Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CI.dll boot BSOD, Vista x64


  • This topic is locked This topic is locked
57 replies to this topic

#1 BlueScreenAddict

BlueScreenAddict

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 05 February 2013 - 03:02 PM

Hi,

I am having what seems to be a wide-spread problem with BSOD during boot (Vista x64), with the error:

***STOP: 0x0000007E (...)

*** CI.dll - Address FFFFFA60006F7841 base at FFFFFA60006B5000, Datestamp 47be5bb6

This started happening about three weeks ago, occurring about 50% of the time, now it occurs 100% of the time (including Safe Mode...).

I have run several different anti-malware/spyware programs (no serious threats found) as well as CHKDSK, SFC, memory diagnostics, etc

I followed the advice on another forum:
http://www.sevenforums.com/crashes-debugging/158973-boot-critical-file-4.html
(i.e. replace CI.dll with copy from installation disk, then command window from bootdisk: bootrec.exe /fixmbr,
del C:\boot\bcd, bootrec.exe/rebuildbcd)

The system booted back up straight after this and worked for about a week (i.e. 2 or 3 restarts). MBAM did not find any threats after this.

But now the problem has returned (not that I can think of anything that would have triggered this), and this procedure now does not get rid of the BSOD.

Could you please advise how I might try to solve this? Many thanks for any help you can provide!

Below is the log file from the Farbar's Recovery Tool. Please let me know if I should prepare any other material.

(P.S. I should mention that the CI.dll from my installation disk was 372 kB compared to 374 kB for the one I found and renamed in /system32 ...)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 15 days old)
Ran by SYSTEM at 05-02-2013 17:21:22
Running from F:\
Windows Vista ™ Business Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [274944 2009-02-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [539456 2011-10-15] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1694016 2011-10-15] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [442536 2008-10-17] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)
HKU\Mark\...\Run: [Akamai NetSession Interface] "C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Mark\...\Run: [] [x]
HKU\Mark\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Mark\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [79136 2008-10-23] (Macrovision Corporation)
HKLM\...\RunOnce: [AvgRemover] C:\Mark\Installation\Antivirus\avg_remover_stf_x64_2013_2706.exe /run_number=4 /avgdir="C:\Program Files (x86)\AVG\AVG2013\" /avgdatadir="C:\ProgramData\AVG2013\" /ndis_nextstep=1 [3222280 2013-01-27] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: L
Tcpip\..\Interfaces\{368CD118-A257-49F2-BF67-92B571B3E0EF}: [NameServer]141.2.22.74,141.2.149.10
Tcpip\..\Interfaces\{515BA114-BFB5-4E84-97CF-7AA81F4C7D57}: [NameServer]141.2.22.74,141.2.149.10

==================== Services (Whitelisted) ===================

4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-11] (Akamai Technologies, Inc.)
3 alssvc64; "C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe" [569112 2008-06-03] (Dell Inc.)
2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [184656 2007-04-18] (Intel Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [331648 2011-03-09] (FileOpen Systems Inc.)
4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [688190 2005-08-25] (National Instruments, Inc.)
4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [45056 2005-10-11] (National Instruments, Inc.)
4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53248 2005-10-11] (National Instruments, Inc.)
4 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [5728 2005-10-03] (National Instruments Corporation)
4 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [204800 2005-10-11] (National Instruments, Inc.)
4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [913408 2005-09-02] (Macrovision Corporation)
4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [49152 2005-10-10] (National Instruments Corp.)
4 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [667648 2005-10-11] (National Instruments, Inc.)
4 NvcSvcMgr; "C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe" [615704 2009-05-04] (Nortel Networks)
2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-30] (arvato digital services llc)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)
4 Viewpoint Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)

==================== Drivers (Whitelisted) =====================

3 AsfAlrt; C:\Windows\System32\Drivers\AsfAlrt.sys [65872 2007-04-18] (Intel Corporation)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [7140 2005-06-10] ()
3 MSIRCOMM; C:\Windows\System32\Drivers\MSIRCOMM.sys [30208 2008-01-20] (Microsoft Corporation)
3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44040 2009-03-25] (Nortel Networks)
2 nvcwfpco; C:\Windows\System32\Drivers\nvcwfpco.sys [77832 2009-03-25] (Nortel Networks Corporation)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV64.sys [32240 2008-06-04] (Dell Inc)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-08-08] (Duplex Secure Ltd.)
3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-20] (SigmaTel, Inc.)
3 USBCCID; C:\Windows\System32\Drivers\USBCCID.sys [38400 2008-01-20] (Microsoft Corporation)
3 uxkx164; C:\Windows\System32\Drivers\uxkx164.sys [527872 2007-11-21] (DiBcom)
3 ALSysIO; \??\C:\Users\Mark\AppData\Local\Temp\ALSysIO64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-27 05:28 - 2013-01-27 05:38 - 00127320 ____A C:\Win-Files.txt
2013-01-26 20:08 - 2013-01-26 20:08 - 00000000 ____D C:\FRST
2013-01-26 09:24 - 2013-01-26 09:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 09:20 - 2013-01-26 09:20 - 00000000 ____D C:\Users\Mark\AppData\Local\Avg2013
2013-01-24 08:57 - 2013-02-01 06:47 - 00514174 ____A C:\Users\Mark\Desktop\New WinRAR ZIP archive.zip
2013-01-24 00:10 - 2013-01-24 00:10 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-19 04:44 - 2013-01-19 04:44 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-01-11 02:03 - 2013-01-11 02:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-09 12:18 - 2013-01-10 05:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-02-01 11:41 - 2009-12-31 08:39 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2013-02-01 11:41 - 2006-11-02 07:38 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-01 11:41 - 2006-11-02 07:38 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-01 11:41 - 2006-11-02 07:20 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-01 11:41 - 2006-11-02 07:20 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-01 11:40 - 2009-07-30 00:22 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-02-01 10:54 - 2009-08-05 09:21 - 00000000 ____D C:\Users\Mark\AppData\Roaming\GoodSync
2013-02-01 06:47 - 2013-01-24 08:57 - 00514174 ____A C:\Users\Mark\Desktop\New WinRAR ZIP archive.zip
2013-02-01 04:50 - 2012-12-30 02:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-01 02:22 - 2009-08-06 06:38 - 00011525 ____A C:\Users\Mark\gsview32.ini
2013-02-01 02:18 - 2009-08-04 09:00 - 00000000 ____D C:\Users\Mark\Documents\MATLAB
2013-01-31 12:34 - 2009-08-04 01:09 - 00133640 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-31 12:26 - 2009-08-04 09:34 - 00000400 ____A C:\Windows\ODBC.INI
2013-01-31 08:50 - 2012-06-08 08:02 - 00084642 ____A C:\Windows\FontData.fdb
2013-01-31 03:24 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
2013-01-30 10:11 - 2006-11-02 04:46 - 00829492 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-30 10:07 - 2012-12-22 02:46 - 00000470 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-01-28 00:48 - 2006-11-02 07:25 - 00187646 ____A C:\Windows\setupact.log
2013-01-27 23:23 - 2009-07-30 01:52 - 01783790 ____A C:\Windows\WindowsUpdate.log
2013-01-27 11:16 - 2012-12-25 09:54 - 00000000 ____D C:\Users\Mark\AppData\Roaming\AVG2013
2013-01-27 11:16 - 2011-11-03 00:32 - 00000000 ____D C:\Users\Mark\AppData\Local\Akamai
2013-01-27 11:16 - 2010-01-23 10:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Notepad++
2013-01-27 11:16 - 2009-08-19 15:08 - 00000000 ____D C:\Program Files (x86)\LEd
2013-01-27 11:16 - 2009-08-05 13:03 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Winamp
2013-01-27 11:16 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2013-01-27 11:16 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc
2013-01-27 11:16 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2013-01-27 11:16 - 2006-11-02 04:33 - 116129792 ____A C:\Windows\System32\config\software_previous
2013-01-27 11:13 - 2006-11-02 04:33 - 99090432 ____A C:\Windows\System32\config\system_previous
2013-01-27 11:10 - 2006-11-02 04:33 - 42467328 ____A C:\Windows\System32\config\components_previous
2013-01-27 11:10 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-01-27 08:27 - 2009-08-04 01:08 - 00000000 ____D C:\users\Mark
2013-01-27 05:38 - 2013-01-27 05:28 - 00127320 ____A C:\Win-Files.txt
2013-01-27 02:34 - 2006-11-02 07:20 - 03091152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-26 20:08 - 2013-01-26 20:08 - 00000000 ____D C:\FRST
2013-01-26 20:07 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-01-26 09:24 - 2013-01-26 09:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 09:20 - 2013-01-26 09:20 - 00000000 ____D C:\Users\Mark\AppData\Local\Avg2013
2013-01-24 12:25 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-01-24 01:55 - 2009-09-02 04:52 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-01-24 00:10 - 2013-01-24 00:10 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-24 00:10 - 2009-09-02 04:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-19 04:44 - 2013-01-19 04:44 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-01-17 13:39 - 2009-08-05 13:03 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-01-17 05:51 - 2009-08-06 08:21 - 00000000 ____D C:\Program Files (x86)\MathType
2013-01-12 10:03 - 2012-06-21 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-12 01:41 - 2012-12-25 09:47 - 00000874 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-01-11 02:03 - 2013-01-11 02:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-10 05:17 - 2013-01-09 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-19 11:25:33
Restore point made on: 2013-01-20 07:22:41
Restore point made on: 2013-01-21 00:38:50
Restore point made on: 2013-01-22 02:31:27
Restore point made on: 2013-01-23 03:47:36
Restore point made on: 2013-01-24 02:42:40
Restore point made on: 2013-01-25 03:27:50
Restore point made on: 2013-01-27 22:47:42
Restore point made on: 2013-01-29 02:01:09
Restore point made on: 2013-01-30 10:59:45
Restore point made on: 2013-01-31 05:14:45
Restore point made on: 2013-01-31 12:21:36
Restore point made on: 2013-01-31 12:33:43
Restore point made on: 2013-02-01 03:03:21

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4082.99 MB
Available physical RAM: 3268.41 MB
Total Pagefile: 3777.57 MB
Available Pagefile: 3238.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:230.69 GB) (Free:44.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:0.96 GB) NTFS
3 Drive e: (VISTA_SP1_BUSINESS) (CDROM) (Total:3.88 GB) (Free:0 GB) UDF
4 Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:3.71 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Disk ID: E8000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 204 MB 32 KB
Partition 2 Primary 2048 MB 204 MB
Partition 3 Primary 231 GB 2252 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 204 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 2048 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 231 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3824 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2013-01-30 10:15

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 07 February 2013 - 05:53 AM

Hi BlueScreenAddict,

Welcome to the forum and apologies for the delay.

