Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A lot of BSOD


  • This topic is locked This topic is locked
15 replies to this topic

#1 Newuser12

Newuser12

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 27 July 2013 - 10:03 PM

Hello,

 

Since 27 May until now, 28 July, my computer had 45 BSOD.

(in BlueScreenView: DRIVER_IRQL_NOT_LESS_OR_EQUAL, code 0xD1, especially caused by driver intelppm.sys).

 

In April I used Combofix which deleted c:\windows\system32\URTTemp\regtlib.exe.

But after that my Windows XP SP2 still had many BSOD and I found no malware with MBAM Pro, SAS Pro, Trojan Remover, Emsisoft Emergency Kit, Norman Malware Cleaner.

 

Last summer I solved problem with siszyd32.exe in this forum with the help from Gringo.

I need help again.

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 01 August 2013 - 10:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502462 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 02 August 2013 - 05:10 AM

Hello,

Since 27 May until now, 2 August, my computer had 62 BSOD.

(in BlueScreenView 62 crashes: DRIVER_IRQL_NOT_LESS_OR_EQUAL, code 0xD1, especially caused by driver intelppm.sys and USBPORT.SYS).

In April I used Combofix which deleted c:\windows\system32\URTTemp\regtlib.exe.

But until now I found no malware with MBAM Pro, SAS Pro, Trojan Remover, Emsisoft Emergency Kit, Norman Malware Cleaner, Malwarebytes Anti-Rootkit, Combofix, etc.

On 20 July Avast found and deleted a rootkit. Then it appeared info from PC Tools Firewall Plus that "Some of the firewall initialization files have been tampered with by an external source. These files have been restored: Files Networks.ini and FWSettings.ini."

When I open the computer, my PC Tools Firewall Plus starts very hardly and always interrupts my network connection RDS, which starts again.  

Last summer I received help from Gringo to solve malware siszyd32.exe.

I need help again.

 

I don't have the original Windows CD but another one with Windows XP SP2.

 

 

This is DDS log: 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by adi at 12:20:39 on 2013-08-02
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1023.641 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ro/
uProxyOverride = local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\RDS.lnk - 
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-Explorer: NoCommonGroups = dword:0
uPolicies-Explorer: NoRecentDocsNetHood = dword:0
uPolicies-Explorer: NoChangeAnimation = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: NoSecCpl = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: AnVirDisabled - <Clsid value has no data>
Notify: AnVirDisabled - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\adi\application data\mozilla\firefox\profiles\39weealm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-02 03:37; feedly@devhd; c:\documents and settings\adi\application data\mozilla\firefox\profiles\39weealm.default\extensions\feedly@devhd.xpi
FF - ExtSQL: 2013-07-02 04:55; inoreadersearch@wacha.zoltan; c:\documents and settings\adi\application data\mozilla\firefox\profiles\39weealm.default\extensions\inoreadersearch@wacha.zoltan.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.prefetch-next - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-17 175176]
R0 ShredderVolumeDriver;Helper driver for shredding volume;c:\windows\system32\drivers\ShredderDriver32.sys [2011-7-28 65136]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-28 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-30 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-30 369584]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-5-5 31952]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-3-13 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-30 46808]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-3-13 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-3-13 818432]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-3-13 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-3-13 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-3-13 115216]
S1 2749258drv;2749258drv;c:\windows\system32\drivers\2749258drv.sys --> c:\windows\system32\drivers\2749258drv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-2 116608]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2011-7-14 16640]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-25 50208]
S3 gupdate1c987d58499b23e;Google Update Service (gupdate1c987d58499b23e);c:\program files\google\update\GoogleUpdate.exe [2010-5-11 136176]
S3 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-8-4 9216]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-29 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-2 22856]
S3 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 418376]
S3 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-2 701512]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\adi\locals~1\temp\mfe_rr.sys --> c:\docume~1\adi\locals~1\temp\mfe_rr.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
S3 UI Assistant Service;UI Assistant Service;c:\program files\join air\AssistantServices.exe [2010-8-4 246272]
S3 WiseBootAssistant;Wise Boot Assistant;c:\program files\wise\wise care 365\BootTime.exe [2013-5-17 580232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 06912180;06912180;c:\windows\system32\drivers\06912180.sys --> c:\windows\system32\drivers\06912180.sys [?]
S4 40567467;40567467;c:\windows\system32\drivers\40567467.sys --> c:\windows\system32\drivers\40567467.sys [?]
S4 5154868drv;5154868drv;c:\windows\system32\drivers\5154868drv.sys --> c:\windows\system32\drivers\5154868drv.sys [?]
S4 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S4 AvgArCln;Avg Anti-Rootkit Clean Driver; [x]
S4 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\immunetprotect.sys --> c:\windows\system32\drivers\ImmunetProtect.sys [?]
S4 PAC7311;VGA USB Camera; [x]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" 
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
.
=============== Created Last 30 ================
.
2013-08-02 09:16:05 -------- d-----w- c:\documents and settings\adi\application data\ZipGenius
2013-08-02 09:15:19 -------- d-----w- c:\program files\ZipGenius 6
2013-07-29 15:03:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-07-29 15:01:25 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-24 22:22:49 -------- d-----w- C:\EEK
2013-07-24 21:39:19 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-07-24 21:39:19 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-07-24 21:39:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-07-24 21:39:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-07-24 21:39:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-07-24 21:39:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-07-24 21:39:18 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-07-24 21:39:18 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-07-20 13:23:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-07-20 13:23:54 -------- d-----w- c:\windows\system32\wbem\Repository
2013-07-12 18:05:08 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-12 18:04:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-07-27 17:51:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-27 17:51:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-12 18:03:33 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-12 18:03:33 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-27 19:23:39 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:23:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-15 20:29:43 135464 ----a-w- c:\windows\system32\LnkProtect.dll
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 12:20:59.53 ===============
 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:38 PM

