Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD showing often


  • This topic is locked This topic is locked
16 replies to this topic

#1 kinde

kinde

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 24 April 2012 - 03:19 PM

I 'm getting lot of BSOD messages which has error codes like: KERNEL_STACK_INPAGE_ERROR or IRQL_DRIVER_LESS_OR_EQUAL....
At event viewer I 'm getting error like "atapi" or "disk"

here is Log of error.


Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 11
Date: 24.4.2012
Time: 22:02:43
User: N/A
Computer: KINDE-EDEDBB325
Description:
The driver detected a controller error on \Device\Harddisk0\D.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 0b 00 04 c0 .......Ą
0010: 01 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 1e ad 3f 0c 00 00 00 ..­?....
0028: b7 77 00 00 00 00 00 00 ·w......
0030: ff ff ff ff 03 00 00 00 ’’’’....
0038: 40 00 00 8f 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ..€. @
0048: 00 00 00 00 14 00 00 00 ........
0050: 00 60 62 89 18 f6 b9 89 .`b‰.ö¹‰
0058: 00 00 00 00 d8 ec 8b 89 ....Ųģ‹‰
0060: 02 00 00 00 8f d6 1f 06 ....Ö..
0068: 2a 08 06 1f d6 8f 00 00 *...֏..
0070: d8 00 00 00 00 00 00 00 Ų.......
0078: f0 00 04 00 00 00 00 0b š.......
0080: 00 00 00 00 08 03 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........



I 'm getting BSOD at different situations,while CPU usage is HIGH or LOW,or after I turn on PC,or after few hours...
Please help it's killing me :/

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 24 April 2012 - 09:54 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 25 April 2012 - 07:02 AM

Here is Report from SecurityCheck:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner (remove only)
Java™ 6 Update 31
Adobe Flash Player 11.2.202.228
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



Here is FSS Log:


Farbar Service Scanner Version: 24-04-2012
Ran by Kinde (administrator) on 25-04-2012 at 13:32:16
Running from "C:\Documents and Settings\Kinde\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2009-06-11 19:55] - [2009-06-11 19:55] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2009-06-11 19:52] - [2009-06-11 19:52] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2009-06-11 19:54] - [2009-06-11 19:54] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2009-06-11 19:54] - [2009-06-11 19:54] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) VBoxNetFlt(9)
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


Here is Log from MiniToolBox


MiniToolBox by Farbar Version: 18-01-2012
Ran by Kinde (administrator) on 25-04-2012 at 13:33:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================
255.255.255.255 easyanticheat.se 255.255.255.255 www.easyanticheat.se 255.255.255.255 easyanticheat.com 255.255.255.255 www.easyanticheat.com 255.255.255.255 easyanticheat.info 255.255.255.255 www.easyanticheat.info 255.255.255.255 easyanticheat.org 255.255.255.255 www.easyanticheat.org

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = ETH (Disconnected)
Scientific-Atlanta WebSTAR 2000 series Cable Modem = USB (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "USB"

set address name="USB" source=dhcp
set dns name="USB" source=dhcp register=PRIMARY
set wins name="USB" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : kinde-ededbb325

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : telemach.ba



Ethernet adapter USB:



Connection-specific DNS Suffix . : telemach.ba

Description . . . . . . . . . . . : Scientific-Atlanta WebSTAR 2000 series Cable Modem

Physical Address. . . . . . . . . : 54-D4-6F-EC-0F-FD

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 77.78.229.218

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 77.78.228.1

DHCP Server . . . . . . . . . . . : 77.77.193.1

DNS Servers . . . . . . . . . . . : 77.77.192.10

77.78.192.10

94.140.66.194

Lease Obtained. . . . . . . . . . : 25. travanj 2012 13:03:51

Lease Expires . . . . . . . . . . : 25. travanj 2012 16:03:51

Server: ns1.telemach.ba
Address: 77.77.192.10

Name: google.com
Addresses: 209.85.148.139, 209.85.148.100, 209.85.148.101, 209.85.148.102
209.85.148.113, 209.85.148.138



Pinging google.com [209.85.148.138] with 32 bytes of data:



Reply from 209.85.148.138: bytes=32 time=45ms TTL=53

Reply from 209.85.148.138: bytes=32 time=45ms TTL=53



Ping statistics for 209.85.148.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 45ms, Average = 45ms

Server: ns1.telemach.ba
Address: 77.77.192.10

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=227ms TTL=44

Reply from 72.30.38.140: bytes=32 time=226ms TTL=44



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 226ms, Maximum = 227ms, Average = 226ms

Server: ns1.telemach.ba
Address: 77.77.192.10

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...54 d4 6f ec 0f fd ...... Scientific-Atlanta WebSTAR 2000 series Cable Modem - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 77.78.228.1 77.78.229.218 30
77.78.228.0 255.255.252.0 77.78.229.218 77.78.229.218 30
77.78.229.218 255.255.255.255 127.0.0.1 127.0.0.1 30
77.255.255.255 255.255.255.255 77.78.229.218 77.78.229.218 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 77.78.229.218 77.78.229.218 30
255.255.255.255 255.255.255.255 77.78.229.218 77.78.229.218 1
Default Gateway: 77.78.228.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/24/2012 08:58:00 PM) (Source: MsiInstaller) (User: Kinde)Kinde
Description: Product: Lenovo Solution Center -- The operating system is not adequate for running Lenovo Solution Center.

Error: (04/22/2012 11:26:55 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module jscript.dll, version 5.8.6001.18702, fault address 0x00025b24.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (04/21/2012 04:08:31 PM) (Source: Application Error) (User: )
Description: Faulting application hl.exe, version 1.1.1.1, faulting module unknown, version 0.0.0.0, fault address 0x09eb5e02.
Processing media-specific event for [hl.exe!ws!]