In case you still need assistance please update me about the current condition of the computer. A FRST scan with the latest version of FRST and the steps you have taken since you started the topic would be great.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 07 February 2013 - 05:55 AM

Removed duplicate post.

Edited by Farbar, 07 February 2013 - 05:58 AM.


#4 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 07 February 2013 - 05:43 PM

Hi,

 

many thanks for your help. I haven't tried anything else with the computer since my post (holding on for a clean solution, plus I am out of ideas!).

 

Below is the FRST64.exe log file just now using the latest version.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 07-02-2013 23:02:23
Running from F:\
Windows Vista ™ Business  Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [274944 2009-02-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [539456 2011-10-15] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1694016 2011-10-15] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [442536 2008-10-17] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)
HKU\Mark\...\Run: [Akamai NetSession Interface] "C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Mark\...\Run: []  [x]
HKU\Mark\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKU\Mark\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [79136 2008-10-23] (Macrovision Corporation)
HKLM\...\RunOnce: [AvgRemover] C:\Mark\Installation\Antivirus\avg_remover_stf_x64_2013_2706.exe /run_number=4 /avgdir="C:\Program Files (x86)\AVG\AVG2013\" /avgdatadir="C:\ProgramData\AVG2013\" /ndis_nextstep=1 [3222280 2013-01-27] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: L
Tcpip\..\Interfaces\{368CD118-A257-49F2-BF67-92B571B3E0EF}: [NameServer]141.2.22.74,141.2.149.10
Tcpip\..\Interfaces\{515BA114-BFB5-4E84-97CF-7AA81F4C7D57}: [NameServer]141.2.22.74,141.2.149.10

==================== Services (Whitelisted) ===================

4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-11] (Akamai Technologies, Inc.)
3 alssvc64; "C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe" [569112 2008-06-03] (Dell Inc.)
2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [184656 2007-04-18] (Intel Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [331648 2011-03-09] (FileOpen Systems Inc.)
4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [688190 2005-08-25] (National Instruments, Inc.)
4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [45056 2005-10-11] (National Instruments, Inc.)
4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53248 2005-10-11] (National Instruments, Inc.)
4 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [5728 2005-10-03] (National Instruments Corporation)
4 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [204800 2005-10-11] (National Instruments, Inc.)
4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [913408 2005-09-02] (Macrovision Corporation)
4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [49152 2005-10-10] (National Instruments Corp.)
4 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [667648 2005-10-11] (National Instruments, Inc.)
4 NvcSvcMgr; "C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe" [615704 2009-05-04] (Nortel Networks)
2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-30] (arvato digital services llc)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)
4 Viewpoint Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)

==================== Drivers (Whitelisted) =====================

3 AsfAlrt; C:\Windows\System32\Drivers\AsfAlrt.sys [65872 2007-04-18] (Intel Corporation)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [7140 2005-06-10] ()
3 MSIRCOMM; C:\Windows\System32\Drivers\MSIRCOMM.sys [30208 2008-01-20] (Microsoft Corporation)
3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44040 2009-03-25] (Nortel Networks)
2 nvcwfpco; C:\Windows\System32\Drivers\nvcwfpco.sys [77832 2009-03-25] (Nortel Networks Corporation)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV64.sys [32240 2008-06-04] (Dell Inc)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-08-08] (Duplex Secure Ltd.)
3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-20] (SigmaTel, Inc.)
3 USBCCID; C:\Windows\System32\Drivers\USBCCID.sys [38400 2008-01-20] (Microsoft Corporation)
3 uxkx164; C:\Windows\System32\Drivers\uxkx164.sys [527872 2007-11-21] (DiBcom)
3 ALSysIO; \??\C:\Users\Mark\AppData\Local\Temp\ALSysIO64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-27 05:28 - 2013-01-27 05:38 - 00127320 ____A C:\Win-Files.txt
2013-01-26 20:08 - 2013-01-26 20:08 - 00000000 ____D C:\FRST
2013-01-26 09:24 - 2013-01-26 09:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 09:20 - 2013-01-26 09:20 - 00000000 ____D C:\Users\Mark\AppData\Local\Avg2013
2013-01-24 08:57 - 2013-02-01 06:47 - 00514174 ____A C:\Users\Mark\Desktop\New WinRAR ZIP archive.zip
2013-01-24 00:10 - 2013-01-24 00:10 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-19 04:44 - 2013-01-19 04:44 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-01-11 02:03 - 2013-01-11 02:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-09 12:18 - 2013-01-10 05:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-02-01 11:41 - 2009-12-31 08:39 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2013-02-01 11:41 - 2006-11-02 07:38 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-01 11:41 - 2006-11-02 07:38 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-01 11:41 - 2006-11-02 07:20 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-01 11:41 - 2006-11-02 07:20 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-01 11:40 - 2009-07-30 00:22 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-02-01 10:54 - 2009-08-05 09:21 - 00000000 ____D C:\Users\Mark\AppData\Roaming\GoodSync
2013-02-01 06:47 - 2013-01-24 08:57 - 00514174 ____A C:\Users\Mark\Desktop\New WinRAR ZIP archive.zip
2013-02-01 04:50 - 2012-12-30 02:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-01 02:22 - 2009-08-06 06:38 - 00011525 ____A C:\Users\Mark\gsview32.ini
2013-02-01 02:18 - 2009-08-04 09:00 - 00000000 ____D C:\Users\Mark\Documents\MATLAB
2013-01-31 12:34 - 2009-08-04 01:09 - 00133640 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-31 12:26 - 2009-08-04 09:34 - 00000400 ____A C:\Windows\ODBC.INI
2013-01-31 08:50 - 2012-06-08 08:02 - 00084642 ____A C:\Windows\FontData.fdb
2013-01-31 03:24 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
2013-01-30 10:11 - 2006-11-02 04:46 - 00829492 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-30 10:07 - 2012-12-22 02:46 - 00000470 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-01-28 00:48 - 2006-11-02 07:25 - 00187646 ____A C:\Windows\setupact.log
2013-01-27 23:23 - 2009-07-30 01:52 - 01783790 ____A C:\Windows\WindowsUpdate.log
2013-01-27 11:16 - 2012-12-25 09:54 - 00000000 ____D C:\Users\Mark\AppData\Roaming\AVG2013
2013-01-27 11:16 - 2011-11-03 00:32 - 00000000 ____D C:\Users\Mark\AppData\Local\Akamai
2013-01-27 11:16 - 2010-01-23 10:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Notepad++
2013-01-27 11:16 - 2009-08-19 15:08 - 00000000 ____D C:\Program Files (x86)\LEd
2013-01-27 11:16 - 2009-08-05 13:03 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Winamp
2013-01-27 11:16 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2013-01-27 11:16 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc
2013-01-27 11:16 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2013-01-27 11:16 - 2006-11-02 04:33 - 116129792 ____A C:\Windows\System32\config\software_previous
2013-01-27 11:13 - 2006-11-02 04:33 - 99090432 ____A C:\Windows\System32\config\system_previous
2013-01-27 11:10 - 2006-11-02 04:33 - 42467328 ____A C:\Windows\System32\config\components_previous
2013-01-27 11:10 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-01-27 08:27 - 2009-08-04 01:08 - 00000000 ____D C:\users\Mark
2013-01-27 05:38 - 2013-01-27 05:28 - 00127320 ____A C:\Win-Files.txt
2013-01-27 02:34 - 2006-11-02 07:20 - 03091152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-26 20:08 - 2013-01-26 20:08 - 00000000 ____D C:\FRST
2013-01-26 20:07 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-01-26 09:24 - 2013-01-26 09:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 09:20 - 2013-01-26 09:20 - 00000000 ____D C:\Users\Mark\AppData\Local\Avg2013
2013-01-24 12:25 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-01-24 01:55 - 2009-09-02 04:52 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-01-24 00:10 - 2013-01-24 00:10 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-24 00:10 - 2009-09-02 04:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-19 04:44 - 2013-01-19 04:44 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-01-17 13:39 - 2009-08-05 13:03 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-01-17 05:51 - 2009-08-06 08:21 - 00000000 ____D C:\Program Files (x86)\MathType
2013-01-12 10:03 - 2012-06-21 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-12 01:41 - 2012-12-25 09:47 - 00000874 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-01-11 02:03 - 2013-01-11 02:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-10 05:17 - 2013-01-09 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-01-19 11:25:33
Restore point made on: 2013-01-20 07:22:41
Restore point made on: 2013-01-21 00:38:50
Restore point made on: 2013-01-22 02:31:27
Restore point made on: 2013-01-23 03:47:36
Restore point made on: 2013-01-24 02:42:40
Restore point made on: 2013-01-25 03:27:50
Restore point made on: 2013-01-27 22:47:42
Restore point made on: 2013-01-29 02:01:09
Restore point made on: 2013-01-30 10:59:45
Restore point made on: 2013-01-31 05:14:45
Restore point made on: 2013-01-31 12:21:36
Restore point made on: 2013-01-31 12:33:43
Restore point made on: 2013-02-01 03:03:21

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4082.99 MB
Available physical RAM: 3269.04 MB
Total Pagefile: 3777.57 MB
Available Pagefile: 3240.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:230.69 GB) (Free:44.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:0.96 GB) NTFS
3 Drive e: (VISTA_SP1_BUSINESS) (CDROM) (Total:3.88 GB) (Free:0 GB) UDF
4 Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:3.71 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       233 GB      0 B         
  Disk 1    Online      3824 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: E8000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                204 MB    32 KB
  Partition 2    Primary           2048 MB   204 MB
  Partition 3    Primary            231 GB  2252 MB

==================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4                      FAT    Partition    204 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D   RECOVERY     NTFS   Partition   2048 MB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    231 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           3824 MB      0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2013-01-30 10:15

==================== End Of Log =============================

 

 



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 07 February 2013 - 06:18 PM

We will try to boot the computer by changing some settings and check other things from normal mode. Please note that even if the computer boots we are not done. When we find the source of the issue we are done and we will change back the settings that we are going to change in this fix.

 

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\RunOnce: [AvgRemover] C:\Mark\Installation\Antivirus\avg_remover_stf_x64_2013_2706.exe
AppInit_DLLs: L
nointegritychecks on:
end


Now please enter System Recovery Options and select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Also please restart, let it boot normally and tell me how it sent.