Posted 03 August 2013 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 

(in BlueScreenView 62 crashes: DRIVER_IRQL_NOT_LESS_OR_EQUAL, code 0xD1, especially caused by driver intelppm.sys and USBPORT.SYS).


It looks like one or both of the drivers are corrupted.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff560244(v=vs.85).aspx
===

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    intelppm.sys
    USBPORT.SYS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===

#5 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 August 2013 - 11:30 AM

Hello!

 

Thank you for your support.

 

This is SystemLook log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:23 on 03/08/2013 by adi
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "intelppm.sys"
C:\Documents and Settings\adi\Desktop\bluescreenview\intelppm.sys --a---- 36096 bytes [19:23 01/06/2013] [20:59 03/08/2004] 279FB78702454DFF2BB445F238C048D2
C:\Documents and Settings\adi\My Documents\My Drivers\Processor\acpi_genuineintel_-_x86\intelppm.sys --a---- 36096 bytes [06:43 13/03/2011] [20:59 03/08/2004] 279FB78702454DFF2BB445F238C048D2
C:\WINDOWS\ServicePackFiles\i386\intelppm.sys ------- 36096 bytes [11:05 20/02/2006] [20:59 03/08/2004] 279FB78702454DFF2BB445F238C048D2
C:\WINDOWS\system32\dllcache\intelppm.sys --a--c- 36096 bytes [11:06 20/02/2006] [20:59 03/08/2004] 279FB78702454DFF2BB445F238C048D2
C:\WINDOWS\system32\drivers\intelppm.sys --a---- 36096 bytes [11:06 20/02/2006] [20:59 03/08/2004] 279FB78702454DFF2BB445F238C048D2
 