Error: (04/20/2012 08:19:55 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 18.0.1025.162, faulting module unknown, version 0.0.0.0, fault address 0x0b9390b0.
Processing media-specific event for [chrome.exe!ws!]

Error: (04/20/2012 05:35:09 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x6f420d71.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/01/2006 00:45:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:45:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:45:01 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:45:00 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/01/2006 00:45:00 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (04/25/2012 00:30:36 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (04/25/2012 00:15:05 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:15:05 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (04/25/2012 00:15:05 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:11:47 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:11:47 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:10:56 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:10:56 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:03:37 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/25/2012 00:03:37 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 4.65
Adobe AIR (Version: 3.2.0.2070)
Adobe Bridge 1.0 (Version: 1.0.1.1)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.2.202.228)
Adobe Premiere Pro 2.0 (Version: 2.000.000)
Adobe Reader 9.1 (Version: 9.1.0)
Ashampoo Burning Studio 9.10 (Version: 9.1.0)
µTorrent (Version: 1.8.2)
CCleaner (remove only)
Cool Edit Pro 2.1
Counter-Strike
Counter Strike 1.6 FULL v42
CScreenie (Version: 1.1.9)
Data Lifeguard Diagnostic for Windows 1.24
ESET Online Scanner v3
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
Gather.RS Anti-Cheat version 1.0.0.2 (Version: 1.0.0.2)
Geeks3D.com FurMark 1.10.0
Google Chrome (Version: 18.0.1025.162)
HLSW v1.4.0.2
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Mega Codec Pack 5.1.0 (Version: 5.1.0)
Magic Bullet Looks Vegas
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT Redists (Version: 1.0)
nLite 1.4.9.1 (Version: 1.4.9.1)
Notepad++ (Version: 5.9.8)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Photodex Presenter
PhotoScape
PokIt (Version: 0.7.0)
ProShow Producer
Razer Lachesis (Version: 1.00.0000)
Razer StarCraft II (Version: 1.02.01)
root 1.00
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SHOUTcast DNAS Server v2
Skype™ 4.1 (Version: 4.1.166)
SoundMAX (Version: 5.10.01.6380)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
TeamSpeak 3 Client
TeamViewer 7 (Version: 7.0.12979)
TightVNC 2.0.4 (Version: 2.0.4)
TNod User & Password Finder (Version: 1.4.1.0)
Vegas Pro 10.0 (Version: 10.0.469)
Video Card Stability Test (Version: v.1.0.0.3)
ViewRight Web PC (Version: 2.1.2.3)
WebFldrs XP (Version: 9.50.7523)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0) (Version: 09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00) (Version: 05/10/2007 1.00)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinSCP 4.3.6 (Version: 4.3.6)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2046.04 MB
Available physical RAM: 1158.72 MB
Total Pagefile: 3939.09 MB
Available Pagefile: 3062.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.26 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:195.32 GB) (Free:147.06 GB) NTFS
2 Drive d: () (Fixed) (Total:37.56 GB) (Free:23.8 GB) NTFS

========================= Users: ========================================

User accounts for \\KINDE-EDEDBB325

Administrator ASPNET Guest
HelpAssistant Kinde SUPPORT_388945a0
UpdatusUser


**** End of log ****


Here is Log of Malwarebytes Anti-Malware


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kinde :: KINDE-EDEDBB325 [administrator]

Protection: Enabled

25.4.2012 13:41:01
mbam-log-2012-04-25 (13-41-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196989
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Kinde\Application Data\windowsupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)



Here is Log of ASWMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 13:46:06
-----------------------------
13:46:06.312 OS Version: Windows 5.1.2600 Service Pack 3
13:46:06.312 Number of processors: 2 586 0xF0D
13:46:06.312 ComputerName: KINDE-EDEDBB325 UserName: Kinde
13:46:07.468 Initialize success
13:49:29.671 AVAST engine defs: 12042500
13:49:44.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:49:44.078 Disk 0 Vendor: WDC_WD2500AAKS-00VSA0 01.01B01 Size: 238475MB BusType: 3
13:49:44.093 Disk 0 MBR read successfully
13:49:44.093 Disk 0 MBR scan
13:49:44.125 Disk 0 Windows XP default MBR code
13:49:44.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200004 MB offset 63
13:49:44.125 Disk 0 Partition - 00 0F Extended LBA 38460 MB offset 409609305
13:49:44.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38460 MB offset 409609368
13:49:44.140 Disk 0 scanning sectors +488376000
13:49:44.234 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:49.343 Service scanning
13:50:00.031 Modules scanning
13:50:04.156 Disk 0 trace - called modules:
13:50:04.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:50:04.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dffab8]
13:50:04.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000059[0x89df7f18]
13:50:04.203 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d92d98]
13:50:04.703 AVAST engine scan C:\WINDOWS
13:50:08.078 AVAST engine scan C:\WINDOWS\system32
13:52:11.750 AVAST engine scan C:\WINDOWS\system32\drivers
13:52:24.140 AVAST engine scan C:\Documents and Settings\Kinde
13:59:51.453 AVAST engine scan C:\Documents and Settings\All Users
14:00:31.234 Scan finished successfully
14:01:51.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kinde\Desktop\MBR.dat"
14:01:51.671 The log file has been saved successfully to "C:\Documents and Settings\Kinde\Desktop\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 25 April 2012 - 09:12 PM

I'd like to see couple more logs...