 

FYI: It is too late over here as I'm in another time zone. We will continue tomorrow.



#6 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 February 2013 - 06:22 AM

Dear Farbar,

 

I carried out that procedure.  The fixlog is pasted below. 

 

So, on the first attempt to boot normally, I got the same BSOD (CI.dll).

 

However, a second attempt directly after this successfully booted!

 

I restarted again directly after this: and got the BSOD again, and once more again.

 

Awaiting your further instructions....

 

P.S.  I just wanted to mention again that I had replaced the CI.dll with a copy from the installation disk earlier when I temporarily fixed the problem.  The fact that it was 2 kB smaller than the one that was there - which is backed up - seems to be related to a Windows update (one finds different previous versions of CI.dll in other Windows directories, apparently for backward compatibility).  Please let me know if I should revert back to the CI.dll that was in \system32 when the problem first began...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-08 12:11:03 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgRemover Value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Value was restored successfully .

The operation completed successfully.

==== End of Fixlog ====



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 08 February 2013 - 06:52 AM

I restarted again directly after this: and got the BSOD again, and once more again.

As I mentioned the fix was not meant to resoolve the issue, we need to remain in normal mode for troubleshooting. I understand you can't boot to normal mode any more?



#8 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 February 2013 - 09:15 AM

Hi,

 

yes, normal mode booting had the following results:

#1: BSOD

#2: started normally

#3: BSOD

#4: BSOD

 

But I just tried again, and it has booted this time!  So, I will leave the computer on awaiting your instructions.

 

Regards.



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 08 February 2013 - 09:42 AM

Well done. We will check a few things to make sure.

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 

 

 



#10 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 February 2013 - 09:50 AM

Hi,

 

just two Suspicious files, no restart

(for reference sake, this was also the result when I tried TDSSKiller some weeks ago).

 

Below is the log file contents from today's scan.  Many thanks! (P.S.  I'm here in Germany....)

 