Searching for "USBPORT.SYS"
C:\Documents and Settings\adi\My Documents\DOWNLOAD\2011 NOI StarterSetup\DRIVERE\double_driver_4.1.0_portable\Double Driver\Backup drivere ADISOR-Y8QK9EN9 3-13-2011 7-20-35 AM\USB\Standard Enhanced PCI to USB Host Controller\usbport.sys --a---- 142976 bytes [05:20 13/03/2011] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\Documents and Settings\adi\My Documents\DOWNLOAD\2011 NOI StarterSetup\DRIVERE\double_driver_4.1.0_portable\Double Driver\Backup drivere ADISOR-Y8QK9EN9 3-13-2011 7-20-35 AM\USB\VIA Rev 5 or later USB Universal Host Controller\usbport.sys --a---- 142976 bytes [05:20 13/03/2011] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\Documents and Settings\adi\My Documents\My Drivers\USB\pci_cc_0c0320\usbport.sys --a---- 142976 bytes [06:44 13/03/2011] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\Documents and Settings\adi\My Documents\My Drivers\USB\pci_ven_1106&dev_3038&cc_0c0300\usbport.sys --a---- 142976 bytes [06:44 13/03/2011] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\Documents and Settings\adi\My Documents\My Drivers\USB\usb_root_hub\usbport.sys --a---- 142976 bytes [06:45 13/03/2011] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\Documents and Settings\adi\My Documents\My Drivers\USB\usb_root_hub20\usbport.sys --a---- 142976 bytes [06:45 13/03/2011] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\WINDOWS\ServicePackFiles\i386\usbport.sys ------- 142976 bytes [11:04 20/02/2006] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\WINDOWS\system32\dllcache\usbport.sys --a--c- 142976 bytes [22:32 28/08/2002] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
C:\WINDOWS\system32\drivers\usbport.sys --a---- 142976 bytes [22:32 28/08/2002] [21:08 03/08/2004] 2034CA78F9C6E787B4B76D81AC888351
 
-= EOF =-

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:38 PM

Posted 03 August 2013 - 01:13 PM

Both files are the same.

We will register the file again.

Open the DOS prompt (type CMD in the run box and hit the OK button)

Execute this

regsvr32 C:\WINDOWS\system32\drivers\intelppm.sys
Hit the enter key.

Then

regsvr32 C:\WINDOWS\system32\drivers\usbport.sys
Hit the enter key.

If you get a message that there is no entry point on both then type EXIT to return to explorer.
===

If that fails to stop the BSOD

Update your Intel drivers.

Instructions on this page.
http://www.driverupdate.net/articles/dl/intel-drivers?aps=mainsplit_download

Keep me posted.

#7 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 August 2013 - 06:09 PM

Hello,

 

I made what you said but without any result (see attachements sys1 and sys2). 

Not only intelppm.sys and usbport.sys are the cause of BSOD, but many other drivers (see BlueScreenView.jpg)

I think the problem is to find and delete the rootkit, not to update my Intel drivers.

Attached File  sys1.JPG   18.84KB   1 downloadsAttached File  sys2.JPG   14.58KB   1 downloadsAttached File  BlueScreenView.JPG   280.84KB   1 downloads



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:38 PM

Posted 04 August 2013 - 07:32 AM


Run this tools.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#9 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 August 2013 - 07:53 PM

Hello,

 

Sunday I had many troubles with aswMBR.exe (4.52 MB): the download was very slow (45 minutes).

After scanning 20 minutes, the aswMBR.exe was interrupted when it arrived to my folder Downloads. The writing color of the scan became yellow and aswMBR was suddenly closed.

I began to delete the content of suspicious folders but I had to repeat the scan 4 times to get finally an aswMBR log.

On 4 august there were another 3 BSOD and I decided to uninstall 7 programs installed in 2013 and to make registry cleaning. After that I ran again TDSS Killer.

That is why it took me many hours to send you my reply.   