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

==================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 April 2012 - 09:54 AM

Here is Log from Bootkit Remover



Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


Here is Log from GMER:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-26 16:53:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAKS-00VSA0 rev.01.01B01
Running: gmer.exe; Driver: C:\DOCUME~1\Kinde\LOCALS~1\Temp\ffadyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8B223C0, 0x95B7EA, 0xE8000020]

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Kinde\Application Data\Mozilla\Firefox\Profiles\9kg0sbhd.default\gm_scripts\Keep_Tube_Download_Youtube_Videos,_Dailymotion,_Megavideo,_Metacafe,_Google,_Yahoo,_Spike,_Myspace,_Facebook,_Veoh,_Break,_Current,_Redtube_videos_and_more!\47636.user.js 9225 bytes

---- EOF - GMER 1.0.15 ----



Thanks for your fast answer !

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 26 April 2012 - 10:47 AM

That looks good.

Now...

1. You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

2. Your "hosts" file has been hijacked.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

*********************

Re-run MiniToolbox.
Checkmark following boxes:
  • List content of Hosts
Click Go and post the result.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 April 2012 - 02:12 PM

Here is Log from Mini Tool Box:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kinde (administrator) on 26-04-2012 at 19:23:11
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost


**** End of log ****


I have fixed my "hosts" file.


I downloaded,installed and updated AVAST.
I run scan for 2 times,it has detected 4 VIRUS
but in middle of scan,computer restarts and show BSOD with error: KERNEL_STACK_INPAGE_ERROR

I couldn't copy LOG,but i have taken SS:

http://pokit.org/get/?38e726519ba0c41b43b9d74f2b125114.png


Help please :/

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 26 April 2012 - 02:19 PM

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 April 2012 - 02:33 PM

Here is log from blue screen viewer



==================================================
Dump File : Mini042612-01.dmp
Crash Time : 26.4.2012 17:47:48
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000006
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xb9e1d508
Caused By Driver : NDIS.sys
Caused By Address : NDIS.sys+3508
File Description : NDIS 5.1 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : NDIS.sys+3508
Stack Address 1 : Sacm2A.sys+cd8
Stack Address 2 : Sacm2A.sys+c46
Stack Address 3 : Sacm2A.sys+b2d
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042512-01.dmp
Crash Time : 25.4.2012 17:59:02
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf85523c
Parameter 3 : 0xb1affc3c
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+5523c
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5756 (xpsp_sp3_qfe.090209-1316)
Processor : 32-bit
Crash Address : win32k.sys+5523c
Stack Address 1 : win32k.sys+b6c17
Stack Address 2 : win32k.sys+b5a09
Stack Address 3 : win32k.sys+b5245
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042312-01.dmp
Crash Time : 23.4.2012 14:03:50
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc000001d
Parameter 2 : 0xbf899422
Parameter 3 : 0xb220aca4
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+99422
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5756 (xpsp_sp3_qfe.090209-1316)
Processor : 32-bit
Crash Address : win32k.sys+99422
Stack Address 1 : win32k.sys+16b2
Stack Address 2 : win32k.sys+2ffae
Stack Address 3 : ntoskrnl.exe+6a62c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-09.dmp
Crash Time : 21.4.2012 17:37:22
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x3089ec55
Parameter 3 : 0xba4e7bb4
Parameter 4 : 0xba4e78b0
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+67e0
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntoskrnl.exe+ab2f
Stack Address 2 : ntoskrnl.exe+100fc
Stack Address 3 : ntoskrnl.exe+6177d
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-09.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-08.dmp
Crash Time : 21.4.2012 17:30:37
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000320
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x806e6a2a
Caused By Driver : hal.dll
Caused By Address : hal.dll+2a2a
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : hal.dll+2a2a
Stack Address 1 : ntoskrnl.exe+3f66e
Stack Address 2 : ntoskrnl.exe+49249
Stack Address 3 : ntoskrnl.exe+44071
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-08.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-07.dmp
Crash Time : 21.4.2012 17:22:09
Bug Check String : ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
Bug Check Code : 0x000000fc
Parameter 1 : 0xba4e3b84
Parameter 2 : 0x0a378963
Parameter 3 : 0xba4e3b18
Parameter 4 : 0x00000001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : ntoskrnl.exe+4937a
Stack Address 2 : ntoskrnl.exe+6d588
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-07.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-06.dmp
Crash Time : 21.4.2012 15:05:07
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0xf8af6cbc
Parameter 2 : 0x00000001
Parameter 3 : 0x00000000
Parameter 4 : 0x80505f17
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2ef17
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2ef17
Stack Address 1 : ntoskrnl.exe+43f5d
Stack Address 2 : ntoskrnl.exe+aad9
Stack Address 3 : ntoskrnl.exe+100fc
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-05.dmp
Crash Time : 21.4.2012 14:33:55
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x2444f7eb
Parameter 2 : 0x000000ff
Parameter 3 : 0x00000001
Parameter 4 : 0x80543f2d
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6cf2d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6cf2d
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-04.dmp
Crash Time : 21.4.2012 14:19:53
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804e8728
Parameter 3 : 0xb84dfb30
Parameter 4 : 0xb84df82c
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+11728
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)
Processor : 32-bit
Crash Address : ntoskrnl.exe+11728
Stack Address 1 : ntoskrnl.exe+1193b
Stack Address 2 : ntoskrnl.exe+aa7c
Stack Address 3 : ntoskrnl.exe+100fc
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-03.dmp
Crash Time : 21.4.2012 14:17:07
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8051b3a1
Parameter 3 : 0xb84e3a9c
Parameter 4 : 0xb84e3798
Caused By Driver : hal.dll
Caused By Address : hal.dll+2aa8
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+443a1
Stack Address 1 : ntoskrnl.exe+939cc
Stack Address 2 : ntoskrnl.exe+11239
Stack Address 3 : ntoskrnl.exe+1144e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-02.dmp
Crash Time : 21.4.2012 13:15:47
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xd15fe408
Parameter 2 : 0x00000001
Parameter 3 : 0xb7e68a14
Parameter 4 : 0x00000000
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+21a14
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : Ntfs.sys+21a14
Stack Address 1 : Ntfs.sys+216d6
Stack Address 2 : Ntfs.sys+211ff
Stack Address 3 : Ntfs.sys+3027b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042112-01.dmp
Crash Time : 21.4.2012 12:59:02
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0xb8340d70
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6d4ff
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6d4ff
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