15:45:46.0121 0012  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:45:46.0230 0012  ============================================================
15:45:46.0230 0012  Current date / time: 2013/02/08 15:45:46.0230
15:45:46.0230 0012  SystemInfo:
15:45:46.0230 0012  
15:45:46.0230 0012  OS Version: 6.0.6001 ServicePack: 1.0
15:45:46.0230 0012  Product type: Workstation
15:45:46.0230 0012  ComputerName: MACHINE
15:45:46.0230 0012  UserName: Mark
15:45:46.0230 0012  Windows directory: C:\Windows
15:45:46.0230 0012  System windows directory: C:\Windows
15:45:46.0230 0012  Running under WOW64
15:45:46.0230 0012  Processor architecture: Intel x64
15:45:46.0230 0012  Number of processors: 2
15:45:46.0230 0012  Page size: 0x1000
15:45:46.0230 0012  Boot type: Normal boot
15:45:46.0230 0012  ============================================================
15:45:46.0854 0012  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:46.0869 0012  Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:45:46.0869 0012  ============================================================
15:45:46.0869 0012  \Device\Harddisk0\DR0:
15:45:46.0869 0012  MBR partitions:
15:45:46.0869 0012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x66000, BlocksNum 0x400000
15:45:46.0869 0012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x466000, BlocksNum 0x1CD5F000
15:45:46.0869 0012  \Device\Harddisk1\DR1:
15:45:46.0869 0012  MBR partitions:
15:45:46.0869 0012  ============================================================
15:45:46.0932 0012  C: <-> \Device\Harddisk0\DR0\Partition2
15:45:46.0947 0012  D: <-> \Device\Harddisk0\DR0\Partition1
15:45:46.0947 0012  ============================================================
15:45:46.0947 0012  Initialize success
15:45:46.0947 0012  ============================================================
15:45:56.0401 3992  ============================================================
15:45:56.0401 3992  Scan started
15:45:56.0401 3992  Mode: Manual;
15:45:56.0401 3992  ============================================================
15:45:58.0616 3992  ================ Scan system memory ========================
15:45:58.0616 3992  System memory - ok
15:45:58.0616 3992  ================ Scan services =============================
15:45:59.0193 3992  [ AF3A1AA81F875169DD9E55B1320057D6 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:45:59.0193 3992  ACPI - ok
15:45:59.0271 3992  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
15:45:59.0271 3992  adfs - ok
15:45:59.0349 3992  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:45:59.0365 3992  adp94xx - ok
15:45:59.0396 3992  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:45:59.0412 3992  adpahci - ok
15:45:59.0443 3992  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:45:59.0521 3992  adpu160m - ok
15:45:59.0537 3992  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:45:59.0552 3992  adpu320 - ok
15:45:59.0677 3992  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:45:59.0693 3992  AeLookupSvc - ok
15:45:59.0942 3992  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe
15:45:59.0958 3992  AESTFilters - ok
15:46:00.0535 3992  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
15:46:00.0535 3992  Afc - ok
15:46:00.0675 3992  [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD             C:\Windows\system32\drivers\afd.sys
15:46:00.0691 3992  AFD - ok
15:46:00.0785 3992  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:46:00.0800 3992  agp440 - ok
15:46:00.0863 3992  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:46:00.0878 3992  aic78xx - ok
15:46:01.0580 3992  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
15:46:01.0580 3992  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
15:46:01.0596 3992  Akamai ( HiddenFile.Multi.Generic ) - warning
15:46:01.0596 3992  Akamai - detected HiddenFile.Multi.Generic (1)
15:46:01.0643 3992  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
15:46:01.0643 3992  ALG - ok
15:46:01.0721 3992  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:46:01.0721 3992  aliide - ok
15:46:01.0908 3992  [ B13EE0B122431F8EB41809B4A87B6E88 ] alssvc64        C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe
15:46:01.0939 3992  alssvc64 - ok
15:46:03.0858 3992  ALSysIO - ok
15:46:04.0029 3992  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
15:46:04.0029 3992  amdide - ok
15:46:04.0107 3992  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:46:04.0107 3992  AmdK8 - ok
15:46:04.0217 3992  [ 8C85C812569DF851E7A2159147323DFA ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
15:46:04.0217 3992  ApfiltrService - ok
15:46:04.0295 3992  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
15:46:04.0295 3992  Appinfo - ok
15:46:04.0482 3992  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:46:04.0497 3992  Apple Mobile Device - ok
15:46:04.0544 3992  [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:46:04.0544 3992  AppMgmt - ok
15:46:04.0560 3992  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
15:46:04.0560 3992  arc - ok
15:46:04.0591 3992  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:46:04.0591 3992  arcsas - ok
15:46:04.0685 3992  [ E54E530854D4C62C8EE1BEC798A8A2AD ] ASFAgent        C:\Program Files\Intel\ASF Agent\ASFAgent.exe
15:46:04.0685 3992  ASFAgent - ok
15:46:04.0778 3992  [ 456D2C85B143BE0FD5AB75724CD99ED8 ] AsfAlrt         C:\Windows\system32\Drivers\AsfAlrt.sys
15:46:04.0778 3992  AsfAlrt - ok
15:46:04.0997 3992  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:46:05.0028 3992  aspnet_state - ok
15:46:05.0075 3992  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:05.0090 3992  AsyncMac - ok
15:46:05.0168 3992  [ F988BB0690CD660318037908E9B8DBF7 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:46:05.0168 3992  atapi - ok
15:46:05.0262 3992  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:46:05.0293 3992  AudioEndpointBuilder - ok
15:46:05.0309 3992  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:46:05.0324 3992  AudioSrv - ok
15:46:05.0605 3992  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:46:05.0745 3992  AVGIDSAgent - ok
15:46:05.0792 3992  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:46:05.0792 3992  AVGIDSDriver - ok
15:46:05.0823 3992  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
15:46:05.0823 3992  AVGIDSHA - ok
15:46:05.0839 3992  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
15:46:05.0839 3992  Avgldx64 - ok
15:46:05.0933 3992  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
15:46:05.0933 3992  Avgloga - ok
15:46:05.0948 3992  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
15:46:05.0948 3992  Avgmfx64 - ok
15:46:05.0948 3992  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
15:46:05.0948 3992  Avgrkx64 - ok
15:46:05.0964 3992  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
15:46:05.0979 3992  Avgtdia - ok
15:46:06.0011 3992  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:46:06.0011 3992  avgwd - ok
15:46:06.0057 3992  [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE             C:\Windows\System32\bfe.dll
15:46:06.0073 3992  BFE - ok
15:46:06.0120 3992  [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS            C:\Windows\System32\qmgr.dll
15:46:06.0151 3992  BITS - ok
15:46:06.0167 3992  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:46:06.0182 3992  blbdrive - ok
15:46:06.0260 3992  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:46:06.0276 3992  Bonjour Service - ok
15:46:06.0307 3992  [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:46:06.0307 3992  bowser - ok
15:46:06.0369 3992  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:46:06.0369 3992  BrFiltLo - ok
15:46:06.0385 3992  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:46:06.0385 3992  BrFiltUp - ok
15:46:06.0401 3992  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
15:46:06.0401 3992  Browser - ok
15:46:06.0447 3992  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:46:06.0463 3992  Brserid - ok
15:46:06.0463 3992  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:46:06.0463 3992  BrSerWdm - ok
15:46:06.0494 3992  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:46:06.0494 3992  BrUsbMdm - ok
15:46:06.0494 3992  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:46:06.0510 3992  BrUsbSer - ok
15:46:06.0572 3992  [ 12B275FD8EA054A719D024D7017EB932 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:46:06.0572 3992  BthEnum - ok
15:46:06.0619 3992  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:46:06.0635 3992  BTHMODEM - ok
15:46:06.0650 3992  [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:46:06.0666 3992  BthPan - ok
15:46:06.0713 3992  [ 516CDDA5B7F6C6999DB7EB7425337A19 ] BthPort         C:\Windows\system32\Drivers\BTHport.sys
15:46:06.0713 3992  BthPort - ok
15:46:06.0728 3992  [ E53AA49695B7BD95808B7C6DA170A40E ] BthServ         C:\Windows\System32\bthserv.dll
15:46:06.0728 3992  BthServ - ok
15:46:06.0775 3992  [ 264CC52D69337CE5D12D13D71220B612 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:46:06.0775 3992  BTHUSB - ok
15:46:06.0837 3992  [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:46:06.0837 3992  btwaudio - ok
15:46:06.0900 3992  [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
15:46:06.0900 3992  btwavdt - ok
15:46:07.0118 3992  [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:46:07.0165 3992  btwdins - ok
15:46:07.0227 3992  [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:46:07.0227 3992  btwl2cap - ok
15:46:07.0305 3992  [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:46:07.0305 3992  btwrchid - ok
15:46:07.0321 3992  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:46:07.0321 3992  cdfs - ok
15:46:07.0383 3992  [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:46:07.0383 3992  cdrom - ok
15:46:07.0446 3992  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:46:07.0446 3992  CertPropSvc - ok
15:46:07.0477 3992  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:46:07.0477 3992  circlass - ok
15:46:07.0508 3992  [ 2C0F16506BCBC80097D58099BC6BE4C0 ] CISVC           C:\Windows\system32\CISVC.EXE
15:46:07.0508 3992  CISVC - ok
15:46:07.0539 3992  [ C12C4EE07843B595036DA0BAA6317936 ] CLFS            C:\Windows\system32\CLFS.sys
15:46:07.0539 3992  CLFS - ok
15:46:07.0695 3992  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:07.0742 3992  clr_optimization_v2.0.50727_32 - ok
15:46:07.0773 3992  [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:46:07.0789 3992  clr_optimization_v2.0.50727_64 - ok
15:46:07.0929 3992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:07.0945 3992  clr_optimization_v4.0.30319_32 - ok
15:46:08.0007 3992  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:46:08.0039 3992  clr_optimization_v4.0.30319_64 - ok
15:46:08.0101 3992  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:08.0101 3992  CmBatt - ok
15:46:08.0117 3992  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:46:08.0132 3992  cmdide - ok
15:46:08.0148 3992  [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:46:08.0148 3992  Compbatt - ok
15:46:08.0148 3992  COMSysApp - ok
15:46:08.0163 3992  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:46:08.0179 3992  crcdisk - ok
15:46:08.0382 3992  [ 8BFD7CF64F99C7AFCBE5EBF0DCF3843A ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
15:46:08.0413 3992  Credential Vault Host Control Service - ok
15:46:08.0444 3992  [ 1021F6695625D62F9D95E7A9E9BF88E6 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
15:46:08.0444 3992  Credential Vault Host Storage - ok
15:46:08.0507 3992  [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:46:08.0507 3992  CryptSvc - ok
15:46:08.0522 3992  [ A25E4DD707714DA07FE1FEBF1DC91D86 ] CSC             C:\Windows\system32\drivers\csc.sys
15:46:08.0522 3992  CSC - ok
15:46:08.0553 3992  [ 06AF83C429743F3B85F1224C50254BEF ] CscService      C:\Windows\System32\cscsvc.dll
15:46:08.0569 3992  CscService - ok
15:46:08.0600 3992  cvintdrv - ok
15:46:08.0647 3992  [ 12D89F98F31B03BBA0B91EC7C24061F3 ] cvusbdrv        C:\Windows\system32\Drivers\cvusbdrv.sys
15:46:08.0647 3992  cvusbdrv - ok
15:46:08.0694 3992  [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:46:08.0725 3992  DcomLaunch - ok
15:46:08.0787 3992  [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:46:08.0787 3992  DfsC - ok
15:46:08.0865 3992  [ 1781F99840979EE7B126C9073C377FD0 ] DFSR            C:\Windows\system32\DFSR.exe
15:46:08.0943 3992  DFSR - ok
15:46:09.0021 3992  [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:46:09.0037 3992  Dhcp - ok
15:46:09.0053 3992  [ 2DC415FC05FB8A079F896CBBACB19324 ] disk            C:\Windows\system32\drivers\disk.sys
15:46:09.0053 3992  disk - ok
15:46:09.0115 3992  [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:46:09.0115 3992  Dnscache - ok
15:46:09.0162 3992  [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:46:09.0177 3992  dot3svc - ok
15:46:09.0193 3992  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
15:46:09.0193 3992  DPS - ok
15:46:09.0209 3992  [ 97DC2A789C1BE458976507846A1A8CED ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:46:09.0209 3992  drmkaud - ok
15:46:09.0287 3992  [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:46:09.0287 3992  dsNcAdpt - ok
15:46:09.0443 3992  [ 0E08704523EACACE8B2790114CC828AA ] dsNcService     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
15:46:09.0505 3992  dsNcService - ok
15:46:09.0692 3992  [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:46:09.0770 3992  DXGKrnl - ok
15:46:09.0833 3992  [ 17D40652EF3E55EEAE187A89DF40965A ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
15:46:09.0848 3992  e1express - ok
15:46:09.0895 3992  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
15:46:09.0895 3992  E1G60 - ok
15:46:09.0942 3992  [ 0B62741AAFF6CBA12132D9614ABB7FDD ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
15:46:09.0957 3992  e1yexpress - ok
