265 3532 winachsx - ok
00:25:54.0125 3532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:25:54.0296 3532 WS2IFSL - ok
00:25:59.0718 3532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:25:59.0843 3532 WSTCODEC - ok
00:26:03.0125 3532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:26:03.0234 3532 WudfPf - ok
00:26:06.0250 3532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:26:06.0312 3532 WudfRd - ok
00:26:09.0593 3532 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\WINDOWS\system32\DRIVERS\xaudio.sys
00:26:09.0671 3532 XAudio - ok
00:26:13.0765 3532 XIRLINK (f102397d7fc6d6eb3952e9dbda85a37a) C:\WINDOWS\system32\DRIVERS\ucdnt.sys
00:26:17.0468 3532 XIRLINK - ok
00:26:21.0125 3532 MBR (0x1B8) (ed18b096bc416bfb306882a7c2eba877) \Device\Harddisk0\DR0
00:26:21.0703 3532 \Device\Harddisk0\DR0 - ok
00:26:22.0093 3532 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR4
00:26:22.0343 3532 \Device\Harddisk1\DR4 - ok
00:26:22.0656 3532 Boot (0x1200) (37869def36a159d07d0d5ad1205f40bf) \Device\Harddisk0\DR0\Partition0
00:26:22.0687 3532 \Device\Harddisk0\DR0\Partition0 - ok
00:26:23.0078 3532 Boot (0x1200) (f9bed311350efe9cd318a7a6baa13390) \Device\Harddisk0\DR0\Partition1
00:26:23.0093 3532 \Device\Harddisk0\DR0\Partition1 - ok
00:26:24.0281 3532 Boot (0x1200) (67372e70cfb434b82ee2a2e3df6bfcde) \Device\Harddisk0\DR0\Partition2
00:26:24.0312 3532 \Device\Harddisk0\DR0\Partition2 - ok
00:26:25.0484 3532 Boot (0x1200) (135085fb96f17e9db045c09ac1599c79) \Device\Harddisk1\DR4\Partition0
00:26:25.0515 3532 \Device\Harddisk1\DR4\Partition0 - ok
00:26:25.0656 3532 ============================================================
00:26:25.0656 3532 Scan finished
00:26:25.0656 3532 ============================================================
00:26:27.0234 3524 Detected object count: 0
00:26:27.0234 3524 Actual detected object count: 0
00:45:00.0937 3012 Deinitialize success

SystemLook has been running for over 2 hours and doesn't seem to be doing anything. There are now 12 of these RarSFX folders numbered 0-11. Most of them contain a folder SecurityCheck. I believe the iexplorer one was created when I reinstalled IE.

I ran SecurityCheck again after ending the dvpapi.exe process in Task Manager to see if Authentium would appear, but Security Check seems to be stuck. The screen says "Preparing Done!" but no txt file has opened. I may try again tomorrow.

It's 3AM and I'm calling it a night.

Thanks for your help, I really do appreciate it!

Edited by SomersetGuy, 07 March 2012 - 03:14 AM.


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 07 March 2012 - 04:45 PM

Hello again,

I'd like you to try the Windows installer troubleshooter from this page: http://support.microsoft.com/kb/2438651/

Use the automatic Fix It and select the Uninstall programs when asked. See if it will list AVG and/or Authentium and have it try to "fix it" for you.

Let me know how it goes!

Also, do you have your windos installation disk?

bloopie

#14 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 March 2012 - 05:08 PM

Hi Bloopie,

No I did not receive OS disks when I bought this machine. Compaq/HP have a recovery partition which I cannot access. I burned recovery CD's as soon as I took the PC out of the box. When I try to boot with those CDs I receive a message that they are not for this PC.

How do you get OS CDs when you buy a system preloaded and they are not in the box?

I was just trying to run GMER again and got another blue screen, this one was "uwlcraoc.sys The driver is attempting to access memory after it has been freed" a google search on uwlcraoc.sys doesn't look good.

It also seems that we has ticked off something in the system. The reboots are taking much longer and neither Firefox nor IE seem to be opening.

It just seems to have gotten worse, should I re-image this HD and then try the fix-it and re-run the above tools? At least there wont be a 3rd AV that isn't installed properly on it and I should be able to get into safe mode.

Let me know your thoughts. I won't start it until you give me the ok.

Edited by SomersetGuy, 07 March 2012 - 05:16 PM.


#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:34 AM

Posted 07 March 2012 - 07:08 PM

Hi again SomersetGuy,

How do you get OS CDs when you buy a system preloaded and they are not in the box?

You'd probably have to contact Microsoft and have them send you the disk.

a google search on uwlcraoc.sys doesn't look good

You are correct, that file is not good. :thumbup2:

should I re-image this HD and then try the fix-it and re-run the above tools?

That's not a bad idea if you have the software, however since we've dug up some malware I think it's best to get a new set of logs and tools that we can't use here.

*************************

So, it's time to move on!

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Best regards, and best of luck,

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users