==================================================
Dump File : Mini042012-01.dmp
Crash Time : 20.4.2012 22:15:30
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+2427
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntoskrnl.exe+100fc
Stack Address 2 : ntoskrnl.exe+6177d
Stack Address 3 : ntoskrnl.exe+f8fa0
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90.112
==================================================

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 26 April 2012 - 02:36 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 April 2012 - 02:40 PM

Here is Report:



21:38:37.0062 3576 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:38:37.0250 3576 ============================================================
21:38:37.0250 3576 Current date / time: 2012/04/26 21:38:37.0250
21:38:37.0250 3576 SystemInfo:
21:38:37.0250 3576
21:38:37.0250 3576 OS Version: 5.1.2600 ServicePack: 3.0
21:38:37.0250 3576 Product type: Workstation
21:38:37.0250 3576 ComputerName: KINDE-EDEDBB325
21:38:37.0250 3576 UserName: Kinde
21:38:37.0250 3576 Windows directory: C:\WINDOWS
21:38:37.0250 3576 System windows directory: C:\WINDOWS
21:38:37.0250 3576 Processor architecture: Intel x86
21:38:37.0250 3576 Number of processors: 2
21:38:37.0250 3576 Page size: 0x1000
21:38:37.0250 3576 Boot type: Normal boot
21:38:37.0250 3576 ============================================================
21:38:40.0421 3576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:38:40.0421 3576 ============================================================
21:38:40.0421 3576 \Device\Harddisk0\DR0:
21:38:40.0421 3576 MBR partitions:
21:38:40.0421 3576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x186A241A
21:38:40.0437 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x186A2498, BlocksNum 0x4B1E228
21:38:40.0437 3576 ============================================================
21:38:40.0468 3576 D: <-> \Device\Harddisk0\DR0\Partition1
21:38:40.0500 3576 C: <-> \Device\Harddisk0\DR0\Partition0
21:38:40.0515 3576 ============================================================
21:38:40.0515 3576 Initialize success
21:38:40.0515 3576 ============================================================
21:38:48.0046 2544 ============================================================
21:38:48.0046 2544 Scan started
21:38:48.0046 2544 Mode: Manual;
21:38:48.0046 2544 ============================================================
21:38:48.0406 2544 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:38:48.0406 2544 Aavmker4 - ok
21:38:48.0406 2544 Abiosdsk - ok
21:38:48.0421 2544 abp480n5 - ok
21:38:48.0453 2544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:38:48.0453 2544 ACPI - ok
21:38:48.0500 2544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:38:48.0500 2544 ACPIEC - ok
21:38:48.0531 2544 ADIHdAudAddService (d81da6943a4c03dbb1e1db8ae74c75f3) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:38:48.0546 2544 ADIHdAudAddService - ok
21:38:48.0625 2544 Adobe LM Service (4bc381316f422f3a5d5a957d3aa2224e) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:38:48.0625 2544 Adobe LM Service - ok
21:38:48.0671 2544 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:38:48.0718 2544 AdobeFlashPlayerUpdateSvc - ok
21:38:48.0718 2544 adpu160m - ok
21:38:48.0718 2544 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
21:38:48.0734 2544 AEAudio - ok
21:38:48.0765 2544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:38:48.0765 2544 aec - ok
21:38:48.0781 2544 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
21:38:48.0781 2544 AFD - ok
21:38:48.0796 2544 Aha154x - ok
21:38:48.0796 2544 aic78u2 - ok
21:38:48.0796 2544 aic78xx - ok
21:38:48.0828 2544 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:38:48.0828 2544 Alerter - ok
21:38:48.0828 2544 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:38:48.0828 2544 ALG - ok
21:38:48.0828 2544 AliIde - ok
21:38:48.0843 2544 amsint - ok
21:38:48.0859 2544 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:38:48.0859 2544 AppMgmt - ok
21:38:48.0875 2544 asc - ok
21:38:48.0875 2544 asc3350p - ok
21:38:48.0875 2544 asc3550 - ok
21:38:48.0937 2544 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:38:48.0937 2544 aspnet_state - ok
21:38:48.0953 2544 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:38:48.0953 2544 aswFsBlk - ok
21:38:48.0968 2544 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
21:38:48.0968 2544 aswMon2 - ok
21:38:48.0984 2544 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
21:38:48.0984 2544 AswRdr - ok
21:38:49.0031 2544 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
21:38:49.0046 2544 aswSnx - ok
21:38:49.0078 2544 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
21:38:49.0078 2544 aswSP - ok
21:38:49.0093 2544 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
21:38:49.0093 2544 aswTdi - ok
21:38:49.0109 2544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:38:49.0109 2544 AsyncMac - ok
21:38:49.0125 2544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:38:49.0125 2544 atapi - ok
21:38:49.0125 2544 Atdisk - ok
21:38:49.0140 2544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:38:49.0140 2544 Atmarpc - ok
21:38:49.0171 2544 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:38:49.0171 2544 AudioSrv - ok
21:38:49.0203 2544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:38:49.0203 2544 audstub - ok
21:38:49.0296 2544 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:38:49.0296 2544 avast! Antivirus - ok
21:38:49.0343 2544 b57w2k (741dfbf3a4dc41a400dbc71199564853) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:38:49.0343 2544 b57w2k - ok
21:38:49.0375 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:38:49.0375 2544 Beep - ok
21:38:49.0421 2544 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:38:49.0484 2544 BITS - ok
21:38:49.0531 2544 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:38:49.0531 2544 Browser - ok
21:38:49.0546 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:38:49.0546 2544 cbidf2k - ok
21:38:49.0546 2544 cd20xrnt - ok