15:46:09.0989 3992  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
15:46:09.0989 3992  EapHost - ok
15:46:10.0020 3992  [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:46:10.0020 3992  Ecache - ok
15:46:10.0067 3992  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:46:10.0067 3992  elxstor - ok
15:46:10.0113 3992  [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:46:10.0113 3992  EMDMgmt - ok
15:46:10.0129 3992  [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:46:10.0129 3992  ErrDev - ok
15:46:10.0207 3992  [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem     C:\Windows\system32\es.dll
15:46:10.0207 3992  EventSystem - ok
15:46:10.0472 3992  [ 53019C0FFF2AD62A247781D14204CF49 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:46:10.0550 3992  EvtEng - ok
15:46:10.0581 3992  [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:46:10.0581 3992  exfat - ok
15:46:10.0597 3992  [ FE731D345ED9EEABBC72A59B35941834 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:46:10.0597 3992  fastfat - ok
15:46:10.0644 3992  [ 989A776A2FF32A148FCF15C44058B129 ] Fax             C:\Windows\system32\fxssvc.exe
15:46:10.0659 3992  Fax - ok
15:46:10.0706 3992  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:46:10.0722 3992  fdc - ok
15:46:10.0737 3992  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
15:46:10.0737 3992  fdPHost - ok
15:46:10.0753 3992  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
15:46:10.0753 3992  FDResPub - ok
15:46:10.0769 3992  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:46:10.0769 3992  FileInfo - ok
15:46:11.0003 3992  [ AD9D3401E1B0949DBC3E59871BC4422F ] FileOpenManagerSvc C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
15:46:11.0018 3992  FileOpenManagerSvc - ok
15:46:11.0049 3992  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:46:11.0049 3992  Filetrace - ok
15:46:11.0174 3992  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:46:11.0190 3992  FLEXnet Licensing Service - ok
15:46:11.0455 3992  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:46:11.0533 3992  FLEXnet Licensing Service 64 - ok
15:46:11.0564 3992  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:11.0580 3992  flpydisk - ok
15:46:11.0611 3992  [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:46:11.0611 3992  FltMgr - ok
15:46:11.0751 3992  [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:46:11.0751 3992  FontCache3.0.0.0 - ok
15:46:11.0783 3992  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:46:11.0783 3992  Fs_Rec - ok
15:46:11.0814 3992  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:46:11.0814 3992  gagp30kx - ok
15:46:11.0876 3992  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:11.0892 3992  GEARAspiWDM - ok
15:46:11.0923 3992  [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc           C:\Windows\System32\gpsvc.dll
15:46:11.0954 3992  gpsvc - ok
15:46:12.0141 3992  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:12.0157 3992  gupdate - ok
15:46:12.0219 3992  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:12.0219 3992  gupdatem - ok
15:46:12.0251 3992  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:12.0251 3992  HDAudBus - ok
15:46:12.0297 3992  [ C936F49F1DA1F4CC9EEBCD805ABC2BBA ] HECIx64         C:\Windows\system32\drivers\hecix64.sys
15:46:12.0297 3992  HECIx64 - ok
15:46:12.0329 3992  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:46:12.0329 3992  HidBth - ok
15:46:12.0344 3992  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:46:12.0360 3992  HidIr - ok
15:46:12.0422 3992  [ 77E34697087CFDBCFD9E0009704FB5AF ] hidserv         C:\Windows\system32\hidserv.dll
15:46:12.0422 3992  hidserv - ok
15:46:12.0453 3992  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:46:12.0469 3992  HidUsb - ok
15:46:12.0485 3992  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:46:12.0485 3992  hkmsvc - ok
15:46:12.0547 3992  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:46:12.0547 3992  HpCISSs - ok
15:46:12.0594 3992  [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:46:12.0625 3992  HTTP - ok
15:46:12.0656 3992  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:46:12.0656 3992  i2omp - ok
15:46:12.0734 3992  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:12.0734 3992  i8042prt - ok
15:46:12.0890 3992  [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:46:12.0937 3992  IAANTMON - ok
15:46:12.0999 3992  [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor          C:\Windows\system32\drivers\iastor.sys
15:46:12.0999 3992  iaStor - ok
15:46:13.0031 3992  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:46:13.0031 3992  iaStorV - ok
15:46:13.0155 3992  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:46:13.0171 3992  IDriverT - ok
15:46:13.0233 3992  [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:13.0249 3992  idsvc - ok
15:46:13.0343 3992  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:46:13.0343 3992  iirsp - ok
15:46:13.0421 3992  [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:46:13.0436 3992  IKEEXT - ok
15:46:13.0467 3992  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
15:46:13.0467 3992  intelide - ok
15:46:13.0530 3992  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:46:13.0530 3992  intelppm - ok
15:46:13.0545 3992  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:46:13.0545 3992  IPBusEnum - ok
15:46:13.0577 3992  [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:13.0577 3992  IpFilterDriver - ok
15:46:13.0655 3992  [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:46:13.0670 3992  iphlpsvc - ok
15:46:13.0670 3992  IpInIp - ok
15:46:13.0701 3992  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:46:13.0701 3992  IPMIDRV - ok
15:46:13.0717 3992  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:46:13.0717 3992  IPNAT - ok
15:46:13.0842 3992  [ D38469601B72D2DA4F847FC642174E21 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:46:13.0889 3992  iPod Service - ok
15:46:13.0951 3992  [ 86583188C7157FFDA249529423FC3E6F ] irda            C:\Windows\system32\DRIVERS\irda.sys
15:46:13.0951 3992  irda - ok
15:46:13.0967 3992  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:46:13.0967 3992  IRENUM - ok
15:46:14.0029 3992  [ B78AF3C5820C0AC3183549EF8C671E67 ] Irmon           C:\Windows\System32\irmon.dll
15:46:14.0045 3992  Irmon - ok
15:46:14.0091 3992  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:46:14.0091 3992  isapnp - ok
15:46:14.0123 3992  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:46:14.0123 3992  iScsiPrt - ok
15:46:14.0138 3992  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:46:14.0154 3992  iteatapi - ok
15:46:14.0201 3992  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:46:14.0201 3992  iteraid - ok
15:46:14.0216 3992  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:14.0232 3992  kbdclass - ok
15:46:14.0232 3992  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:46:14.0232 3992  kbdhid - ok
15:46:14.0263 3992  [ 80F4593E92FF960E4763380D3168E498 ] KeyIso          C:\Windows\system32\lsass.exe
15:46:14.0263 3992  KeyIso - ok
15:46:14.0310 3992  [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:46:14.0325 3992  KSecDD - ok
15:46:14.0388 3992  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:46:14.0388 3992  ksthunk - ok
15:46:14.0450 3992  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:46:14.0466 3992  KtmRm - ok
15:46:14.0497 3992  [ 6F212EDD7AAE8BD905C9E8824A34F8AE ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:46:14.0497 3992  LanmanServer - ok
15:46:14.0559 3992  [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:46:14.0575 3992  LanmanWorkstation - ok
15:46:14.0871 3992  [ 47A111A4DC0D67DA431DF9F91EE09682 ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
15:46:14.0918 3992  LkCitadelServer - ok
15:46:14.0949 3992  [ 93CD77EF951E426A2C36A33D750D9321 ] lkClassAds      C:\Windows\SysWOW64\lkads.exe
15:46:14.0949 3992  lkClassAds - ok
15:46:14.0965 3992  [ 9F616DF9EC606BA99323DAC363C4D414 ] lkTimeSync      C:\Windows\SysWOW64\lktsrv.exe
15:46:14.0965 3992  lkTimeSync - ok
15:46:14.0996 3992  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:46:14.0996 3992  lltdio - ok
15:46:15.0043 3992  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:46:15.0059 3992  lltdsvc - ok
15:46:15.0074 3992  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:46:15.0090 3992  lmhosts - ok
15:46:15.0121 3992  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:46:15.0121 3992  LSI_FC - ok
15:46:15.0152 3992  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:46:15.0152 3992  LSI_SAS - ok
15:46:15.0230 3992  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:46:15.0230 3992  LSI_SCSI - ok
15:46:15.0261 3992  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:46:15.0261 3992  luafv - ok
15:46:15.0308 3992  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
15:46:15.0308 3992  megasas - ok
15:46:15.0339 3992  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:46:15.0355 3992  MegaSR - ok
15:46:15.0386 3992  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
15:46:15.0402 3992  MMCSS - ok
15:46:15.0417 3992  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
15:46:15.0417 3992  Modem - ok
15:46:15.0433 3992  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:46:15.0449 3992  monitor - ok
15:46:15.0449 3992  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:46:15.0449 3992  mouclass - ok
15:46:15.0511 3992  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:46:15.0511 3992  mouhid - ok
15:46:15.0527 3992  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:46:15.0527 3992  MountMgr - ok
15:46:15.0636 3992  [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:46:15.0636 3992  MozillaMaintenance - ok
15:46:15.0683 3992  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:46:15.0683 3992  mpio - ok
15:46:15.0698 3992  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:46:15.0714 3992  mpsdrv - ok
15:46:15.0729 3992  [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:46:15.0745 3992  MpsSvc - ok
15:46:15.0776 3992  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:46:15.0776 3992  Mraid35x - ok
15:46:15.0792 3992  [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:46:15.0807 3992  MRxDAV - ok
15:46:15.0854 3992  [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:15.0854 3992  mrxsmb - ok
15:46:15.0885 3992  [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:15.0885 3992  mrxsmb10 - ok
15:46:15.0901 3992  [ F9425D610712533107A264E2D5B2154B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:15.0901 3992  mrxsmb20 - ok
15:46:15.0917 3992  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
15:46:15.0917 3992  msahci - ok
15:46:15.0948 3992  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:46:15.0948 3992  msdsm - ok
15:46:15.0963 3992  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
15:46:15.0963 3992  MSDTC - ok
15:46:15.0995 3992  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:46:15.0995 3992  Msfs - ok
15:46:16.0057 3992  [ 5B3EA9CB48A8F5E0296EF914EEA612F5 ] MSIRCOMM        C:\Windows\system32\DRIVERS\MSIRCOMM.sys
15:46:16.0057 3992  MSIRCOMM - ok
15:46:16.0104 3992  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:46:16.0104 3992  msisadrv - ok
15:46:16.0151 3992  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:46:16.0151 3992  MSiSCSI - ok
15:46:16.0151 3992  msiserver - ok
15:46:16.0229 3992  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:46:16.0229 3992  MSKSSRV - ok
15:46:16.0244 3992  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:16.0244 3992  MSPCLOCK - ok
15:46:16.0260 3992  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:46:16.0260 3992  MSPQM - ok
15:46:16.0291 3992  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:46:16.0307 3992  MsRPC - ok
15:46:16.0322 3992  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:16.0322 3992  mssmbios - ok
15:46:16.0463 3992  MSSQL$SQLEXPRESS - ok
15:46:16.0587 3992  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:46:16.0587 3992  MSSQLServerADHelper - ok
15:46:16.0634 3992  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:46:16.0634 3992  MSTEE - ok
15:46:16.0899 3992  [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90       C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
15:46:16.0977 3992  msvsmon90 - ok
15:46:17.0009 3992  [ DDF133501F68D6988A0F55DFA88637B4 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:46:17.0009 3992  Mup - ok
15:46:17.0133 3992  [ 028E3BE58A83E671A349F84704F80387 ] mxssvr          C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
15:46:17.0133 3992  mxssvr - ok
15:46:17.0165 3992  [ C25022CDD18980846973B598900915F8 ] napagent        C:\Windows\system32\qagentRT.dll
15:46:17.0165 3992  napagent - ok
15:46:17.0243 3992  [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:46:17.0243 3992  NativeWifiP - ok
15:46:17.0336 3992  [ F9A3AE5C9F047D71A36A99F9ABCA7D02 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:46:17.0352 3992  NDIS - ok
15:46:17.0367 3992  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:17.0367 3992  NdisTapi - ok
15:46:17.0367 3992  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:17.0367 3992  Ndisuio - ok
15:46:17.0383 3992  [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:17.0399 3992  NdisWan - ok
15:46:17.0414 3992  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:46:17.0414 3992  NDProxy - ok
15:46:17.0523 3992  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:46:17.0523 3992  Net Driver HPZ12 - ok
15:46:17.0539 3992  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:46:17.0539 3992  NetBIOS - ok
15:46:17.0555 3992  [ 7A29CA243A629230799754162D80120F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:46:17.0555 3992  netbt - ok
15:46:17.0570 3992  [ 80F4593E92FF960E4763380D3168E498 ] Netlogon        C:\Windows\system32\lsass.exe
15:46:17.0570 3992  Netlogon - ok