21:38:49.0578 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:38:49.0578 2544 Cdaudio - ok
21:38:49.0578 2544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:38:49.0578 2544 Cdfs - ok
21:38:49.0593 2544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:38:49.0593 2544 Cdrom - ok
21:38:49.0593 2544 Changer - ok
21:38:49.0625 2544 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:38:49.0625 2544 CiSvc - ok
21:38:49.0625 2544 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:38:49.0625 2544 ClipSrv - ok
21:38:49.0703 2544 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:49.0718 2544 clr_optimization_v2.0.50727_32 - ok
21:38:49.0718 2544 CmdIde - ok
21:38:49.0718 2544 COMSysApp - ok
21:38:49.0734 2544 Cpqarray - ok
21:38:49.0765 2544 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:38:49.0765 2544 CryptSvc - ok
21:38:49.0765 2544 dac2w2k - ok
21:38:49.0781 2544 dac960nt - ok
21:38:49.0843 2544 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
21:38:49.0890 2544 DcomLaunch - ok
21:38:49.0921 2544 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:38:49.0921 2544 Dhcp - ok
21:38:49.0937 2544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:38:49.0937 2544 Disk - ok
21:38:49.0937 2544 dmadmin - ok
21:38:50.0000 2544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:38:50.0000 2544 dmboot - ok
21:38:50.0031 2544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:38:50.0031 2544 dmio - ok
21:38:50.0046 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:38:50.0046 2544 dmload - ok
21:38:50.0046 2544 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:38:50.0062 2544 dmserver - ok
21:38:50.0093 2544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:38:50.0093 2544 DMusic - ok
21:38:50.0093 2544 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
21:38:50.0093 2544 Dnscache - ok
21:38:50.0125 2544 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:38:50.0140 2544 Dot3svc - ok
21:38:50.0140 2544 dpti2o - ok
21:38:50.0156 2544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:38:50.0156 2544 drmkaud - ok
21:38:50.0171 2544 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:38:50.0171 2544 EapHost - ok
21:38:50.0171 2544 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:38:50.0171 2544 ERSvc - ok
21:38:50.0203 2544 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
21:38:50.0218 2544 Eventlog - ok
21:38:50.0234 2544 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll
21:38:50.0234 2544 EventSystem - ok
21:38:50.0265 2544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:38:50.0265 2544 Fastfat - ok
21:38:50.0296 2544 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
21:38:50.0312 2544 FastUserSwitchingCompatibility - ok
21:38:50.0312 2544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:38:50.0312 2544 Fdc - ok
21:38:50.0328 2544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:38:50.0328 2544 Fips - ok
21:38:50.0343 2544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:38:50.0343 2544 Flpydisk - ok
21:38:50.0390 2544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:38:50.0390 2544 FltMgr - ok
21:38:50.0500 2544 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:38:50.0500 2544 FontCache3.0.0.0 - ok
21:38:50.0515 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:38:50.0515 2544 Fs_Rec - ok
21:38:50.0515 2544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:38:50.0515 2544 Ftdisk - ok
21:38:50.0546 2544 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
21:38:50.0546 2544 giveio - ok
21:38:50.0578 2544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:38:50.0578 2544 Gpc - ok
21:38:50.0593 2544 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
21:38:50.0593 2544 HdAudAddService - ok
21:38:50.0609 2544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:38:50.0609 2544 HDAudBus - ok
21:38:50.0656 2544 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:38:50.0656 2544 helpsvc - ok
21:38:50.0703 2544 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:38:50.0703 2544 HidServ - ok
21:38:50.0718 2544 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:38:50.0718 2544 hidusb - ok
21:38:50.0734 2544 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:38:50.0750 2544 hkmsvc - ok
21:38:50.0750 2544 hpn - ok
21:38:50.0796 2544 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:38:50.0796 2544 HTTP - ok
21:38:50.0843 2544 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:38:50.0859 2544 HTTPFilter - ok
21:38:50.0859 2544 i2omgmt - ok
21:38:50.0859 2544 i2omp - ok
21:38:50.0875 2544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:38:50.0875 2544 i8042prt - ok
21:38:51.0171 2544 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:38:51.0265 2544 ialm - ok
21:38:51.0437 2544 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:38:51.0453 2544 idsvc - ok
21:38:51.0546 2544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:38:51.0546 2544 Imapi - ok
21:38:51.0593 2544 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:38:51.0609 2544 ImapiService - ok
21:38:51.0625 2544 ini910u - ok
21:38:51.0656 2544 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:38:51.0656 2544 IntelIde - ok
21:38:51.0703 2544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:38:51.0703 2544 intelppm - ok
21:38:51.0734 2544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:38:51.0734 2544 Ip6Fw - ok
21:38:51.0765 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:38:51.0765 2544 IpFilterDriver - ok
21:38:51.0765 2544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:38:51.0765 2544 IpInIp - ok
21:38:51.0796 2544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:38:51.0812 2544 IpNat - ok
21:38:51.0828 2544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:38:51.0828 2544 IPSec - ok
21:38:51.0875 2544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:38:51.0875 2544 IRENUM - ok
21:38:51.0890 2544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:38:51.0890 2544 isapnp - ok
21:38:52.0000 2544 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