15:46:17.0601 3992  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
15:46:17.0601 3992  Netman - ok
15:46:17.0742 3992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:17.0742 3992  NetMsmqActivator - ok
15:46:17.0742 3992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:17.0757 3992  NetPipeActivator - ok
15:46:17.0773 3992  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
15:46:17.0789 3992  netprofm - ok
15:46:17.0789 3992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:17.0789 3992  NetTcpActivator - ok
15:46:17.0804 3992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:17.0804 3992  NetTcpPortSharing - ok
15:46:17.0960 3992  [ E7BA5725F872BBD257971DE29AC78A05 ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
15:46:18.0038 3992  NETw5v64 - ok
15:46:18.0085 3992  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:46:18.0085 3992  nfrd960 - ok
15:46:18.0179 3992  [ B60EB6D73C59436200A5B9AD8504A0BD ] NIDomainService C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
15:46:18.0179 3992  NIDomainService - ok
15:46:18.0288 3992  [ 7E0A2B37E28B70A3A11BA0670D6978FB ] NILM License Manager C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
15:46:18.0303 3992  NILM License Manager - ok
15:46:18.0319 3992  niSvcLoc - ok
15:46:18.0381 3992  [ 0DEC2CBAE0D5FBBCDBE80F9B8338A03D ] NITaggerService C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
15:46:18.0413 3992  NITaggerService - ok
15:46:18.0444 3992  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:46:18.0444 3992  NlaSvc - ok
15:46:18.0506 3992  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
15:46:18.0506 3992  nmwcd - ok
15:46:18.0569 3992  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
15:46:18.0569 3992  nmwcdc - ok
15:46:18.0600 3992  [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:46:18.0600 3992  nmwcdnsucx64 - ok
15:46:18.0693 3992  [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
15:46:18.0693 3992  nmwcdnsux64 - ok
15:46:18.0725 3992  [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:46:18.0725 3992  Npfs - ok
15:46:18.0740 3992  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
15:46:18.0740 3992  nsi - ok
15:46:18.0756 3992  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:46:18.0756 3992  nsiproxy - ok
15:46:18.0834 3992  [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:46:18.0943 3992  Ntfs - ok
15:46:19.0021 3992  [ 2492E06249B7284B74B87776CC14006C ] NT_NvcA         C:\Windows\system32\DRIVERS\ntnvca.sys
15:46:19.0021 3992  NT_NvcA - ok
15:46:19.0037 3992  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
15:46:19.0037 3992  Null - ok
15:46:19.0099 3992  [ DF5EE08B1231A4B595FA396BF1356CF4 ] NvcSvcMgr       C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
15:46:19.0099 3992  NvcSvcMgr - ok
15:46:19.0161 3992  [ FF6F2B2C7F06210A5D0648637DD1AFEE ] nvcwfpco        C:\Windows\system32\DRIVERS\nvcwfpco.sys
15:46:19.0161 3992  nvcwfpco - ok
15:46:19.0473 3992  [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:46:19.0692 3992  nvlddmkm - ok
15:46:19.0723 3992  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:46:19.0723 3992  nvraid - ok
15:46:19.0739 3992  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:46:19.0739 3992  nvstor - ok
15:46:19.0832 3992  [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:46:19.0863 3992  nvsvc - ok
15:46:19.0863 3992  NvtSp50 - ok
15:46:20.0019 3992  [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:46:20.0082 3992  nvUpdatusService - ok
15:46:20.0113 3992  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:46:20.0113 3992  nv_agp - ok
15:46:20.0113 3992  NwlnkFlt - ok
15:46:20.0129 3992  NwlnkFwd - ok
15:46:20.0207 3992  [ 404B0121AE1A75D9A63B6934EB07C258 ] OA001Ufd        C:\Windows\system32\DRIVERS\OA001Ufd.sys
15:46:20.0207 3992  OA001Ufd - ok
15:46:20.0222 3992  [ 4B69D156DB42B26425AB3B172FA50D92 ] OA001Vid        C:\Windows\system32\DRIVERS\OA001Vid.sys
15:46:20.0222 3992  OA001Vid - ok
15:46:20.0285 3992  [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:46:20.0285 3992  ohci1394 - ok
15:46:20.0363 3992  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:20.0363 3992  ose - ok
15:46:20.0565 3992  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:46:20.0659 3992  osppsvc - ok
15:46:20.0706 3992  [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:46:20.0737 3992  p2pimsvc - ok
15:46:20.0753 3992  [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc          C:\Windows\system32\p2psvc.dll
15:46:20.0753 3992  p2psvc - ok
15:46:20.0784 3992  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
15:46:20.0784 3992  Parport - ok
15:46:20.0815 3992  [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:46:20.0815 3992  partmgr - ok
15:46:20.0862 3992  [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV64.sys
15:46:20.0862 3992  PBADRV - ok
15:46:20.0877 3992  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:46:20.0877 3992  PcaSvc - ok
15:46:20.0955 3992  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:46:20.0955 3992  pccsmcfd - ok
15:46:20.0987 3992  [ 2A5B2A51559066EA84742909B5B2CD69 ] pci             C:\Windows\system32\drivers\pci.sys
15:46:20.0987 3992  pci - ok
15:46:21.0002 3992  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:46:21.0002 3992  pciide - ok
15:46:21.0033 3992  [ A2D6B9C3F532BAA27CB0C158D8EF4DA6 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:21.0033 3992  pcmcia - ok
15:46:21.0049 3992  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:46:21.0080 3992  PEAUTH - ok
15:46:21.0096 3992  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:46:21.0096 3992  PerfHost - ok
15:46:21.0143 3992  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
15:46:21.0174 3992  pla - ok
15:46:21.0205 3992  [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:46:21.0205 3992  PlugPlay - ok
15:46:21.0283 3992  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:46:21.0283 3992  Pml Driver HPZ12 - ok
15:46:21.0299 3992  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:46:21.0314 3992  PNRPAutoReg - ok
15:46:21.0345 3992  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:46:21.0345 3992  PNRPsvc - ok
15:46:21.0377 3992  [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:46:21.0392 3992  PolicyAgent - ok
15:46:21.0455 3992  [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:46:21.0455 3992  PptpMiniport - ok
15:46:21.0486 3992  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
15:46:21.0486 3992  Processor - ok
15:46:21.0548 3992  [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:46:21.0548 3992  ProfSvc - ok
15:46:21.0564 3992  [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:46:21.0564 3992  ProtectedStorage - ok
15:46:21.0595 3992  [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:46:21.0595 3992  PSched - ok
15:46:21.0657 3992  [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64   C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:46:21.0673 3992  PSI_SVC_2_x64 - ok
15:46:21.0735 3992  [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:46:21.0735 3992  PxHlpa64 - ok
15:46:21.0782 3992  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:46:21.0813 3992  ql2300 - ok
15:46:21.0845 3992  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:46:21.0845 3992  ql40xx - ok
15:46:21.0891 3992  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
15:46:21.0907 3992  QWAVE - ok
15:46:21.0938 3992  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:46:21.0938 3992  QWAVEdrv - ok
15:46:22.0047 3992  [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
15:46:22.0125 3992  R300 - ok
15:46:22.0157 3992  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:46:22.0172 3992  RasAcd - ok
15:46:22.0188 3992  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
15:46:22.0188 3992  RasAuto - ok
15:46:22.0203 3992  [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:22.0203 3992  Rasl2tp - ok
15:46:22.0219 3992  [ D0C346D7DF0DF9B4899631796F177D56 ] RasMan          C:\Windows\System32\rasmans.dll
15:46:22.0235 3992  RasMan - ok
15:46:22.0250 3992  [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:22.0250 3992  RasPppoe - ok
15:46:22.0328 3992  [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:46:22.0344 3992  RasSstp - ok
15:46:22.0359 3992  [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:46:22.0359 3992  rdbss - ok
15:46:22.0375 3992  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:22.0375 3992  RDPCDD - ok
15:46:22.0391 3992  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
15:46:22.0406 3992  rdpdr - ok
15:46:22.0406 3992  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:46:22.0406 3992  RDPENCDD - ok
15:46:22.0437 3992  [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:46:22.0437 3992  RDPWD - ok
15:46:22.0531 3992  [ 2162A8546A1E78E73B62E3D108B29E88 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:46:22.0547 3992  RegSrvc - ok
15:46:22.0609 3992  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:46:22.0609 3992  RemoteAccess - ok
15:46:22.0625 3992  [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:46:22.0625 3992  RemoteRegistry - ok
15:46:22.0687 3992  [ A5FD55B4CCD5307F71C2C246F56C4D4F ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:46:22.0687 3992  RFCOMM - ok
15:46:22.0718 3992  [ 2B7F3BF34DC6FCD9BAD85685BBA2BC36 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
15:46:22.0718 3992  rimmptsk - ok
15:46:22.0734 3992  [ ABF0D2EAE54A7F071A54BD2828C982CA ] rimspci         C:\Windows\system32\drivers\rimspe64.sys
15:46:22.0734 3992  rimspci - ok
15:46:22.0749 3992  [ 790575235FC54BC625BD5672C343F120 ] rimsptsk        C:\Windows\system32\drivers\rimspx64.sys
15:46:22.0749 3992  rimsptsk - ok
15:46:22.0765 3992  [ B6651B245FD28744399A7A686AD7AAAE ] risdpcie        C:\Windows\system32\drivers\risdpe64.sys
15:46:22.0781 3992  risdpcie - ok
15:46:22.0796 3992  [ E8802B3A28318B73314E55BB839D61F2 ] rismxdp         C:\Windows\system32\drivers\rixdpx64.sys
15:46:22.0796 3992  rismxdp - ok
15:46:22.0812 3992  [ E8ED37D472EB5211C0A34FD63A3971E9 ] rixdpcie        C:\Windows\system32\drivers\rixdpe64.sys
15:46:22.0812 3992  rixdpcie - ok
15:46:22.0827 3992  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
15:46:22.0843 3992  RpcLocator - ok
15:46:22.0874 3992  [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs           C:\Windows\system32\rpcss.dll
15:46:22.0874 3992  RpcSs - ok
15:46:22.0890 3992  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:46:22.0905 3992  rspndr - ok
15:46:22.0921 3992  [ 80F4593E92FF960E4763380D3168E498 ] SamSs           C:\Windows\system32\lsass.exe
15:46:22.0921 3992  SamSs - ok
15:46:22.0937 3992  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:46:22.0937 3992  sbp2port - ok
15:46:22.0999 3992  [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:46:22.0999 3992  SCardSvr - ok
15:46:23.0077 3992  [ CE75D26E0A1106129F4D156851E298ED ] Schedule        C:\Windows\system32\schedsvc.dll
15:46:23.0108 3992  Schedule - ok
15:46:23.0124 3992  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:46:23.0139 3992  SCPolicySvc - ok
15:46:23.0155 3992  [ FB30126D3E617C86CD8E8643792CA3CF ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:46:23.0155 3992  sdbus - ok
15:46:23.0171 3992  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:46:23.0171 3992  SDRSVC - ok
15:46:23.0295 3992  [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:46:23.0295 3992  SeaPort - ok
15:46:23.0311 3992  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:46:23.0311 3992  secdrv - ok
15:46:23.0327 3992  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
15:46:23.0327 3992  seclogon - ok
15:46:23.0342 3992  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
15:46:23.0342 3992  SENS - ok
15:46:23.0358 3992  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:46:23.0358 3992  Serenum - ok
15:46:23.0373 3992  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
15:46:23.0373 3992  Serial - ok
15:46:23.0389 3992  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:46:23.0405 3992  sermouse - ok
15:46:23.0529 3992  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:46:23.0545 3992  ServiceLayer - ok
15:46:23.0576 3992  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:46:23.0576 3992  SessionEnv - ok
15:46:23.0623 3992  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:46:23.0623 3992  sffdisk - ok
15:46:23.0654 3992  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:46:23.0654 3992  sffp_mmc - ok
15:46:23.0670 3992  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:46:23.0670 3992  sffp_sd - ok
15:46:23.0701 3992  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:46:23.0701 3992  sfloppy - ok
15:46:23.0732 3992  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:46:23.0732 3992  SharedAccess - ok
15:46:23.0810 3992  [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:46:23.0810 3992  ShellHWDetection - ok
15:46:23.0826 3992  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:46:23.0826 3992  SiSRaid2 - ok
15:46:23.0841 3992  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:46:23.0841 3992  SiSRaid4 - ok
15:46:23.0951 3992  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:46:23.0951 3992  SkypeUpdate - ok
15:46:23.0997 3992  [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc           C:\Windows\system32\SLsvc.exe
15:46:24.0044 3992  slsvc - ok
15:46:24.0060 3992  [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:46:24.0060 3992  SLUINotify - ok
15:46:24.0075 3992  [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:46:24.0075 3992  Smb - ok
15:46:24.0091 3992  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:46:24.0091 3992  SNMPTRAP - ok
15:46:24.0138 3992  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
15:46:24.0138 3992  speedfan - ok
15:46:24.0153 3992  [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:46:24.0153 3992  spldr - ok
15:46:24.0200 3992  [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler         C:\Windows\System32\spoolsv.exe