21:38:52.0015 2544 JavaQuickStarterService - ok
21:38:52.0046 2544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:38:52.0062 2544 Kbdclass - ok
21:38:52.0093 2544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:38:52.0093 2544 kbdhid - ok
21:38:52.0140 2544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:38:52.0140 2544 kmixer - ok
21:38:52.0171 2544 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
21:38:52.0171 2544 KSecDD - ok
21:38:52.0187 2544 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:38:52.0203 2544 L8042Kbd - ok
21:38:52.0234 2544 LachesisFltr (5e34cd48b7eb440bb77e93528cc9f0cc) C:\WINDOWS\system32\drivers\Lachesis.sys
21:38:52.0234 2544 LachesisFltr - ok
21:38:52.0281 2544 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
21:38:52.0296 2544 LanmanServer - ok
21:38:52.0328 2544 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
21:38:52.0343 2544 lanmanworkstation - ok
21:38:52.0343 2544 lbrtfdc - ok
21:38:52.0375 2544 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:38:52.0375 2544 LmHosts - ok
21:38:52.0406 2544 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:38:52.0406 2544 MBAMProtector - ok
21:38:52.0484 2544 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:38:52.0484 2544 MBAMService - ok
21:38:52.0515 2544 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:38:52.0515 2544 Messenger - ok
21:38:52.0531 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:38:52.0531 2544 mnmdd - ok
21:38:52.0562 2544 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:38:52.0562 2544 mnmsrvc - ok
21:38:52.0593 2544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:38:52.0593 2544 Modem - ok
21:38:52.0609 2544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:38:52.0609 2544 Mouclass - ok
21:38:52.0609 2544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:38:52.0609 2544 mouhid - ok
21:38:52.0625 2544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:38:52.0625 2544 MountMgr - ok
21:38:52.0625 2544 mraid35x - ok
21:38:52.0640 2544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:38:52.0640 2544 MRxDAV - ok
21:38:52.0671 2544 MRxSmb (7170ab42b51954def2781a4d1cce65f4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:38:52.0687 2544 MRxSmb - ok
21:38:52.0718 2544 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:38:52.0718 2544 MSDTC - ok
21:38:52.0718 2544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:38:52.0718 2544 Msfs - ok
21:38:52.0734 2544 MSIServer - ok
21:38:52.0750 2544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:38:52.0750 2544 MSKSSRV - ok
21:38:52.0765 2544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:38:52.0765 2544 MSPCLOCK - ok
21:38:52.0765 2544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:38:52.0765 2544 MSPQM - ok
21:38:52.0765 2544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:38:52.0765 2544 mssmbios - ok
21:38:52.0781 2544 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:38:52.0781 2544 Mup - ok
21:38:52.0812 2544 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:38:52.0828 2544 napagent - ok
21:38:52.0843 2544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:38:52.0843 2544 NDIS - ok
21:38:52.0875 2544 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:38:52.0875 2544 NdisTapi - ok
21:38:52.0890 2544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:38:52.0890 2544 Ndisuio - ok
21:38:52.0890 2544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:38:52.0890 2544 NdisWan - ok
21:38:52.0906 2544 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:38:52.0906 2544 NDProxy - ok
21:38:52.0906 2544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:38:52.0906 2544 NetBIOS - ok
21:38:52.0921 2544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:38:52.0921 2544 NetBT - ok
21:38:52.0953 2544 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:38:52.0968 2544 NetDDE - ok
21:38:52.0968 2544 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:38:52.0984 2544 NetDDEdsdm - ok
21:38:53.0000 2544 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:53.0000 2544 Netlogon - ok
21:38:53.0015 2544 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:38:53.0031 2544 Netman - ok
21:38:53.0125 2544 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:53.0125 2544 NetTcpPortSharing - ok
21:38:53.0125 2544 nisvwb - ok
21:38:53.0156 2544 Nla (fcee5fcb99f7c724593365c706d28388) C:\WINDOWS\System32\mswsock.dll
21:38:53.0171 2544 Nla - ok
21:38:53.0171 2544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:38:53.0171 2544 Npfs - ok
21:38:53.0203 2544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:38:53.0218 2544 Ntfs - ok
21:38:53.0218 2544 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:53.0218 2544 NtLmSsp - ok
21:38:53.0265 2544 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:38:53.0312 2544 NtmsSvc - ok
21:38:53.0328 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:38:53.0328 2544 Null - ok
21:38:54.0062 2544 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:38:54.0250 2544 nv - ok
21:38:54.0390 2544 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
21:38:54.0406 2544 NVSvc - ok
21:38:54.0593 2544 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:38:54.0640 2544 nvUpdatusService - ok
21:38:54.0718 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:38:54.0718 2544 NwlnkFlt - ok
21:38:54.0718 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:38:54.0718 2544 NwlnkFwd - ok
21:38:54.0812 2544 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:38:54.0828 2544 odserv - ok
21:38:54.0921 2544 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:38:54.0937 2544 ose - ok
21:38:54.0984 2544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:38:55.0000 2544 Parport - ok
21:38:55.0015 2544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:38:55.0031 2544 PartMgr - ok
21:38:55.0031 2544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:38:55.0046 2544 ParVdm - ok
21:38:55.0062 2544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:38:55.0062 2544 PCI - ok
21:38:55.0078 2544 PCIDump - ok