15:46:24.0216 3992  Spooler - ok
15:46:24.0309 3992  [ 88E5162E58C8919CC873F5D8946197CF ] sptd            C:\Windows\system32\Drivers\sptd.sys
15:46:24.0309 3992  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88E5162E58C8919CC873F5D8946197CF
15:46:24.0309 3992  sptd ( LockedFile.Multi.Generic ) - warning
15:46:24.0309 3992  sptd - detected LockedFile.Multi.Generic (1)
15:46:24.0481 3992  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:46:24.0497 3992  SQLBrowser - ok
15:46:24.0621 3992  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:46:24.0621 3992  SQLWriter - ok
15:46:24.0699 3992  [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:46:24.0715 3992  srv - ok
15:46:24.0731 3992  [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:46:24.0731 3992  srv2 - ok
15:46:24.0762 3992  [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:46:24.0762 3992  srvnet - ok
15:46:24.0793 3992  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:46:24.0793 3992  SSDPSRV - ok
15:46:24.0855 3992  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:46:24.0871 3992  SstpSvc - ok
15:46:24.0949 3992  [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService      C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
15:46:24.0965 3992  SSUService - ok
15:46:25.0074 3992  [ 64F41D5A4CDCF83D36BC16E52FE1EA92 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\STacSV64.exe
15:46:25.0074 3992  STacSV - ok
15:46:25.0214 3992  [ 9E1222C417291BC836210743624A8E5E ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:46:25.0214 3992  Stereo Service - ok
15:46:25.0245 3992  [ 7A0CEC55645E0817F70FB8708D93E669 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
15:46:25.0261 3992  STHDA - ok
15:46:25.0323 3992  [ 1A807A037503B285016E61100D04614A ] STIrUsb         C:\Windows\system32\DRIVERS\irstusb.sys
15:46:25.0323 3992  STIrUsb - ok
15:46:25.0370 3992  [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc          C:\Windows\System32\wiaservc.dll
15:46:25.0386 3992  stisvc - ok
15:46:25.0448 3992  [ E476C66713C842F58E61A95826ED1D57 ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:46:25.0448 3992  stllssvr - ok
15:46:25.0495 3992  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:46:25.0495 3992  swenum - ok
15:46:25.0526 3992  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv           C:\Windows\System32\swprv.dll
15:46:25.0542 3992  swprv - ok
15:46:25.0589 3992  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:46:25.0589 3992  Symc8xx - ok
15:46:25.0604 3992  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:46:25.0620 3992  Sym_hi - ok
15:46:25.0635 3992  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:46:25.0635 3992  Sym_u3 - ok
15:46:25.0682 3992  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain         C:\Windows\system32\sysmain.dll
15:46:25.0698 3992  SysMain - ok
15:46:25.0729 3992  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:46:25.0729 3992  TabletInputService - ok
15:46:25.0760 3992  [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:46:25.0760 3992  TapiSrv - ok
15:46:25.0776 3992  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
15:46:25.0776 3992  TBS - ok
15:46:25.0869 3992  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:46:25.0901 3992  Tcpip - ok
15:46:25.0932 3992  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:46:25.0947 3992  Tcpip6 - ok
15:46:25.0963 3992  [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:46:25.0963 3992  tcpipreg - ok
15:46:25.0994 3992  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:46:25.0994 3992  TDPIPE - ok
15:46:26.0010 3992  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:46:26.0010 3992  TDTCP - ok
15:46:26.0041 3992  [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:46:26.0041 3992  tdx - ok
15:46:26.0057 3992  [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:46:26.0057 3992  TermDD - ok
15:46:26.0088 3992  [ F870A5589D6A94B426EFB13689023946 ] TermService     C:\Windows\System32\termsrv.dll
15:46:26.0103 3992  TermService - ok
15:46:26.0119 3992  [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes          C:\Windows\system32\shsvcs.dll
15:46:26.0119 3992  Themes - ok
15:46:26.0150 3992  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:46:26.0150 3992  THREADORDER - ok
15:46:26.0181 3992  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
15:46:26.0181 3992  TrkWks - ok
15:46:26.0259 3992  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:46:26.0259 3992  TrustedInstaller - ok
15:46:26.0291 3992  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:26.0291 3992  tssecsrv - ok
15:46:26.0306 3992  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:46:26.0306 3992  tunmp - ok
15:46:26.0353 3992  [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:46:26.0353 3992  tunnel - ok
15:46:26.0369 3992  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:46:26.0369 3992  uagp35 - ok
15:46:26.0400 3992  [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:46:26.0400 3992  udfs - ok
15:46:26.0431 3992  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:46:26.0447 3992  UI0Detect - ok
15:46:26.0462 3992  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:46:26.0478 3992  uliagpkx - ok
15:46:26.0493 3992  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:46:26.0509 3992  uliahci - ok
15:46:26.0540 3992  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:46:26.0540 3992  UlSata - ok
15:46:26.0571 3992  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:46:26.0587 3992  ulsata2 - ok
15:46:26.0603 3992  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:46:26.0603 3992  umbus - ok
15:46:26.0618 3992  [ 658C50524E470516067708BABFB08738 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:46:26.0634 3992  UmRdpService - ok
15:46:26.0649 3992  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
15:46:26.0649 3992  upnphost - ok
15:46:26.0727 3992  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:46:26.0727 3992  upperdev - ok
15:46:26.0805 3992  [ AE3DEA342F01249317B2BB3DF0424238 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:26.0805 3992  usbccgp - ok
15:46:26.0821 3992  [ D5DB282587694F558CAEF8C3083D8766 ] USBCCID         C:\Windows\system32\DRIVERS\usbccid.sys
15:46:26.0821 3992  USBCCID - ok
15:46:26.0852 3992  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:46:26.0852 3992  usbcir - ok
15:46:26.0868 3992  [ B89F9FE9FC1E7C9CB03ACB8819EB511D ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:46:26.0868 3992  usbehci - ok
15:46:26.0883 3992  [ F2C1D8EFF9C7CF84FF0235408ACD3F4B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:46:26.0883 3992  usbhub - ok
15:46:26.0915 3992  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:46:26.0915 3992  usbohci - ok
15:46:26.0961 3992  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:46:26.0961 3992  usbprint - ok
15:46:27.0024 3992  [ 5A8D98330F21E69D19459ED65847111D ] usbser          C:\Windows\system32\drivers\usbser.sys
15:46:27.0024 3992  usbser - ok
15:46:27.0086 3992  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:46:27.0086 3992  UsbserFilt - ok
15:46:27.0133 3992  [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:27.0133 3992  USBSTOR - ok
15:46:27.0149 3992  [ 225E107785315874BA5C1ABC7DDA7BFC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:46:27.0149 3992  usbuhci - ok
15:46:27.0195 3992  [ CC2687848D9254B57178F46D710E966C ] uxkx164         C:\Windows\system32\DRIVERS\uxkx164.sys
15:46:27.0195 3992  uxkx164 - ok
15:46:27.0211 3992  [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms           C:\Windows\System32\uxsms.dll
15:46:27.0227 3992  UxSms - ok
15:46:27.0242 3992  [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds             C:\Windows\System32\vds.exe
15:46:27.0242 3992  vds - ok
15:46:27.0336 3992  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:27.0336 3992  vga - ok
15:46:27.0351 3992  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:46:27.0351 3992  VgaSave - ok
15:46:27.0367 3992  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
15:46:27.0367 3992  viaide - ok
15:46:27.0429 3992  [ 00A204BE7084B214605DB4D433C9A7E2 ] Viewpoint Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
15:46:27.0429 3992  Viewpoint Service - ok
15:46:27.0461 3992  [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:46:27.0461 3992  volmgr - ok
15:46:27.0476 3992  [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:46:27.0492 3992  volmgrx - ok
15:46:27.0570 3992  [ DE4307412D98050239026E56A7DFF3C0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:46:27.0648 3992  volsnap - ok
15:46:27.0679 3992  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:46:27.0695 3992  vsmraid - ok
15:46:27.0757 3992  [ 186BD53F8A408AD20F5A056C05678629 ] VSS             C:\Windows\system32\vssvc.exe
15:46:27.0773 3992  VSS - ok
15:46:27.0804 3992  [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time         C:\Windows\system32\w32time.dll
15:46:27.0804 3992  W32Time - ok
15:46:27.0835 3992  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:46:27.0835 3992  WacomPen - ok
15:46:27.0866 3992  [ AEA75207E443C8623C36B8D03596F84F ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:46:27.0866 3992  Wanarp - ok
15:46:27.0866 3992  [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:46:27.0866 3992  Wanarpv6 - ok
15:46:27.0897 3992  [ 54D1827975AFD9BC391343C357B9EA06 ] wbengine        C:\Windows\system32\wbengine.exe
15:46:27.0929 3992  wbengine - ok
15:46:27.0944 3992  [ 055449247C490E24B968B44FE8A969EB ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:46:27.0960 3992  wcncsvc - ok
15:46:27.0975 3992  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:46:27.0975 3992  WcsPlugInService - ok
15:46:28.0007 3992  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
15:46:28.0007 3992  Wd - ok
15:46:28.0053 3992  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:46:28.0085 3992  Wdf01000 - ok
15:46:28.0100 3992  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:46:28.0100 3992  WdiServiceHost - ok
15:46:28.0116 3992  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:46:28.0116 3992  WdiSystemHost - ok
15:46:28.0163 3992  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient       C:\Windows\System32\webclnt.dll
15:46:28.0163 3992  WebClient - ok
15:46:28.0209 3992  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:46:28.0209 3992  Wecsvc - ok
15:46:28.0225 3992  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:46:28.0225 3992  wercplsupport - ok
15:46:28.0241 3992  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
15:46:28.0256 3992  WerSvc - ok
15:46:28.0287 3992  WinDefend - ok
15:46:28.0287 3992  WinHttpAutoProxySvc - ok
15:46:28.0350 3992  [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:46:28.0365 3992  Winmgmt - ok
15:46:28.0397 3992  [ AEB6C5200FD5517F06076AF0EE4538E1 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:46:28.0428 3992  WinRM - ok
15:46:28.0475 3992  [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:46:28.0490 3992  Wlansvc - ok
15:46:28.0521 3992  [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:46:28.0521 3992  WmiAcpi - ok
15:46:28.0537 3992  [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:46:28.0537 3992  wmiApSrv - ok
15:46:28.0553 3992  WMPNetworkSvc - ok
15:46:28.0584 3992  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:46:28.0584 3992  WPDBusEnum - ok
15:46:28.0740 3992  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:46:28.0771 3992  WPFFontCache_v0400 - ok
15:46:28.0787 3992  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:46:28.0787 3992  ws2ifsl - ok
15:46:28.0818 3992  [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:46:28.0833 3992  wscsvc - ok
15:46:28.0833 3992  WSearch - ok
15:46:28.0927 3992  [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv        C:\Windows\system32\wuaueng.dll
15:46:28.0974 3992  wuauserv - ok
15:46:29.0005 3992  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:46:29.0005 3992  WudfPf - ok
15:46:29.0052 3992  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:29.0052 3992  WUDFRd - ok
15:46:29.0083 3992  [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:46:29.0083 3992  wudfsvc - ok
15:46:29.0130 3992  ================ Scan global ===============================
15:46:29.0161 3992  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:46:29.0255 3992  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
15:46:29.0270 3992  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
15:46:29.0301 3992  [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
15:46:29.0317 3992  [Global] - ok
15:46:29.0317 3992  ================ Scan MBR ==================================
15:46:29.0333 3992  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:46:29.0660 3992  \Device\Harddisk0\DR0 - ok
15:46:29.0676 3992  [ 7627480E9CCDE16386AC3CA1C47EDB6D ] \Device\Harddisk1\DR1
15:46:32.0172 3992  \Device\Harddisk1\DR1 - ok
15:46:32.0172 3992  ================ Scan VBR ==================================
15:46:32.0234 3992  [ 6B7C58263E09ADF3CF8F5599B8F4167D ] \Device\Harddisk0\DR0\Partition1
15:46:32.0234 3992  \Device\Harddisk0\DR0\Partition1 - ok
15:46:32.0234 3992  [ 165BB73C71AA31CF202343419A902E74 ] \Device\Harddisk0\DR0\Partition2
15:46:32.0234 3992  \Device\Harddisk0\DR0\Partition2 - ok
15:46:32.0234 3992  ============================================================
15:46:32.0234 3992  Scan finished
15:46:32.0234 3992  ============================================================
15:46:32.0250 0312  Detected object count: 2
15:46:32.0250 0312  Actual detected object count: 2
15:46:59.0035 0312  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:46:59.0035 0312  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:46:59.0035 0312  sptd ( LockedFile.Multi.Generic ) - skipped by user
15:46:59.0035 0312  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:47:04.0074 3324  Deinitialize success
 


Edited by BlueScreenAddict, 08 February 2013 - 09:51 AM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 08 February 2013 - 10:31 AM


 
 That looks good.

 

 

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    • List Minidump Files.
    • List Restore Points.
  • Download aswMBR.exe ( 511KB ) to your desktop.
    • Double click the aswMBR.exe to run it.
    • If it asks to install Avast click "No".
    • Click the "Scan" button.
    • On completion of the scan click Save log, save it to your desktop and post in your next reply.
    • Also the utility makes a file on your desktop named MBR.dat. Right click MBR.dat, select Send To =>Compressed (zipped) folder. Please attach the zipped file to your next reply.

 



#12 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 February 2013 - 10:55 AM

Hi,

 

so here's Result.txt from MiniToolBox:

 

MiniToolBox by Farbar  Version:10-01-2013
Ran by Mark (administrator) on 08-02-2013 at 16:51:37
Running from "C:\Mark\Installation\Windows utilities"
Windows Vista ™ Business Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2013 07:25:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (01/31/2013 07:25:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (01/30/2013 07:25:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (01/27/2013 11:33:56 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/26/2013 06:20:52 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed AVG 2013; Hr = 0x8007043c).

Error: (01/26/2013 06:20:51 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed AVG 2013; Hr = 0x8007043c).

Error: (01/26/2013 06:19:26 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed AVG 2013; Hr = 0x8007043c).

Error: (01/26/2013 06:18:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed AVG 2013; Hr = 0x8007043c).

Error: (01/26/2013 06:06:47 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/24/2013 09:09:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


System errors:
=============
Error: (02/08/2013 03:16:01 PM) (Source: Service Control Manager) (User: )
Description: Avgldx64

Error: (02/08/2013 03:15:59 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic Service Host

Error: (02/08/2013 03:14:37 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog3758161981 (0xE001003D)

Error: (02/08/2013 03:14:37 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213659 (0xE001CA1B)

Error: (02/08/2013 03:14:37 PM) (Source: Service Control Manager) (User: )
Description: cvintdrv%%1275

Error: (02/08/2013 03:14:33 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2013 03:14:27 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (02/08/2013 00:16:28 PM) (Source: Service Control Manager) (User: )
Description: Avgldx64

Error: (02/08/2013 00:16:28 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog3758161981 (0xE001003D)

Error: (02/08/2013 00:16:28 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213659 (0xE001CA1B)


Microsoft Office Sessions:
=========================
Error: (02/01/2013 07:25:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (01/31/2013 07:25:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (01/30/2013 07:25:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (01/27/2013 11:33:56 AM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/26/2013 06:20:52 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20130x8007043c

Error: (01/26/2013 06:20:51 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20130x8007043c

Error: (01/26/2013 06:19:26 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20130x8007043c

Error: (01/26/2013 06:18:40 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20130x8007043c

Error: (01/26/2013 06:06:47 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/24/2013 09:09:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


CodeIntegrity Errors:
===================================
  Date: 2013-01-26 18:19:23.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:23.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:21.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 18:19:21.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

3D XML Player (Version: 12.13.12076)
64 Bit HP CIO Components Installer (Version: 7.2.1)
ActivePerl 5.12.3 Build 1204 (64-bit) (Version: 5.12.1204)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe CSI CS4 x64 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Agent Ransack 2010 (64-bit)
Akamai NetSession Interface
Apple Mobile Device Support (Version: 3.4.1.2)
AVG 2013 (Version: 13.0.2639)
AVG 2013 (Version: 13.0.2890)
AVG 2013 (Version: 2013.0.2890)
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 2.0.5.0)
Broadcom USH Host Components 64 (Version: 1.7.208.6)
Canon iP4500 series
Core Temp 1.0 RC3 (Version: 1.0)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.0.707)
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)
CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.0.0.707)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0)
Dell Backup and Recovery Manager (Version: 1.3)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.102.101.216)
FileBox eXtender (Version: 2.0.4)
FileOpen Client (x64) (Version: 3.0.47.900)
Google Chrome (Version: 19.0.1084.52)
Integrated Webcam Driver (1.06.03.0309)   (Version: 1.06.03.0309)
Intel PROSet Wireless
Intel® Network Connections (Version: 13.0.0.0)
Intel® PRO Alerting Agent (Version: 12.0.3)
Intel® PROSet/Wireless WiFi API (Version: 12.01.2000)
Intel® PROSet/Wireless WiFi Driver (Version: 12.01.2000)
Intel® Matrix Storage Manager
ISO Recorder (Version: 3.1.0)
iTunes (Version: 10.3.1.55)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Juniper Networks Setup Client (Version: 2.1.4.7717)
MATLAB R2007b (Version: 7.5)
MediaInfo 0.7.61 (Version: 0.7.61)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008 (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft VC Redist 2008 (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Windows SDK .NET Framework Tools (Version: 6.1)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367) (Version: 6.1.367.18000)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
MiKTeX 2.9 (Version: 2.9)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
Nortel VPN Client (Version: 10.01.102)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA CUDA Toolkit v4.0 (64 bit) (Version: 4.00.1500.0000)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 136.02 (Version: 136.02)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
PC3D Viewer
PDF-Viewer (Version: 2.0.42.0)
Photoshop Camera Raw_x64 (Version: 5.0)
RedMon - Redirection Port Monitor
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR archiver

========================= Devices: ================================

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

19-01-2013 19:25:13 Scheduled Checkpoint
20-01-2013 15:22:35 Scheduled Checkpoint
21-01-2013 08:38:30 Scheduled Checkpoint
22-01-2013 10:31:07 Scheduled Checkpoint
23-01-2013 11:47:16 Scheduled Checkpoint
24-01-2013 10:42:19 Scheduled Checkpoint
25-01-2013 11:26:56 Scheduled Checkpoint
28-01-2013 06:47:23 Post rootkit 1
29-01-2013 10:00:49 Scheduled Checkpoint
30-01-2013 18:59:25 Scheduled Checkpoint
31-01-2013 13:13:48 Scheduled Checkpoint
31-01-2013 20:21:14 Configured Microsoft Office Standard 2010
31-01-2013 20:33:39 Configured Microsoft Office Standard 2010
01-02-2013 11:03:18 Scheduled Checkpoint
08-02-2013 15:29:53 Scheduled Checkpoint

**** End of log ****
 



#13 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 February 2013 - 10:58 AM

And here's the aswMBR log.  MBR.dat zipped in attachment.

Cheers again!

 

 

:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-08 16:52:20
-----------------------------
16:52:20.345    OS Version: Windows x64 6.0.6001 Service Pack 1
16:52:20.345    Number of processors: 2 586 0x170A
16:52:20.345    ComputerName: MACHINE  UserName: Mark
16:52:22.092    Initialize success
16:52:37.037    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:52:37.037    Disk 0 Vendor: ST925041 0002 Size: 238475MB BusType: 8
16:52:37.052    Disk 0 MBR read successfully
16:52:37.068    Disk 0 MBR scan
16:52:37.068    Disk 0 Windows VISTA default MBR code
16:52:37.083    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      203 MB offset 63
16:52:37.099    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         2048 MB offset 417792
16:52:37.115    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       236222 MB offset 4612096
16:52:37.161    Disk 0 scanning C:\Windows\system32\drivers
16:52:47.426    Service scanning
16:53:04.118    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:53:09.219    Modules scanning
16:53:09.235    Disk 0 trace - called modules:
16:53:09.282    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys spkn.sys hal.dll
16:53:09.297    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004821060]
16:53:09.313    3 CLASSPNP.SYS[fffffa6000baeb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800461d050]
16:53:09.329    Scan finished successfully
16:53:31.325    Disk 0 MBR has been saved successfully to "C:\Mark\Installation\Windows utilities\MBR.dat"
16:53:31.325    The log file has been saved successfully to "C:\Mark\Installation\Windows utilities\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   570bytes   1 downloads


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 AM

Posted 08 February 2013 - 11:40 AM

The MBR is clean. We see no sign of any serious malware and the issue doesn't look malware related.

 

There are a lot of errors related to AVG drivers. We will remove AVG to rule out its role in the issue.

 

Download and run the AVG Uninstaller.

 

Please let me know if it worked without the need to reboot.



#15 BlueScreenAddict

BlueScreenAddict
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 February 2013 - 12:07 PM

Hi,

 

the version of the AVGremover from that link (avgremover.exe) generates an error on my computer (DOS window: "...Wrong application platform. Use corresponding application version for 32 bit or 64 bit systems"...).

 

So I downloaded avg_remover_stf_x64_2013_2706.exe and ran this (I hope that this was okay).  After the "This will remove AVG computer" 'warning', I click Continue but not a lot seems to happen....

 

I still see the AVG2013 installation in Program Files (x86) folder (not really a full 64-bit application?).

It is also listed in the Windows installed Programs and Features list, but clicking Uninstall there also does not seem to start doing anything (watching it for a few minutes now...).

 

Looking forward to your next advice...

 

P.S.  Should I try and *reinstall* AVG 2013 over the existing (presumably damaged) version?


Edited by BlueScreenAddict, 08 February 2013 - 12:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users