21:38:55.0078 2544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:38:55.0078 2544 PCIIde - ok
21:38:55.0109 2544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:38:55.0109 2544 Pcmcia - ok
21:38:55.0109 2544 PDCOMP - ok
21:38:55.0109 2544 PDFRAME - ok
21:38:55.0125 2544 PDRELI - ok
21:38:55.0125 2544 PDRFRAME - ok
21:38:55.0140 2544 perc2 - ok
21:38:55.0187 2544 perc2hib - ok
21:38:55.0218 2544 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
21:38:55.0234 2544 PlugPlay - ok
21:38:55.0265 2544 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:55.0265 2544 PolicyAgent - ok
21:38:55.0296 2544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:38:55.0296 2544 PptpMiniport - ok
21:38:55.0312 2544 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:55.0359 2544 ProtectedStorage - ok
21:38:55.0375 2544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:38:55.0375 2544 PSched - ok
21:38:55.0390 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:38:55.0390 2544 Ptilink - ok
21:38:55.0421 2544 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:38:55.0421 2544 PxHelp20 - ok
21:38:55.0421 2544 ql1080 - ok
21:38:55.0437 2544 Ql10wnt - ok
21:38:55.0437 2544 ql12160 - ok
21:38:55.0453 2544 ql1240 - ok
21:38:55.0468 2544 ql1280 - ok
21:38:55.0484 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:38:55.0484 2544 RasAcd - ok
21:38:55.0531 2544 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:38:55.0546 2544 RasAuto - ok
21:38:55.0562 2544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:38:55.0578 2544 Rasl2tp - ok
21:38:55.0593 2544 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:38:55.0625 2544 RasMan - ok
21:38:55.0625 2544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:38:55.0625 2544 RasPppoe - ok
21:38:55.0640 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:38:55.0640 2544 Raspti - ok
21:38:55.0656 2544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:38:55.0671 2544 Rdbss - ok
21:38:55.0671 2544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:38:55.0671 2544 RDPCDD - ok
21:38:55.0734 2544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:38:55.0750 2544 rdpdr - ok
21:38:55.0781 2544 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:38:55.0781 2544 RDPWD - ok
21:38:55.0812 2544 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:38:55.0843 2544 RDSessMgr - ok
21:38:55.0875 2544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:38:55.0875 2544 redbook - ok
21:38:55.0890 2544 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:38:55.0906 2544 RemoteAccess - ok
21:38:55.0921 2544 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:38:55.0937 2544 RemoteRegistry - ok
21:38:55.0953 2544 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:38:55.0953 2544 RpcLocator - ok
21:38:56.0000 2544 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
21:38:56.0000 2544 RpcSs - ok
21:38:56.0015 2544 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:38:56.0031 2544 RSVP - ok
21:38:56.0031 2544 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:56.0031 2544 SamSs - ok
21:38:56.0046 2544 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:38:56.0046 2544 SCardSvr - ok
21:38:56.0093 2544 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:38:56.0125 2544 Schedule - ok
21:38:56.0218 2544 ScsiAccess (958e956e119eb7b9aba142afed1b5ff4) C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
21:38:56.0218 2544 ScsiAccess - ok
21:38:56.0234 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:38:56.0234 2544 Secdrv - ok
21:38:56.0265 2544 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:38:56.0281 2544 seclogon - ok
21:38:56.0328 2544 SenFiltService (f537b84461653b28e0c75da7e83169c6) C:\WINDOWS\system32\drivers\Senfilt.sys
21:38:56.0328 2544 SenFiltService - ok
21:38:56.0328 2544 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:38:56.0343 2544 SENS - ok
21:38:56.0359 2544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:38:56.0359 2544 serenum - ok
21:38:56.0359 2544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:38:56.0375 2544 Serial - ok
21:38:56.0437 2544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:38:56.0437 2544 Sfloppy - ok
21:38:56.0640 2544 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:38:56.0656 2544 SharedAccess - ok
21:38:56.0687 2544 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
21:38:56.0703 2544 ShellHWDetection - ok
21:38:56.0703 2544 Simbad - ok
21:38:56.0703 2544 Sparrow - ok
21:38:56.0734 2544 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
21:38:56.0750 2544 speedfan - ok
21:38:56.0812 2544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:38:56.0812 2544 splitter - ok
21:38:56.0828 2544 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
21:38:56.0843 2544 Spooler - ok
21:38:56.0843 2544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:38:56.0843 2544 sr - ok
21:38:56.0859 2544 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:38:56.0875 2544 srservice - ok
21:38:56.0890 2544 Srv (e89b42b216bc86ada4345908284519cb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:38:56.0890 2544 Srv - ok
21:38:56.0906 2544 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:38:56.0921 2544 SSDPSRV - ok
21:38:56.0937 2544 Steam Client Service - ok
21:38:56.0984 2544 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:38:57.0000 2544 stisvc - ok
21:38:57.0000 2544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:38:57.0000 2544 swenum - ok
21:38:57.0031 2544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:38:57.0046 2544 swmidi - ok
21:38:57.0046 2544 SwPrv - ok
21:38:57.0046 2544 symc810 - ok
21:38:57.0046 2544 symc8xx - ok
21:38:57.0046 2544 sym_hi - ok
21:38:57.0062 2544 sym_u3 - ok
21:38:57.0093 2544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:38:57.0109 2544 sysaudio - ok
21:38:57.0109 2544 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:38:57.0125 2544 SysmonLog - ok
21:38:57.0140 2544 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:38:57.0156 2544 TapiSrv - ok
21:38:57.0187 2544 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:38:57.0187 2544 Tcpip - ok
21:38:57.0218 2544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:38:57.0218 2544 TDPIPE - ok
21:38:57.0234 2544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:38:57.0234 2544 TDTCP - ok
21:38:57.0250 2544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:38:57.0250 2544 TermDD - ok
21:38:57.0281 2544 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:38:57.0296 2544 TermService - ok
21:38:57.0312 2544 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
21:38:57.0328 2544 Themes - ok
21:38:57.0343 2544 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:38:57.0375 2544 TlntSvr - ok
21:38:57.0375 2544 TosIde - ok
21:38:57.0406 2544 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:38:57.0421 2544 TrkWks - ok
21:38:57.0437 2544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:38:57.0437 2544 Udfs - ok
21:38:57.0453 2544 ultra - ok
21:38:57.0484 2544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:38:57.0484 2544 Update - ok
21:38:57.0515 2544 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:38:57.0531 2544 upnphost - ok
21:38:57.0531 2544 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:38:57.0546 2544 UPS - ok
21:38:57.0578 2544 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:38:57.0593 2544 usbaudio - ok
21:38:57.0609 2544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:38:57.0609 2544 usbccgp - ok
21:38:57.0640 2544 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
21:38:57.0656 2544 USBCM - ok
21:38:57.0703 2544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:38:57.0703 2544 usbehci - ok
21:38:57.0718 2544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:38:57.0718 2544 usbhub - ok
21:38:57.0734 2544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:38:57.0765 2544 USBSTOR - ok
21:38:57.0781 2544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:38:57.0781 2544 usbuhci - ok
21:38:57.0812 2544 VBoxNetAdp (226cd9e42be28a84ec56430fbb57224f) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
21:38:57.0828 2544 VBoxNetAdp - ok
21:38:57.0828 2544 VBoxNetFlt - ok
21:38:57.0828 2544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:38:57.0828 2544 VgaSave - ok
21:38:57.0843 2544 ViaIde - ok
21:38:57.0875 2544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:38:57.0875 2544 VolSnap - ok
21:38:57.0906 2544 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:38:57.0921 2544 VSS - ok
21:38:57.0968 2544 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:38:58.0031 2544 W32Time - ok
21:38:58.0062 2544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:38:58.0062 2544 Wanarp - ok
21:38:58.0062 2544 WDICA - ok
21:38:58.0109 2544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:38:58.0109 2544 wdmaud - ok
21:38:58.0125 2544 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:38:58.0140 2544 WebClient - ok
21:38:58.0218 2544 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:38:58.0234 2544 winmgmt - ok
21:38:58.0265 2544 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:38:58.0281 2544 WmdmPmSN - ok
21:38:58.0328 2544 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll
21:38:58.0343 2544 Wmi - ok
21:38:58.0375 2544 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:38:58.0375 2544 WmiApSrv - ok
21:38:58.0468 2544 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:38:58.0500 2544 WMPNetworkSvc - ok
21:38:58.0562 2544 WPFFontCache_v0400 - ok
21:38:58.0609 2544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:38:58.0625 2544 WS2IFSL - ok
21:38:58.0625 2544 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:38:58.0640 2544 wscsvc - ok
21:38:58.0671 2544 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:38:58.0703 2544 wuauserv - ok
21:38:58.0734 2544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:38:58.0734 2544 WudfPf - ok
21:38:58.0734 2544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:38:58.0750 2544 WudfRd - ok
21:38:58.0781 2544 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:38:58.0796 2544 WudfSvc - ok
21:38:58.0843 2544 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:38:58.0859 2544 WZCSVC - ok
21:38:58.0890 2544 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:38:58.0921 2544 xmlprov - ok
21:38:58.0937 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:38:59.0093 2544 \Device\Harddisk0\DR0 - ok
21:38:59.0093 2544 Boot (0x1200) (4d37aa8fe28603bfb6527f97851bdb90) \Device\Harddisk0\DR0\Partition0
21:38:59.0093 2544 \Device\Harddisk0\DR0\Partition0 - ok
21:38:59.0125 2544 Boot (0x1200) (22e9e1b89b40f6e711b4253abd7f8081) \Device\Harddisk0\DR0\Partition1
21:38:59.0125 2544 \Device\Harddisk0\DR0\Partition1 - ok
21:38:59.0125 2544 ============================================================
21:38:59.0125 2544 Scan finished
21:38:59.0125 2544 ============================================================
21:38:59.0140 3612 Detected object count: 0
21:38:59.0140 3612 Actual detected object count: 0

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 26 April 2012 - 02:41 PM

That's clean.

Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.

NOTE. If your hard drive is made by Toshiba, unfortunately, you're out of luck, because Toshiba doesn't provide any diagnostic tool.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 April 2012 - 02:51 PM

I have downloaded carefully choosed product for my HDD ( Western Digital)
http://support.wdc.com/product/download.asp?groupid=606&sid=3&lang=en

test finished corretly and here is log:


Test Option: QUICK TEST
Model Number: WDC WD2500AAKS-00VSA0
Unit Serial Number: WD-WMART0482581
Firmware Number: 01.01B01
Capacity: 250.06 GB
SMART Status: PASS
Test Result: PASS
Test Time: 21:50:34, April 26, 2012

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:44 AM

Posted 26 April 2012 - 03:02 PM

I want you go for more advanced checks.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 26 April 2012 - 03:54 PM

ok thank You a lot for helping me i hope I 'll find solution for my problem
Thanks one more time

Best regrads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users