 

Here is the TDSS Killer log:

 

02:21:36.0421 2964  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

02:21:36.0843 2964  ============================================================

02:21:36.0843 2964  Current date / time: 2013/08/05 02:21:36.0843

02:21:36.0843 2964  SystemInfo:

02:21:36.0843 2964 

02:21:36.0843 2964  OS Version: 5.1.2600 ServicePack: 2.0

02:21:36.0843 2964  Product type: Workstation

02:21:36.0843 2964  ComputerName: ADISOR-Y8QK9EN9

02:21:36.0843 2964  UserName: adi

02:21:36.0843 2964  Windows directory: C:\WINDOWS

02:21:36.0843 2964  System windows directory: C:\WINDOWS

02:21:36.0843 2964  Processor architecture: Intel x86

02:21:36.0843 2964  Number of processors: 1

02:21:36.0843 2964  Page size: 0x1000

02:21:36.0843 2964  Boot type: Normal boot

02:21:36.0843 2964  ============================================================

02:21:39.0093 2964  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

02:21:39.0093 2964  ============================================================

02:21:39.0093 2964  \Device\Harddisk0\DR0:

02:21:39.0093 2964  MBR partitions:

02:21:39.0093 2964  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

02:21:39.0093 2964  ============================================================

02:21:39.0125 2964  C: <-> \Device\Harddisk0\DR0\Partition1

02:21:39.0125 2964  ============================================================

02:21:39.0125 2964  Initialize success

02:21:39.0125 2964  ============================================================

02:21:47.0843 2976  ============================================================

02:21:47.0843 2976  Scan started

02:21:47.0843 2976  Mode: Manual; SigCheck; TDLFS;

02:21:47.0843 2976  ============================================================

02:21:50.0078 2976  ================ Scan system memory ========================

02:21:50.0078 2976  System memory - ok

02:21:50.0078 2976  ================ Scan services =============================

02:21:50.0203 2976  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

02:21:50.0562 2976  !SASCORE ( UnsignedFile.Multi.Generic ) - warning

02:21:50.0562 2976  !SASCORE - detected UnsignedFile.Multi.Generic (1)

02:21:50.0859 2976  06912180 - ok

02:21:50.0875 2976  2749258drv - ok

02:21:50.0890 2976  40567467 - ok

02:21:50.0906 2976  5154868drv - ok

02:21:50.0921 2976  Abiosdsk - ok

02:21:50.0937 2976  abp480n5 - ok

02:21:51.0156 2976  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

02:21:51.0421 2976  ACPI - ok

02:21:51.0468 2976  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

02:21:51.0625 2976  ACPIEC - ok

02:21:51.0765 2976  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

02:21:51.0875 2976  AdobeFlashPlayerUpdateSvc - ok

02:21:51.0875 2976  adpu160m - ok

02:21:52.0062 2976  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys

02:21:52.0296 2976  aec - ok

02:21:52.0375 2976  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys

02:21:52.0468 2976  AFD - ok

02:21:52.0484 2976  Aha154x - ok

02:21:52.0500 2976  aic78u2 - ok

02:21:52.0515 2976  aic78xx - ok

02:21:52.0562 2976  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

02:21:52.0734 2976  Alerter - ok

02:21:52.0765 2976  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe

02:21:52.0875 2976  ALG - ok

02:21:52.0890 2976  AliIde - ok

02:21:52.0906 2976  amsint - ok

02:21:52.0968 2976  [ 85ECE26F326C2D07BA77A60343468272 ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys

02:21:53.0109 2976  Apowersoft_AudioDevice ( UnsignedFile.Multi.Generic ) - warning

02:21:53.0109 2976  Apowersoft_AudioDevice - detected UnsignedFile.Multi.Generic (1)

02:21:53.0187 2976  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

02:21:53.0343 2976  AppMgmt - ok

02:21:53.0375 2976  asc - ok

02:21:53.0390 2976  asc3350p - ok

02:21:53.0406 2976  asc3550 - ok

02:21:53.0546 2976  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

02:21:53.0625 2976  aspnet_state - ok

02:21:53.0687 2976  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys

02:21:53.0765 2976  aswFsBlk - ok

02:21:53.0828 2976  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys

02:21:53.0859 2976  aswMonFlt - ok

02:21:53.0921 2976  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys

02:21:54.0062 2976  AswRdr - ok

02:21:54.0093 2976  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys

02:21:54.0140 2976  aswRvrt - ok

02:21:54.0421 2976  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys

02:21:54.0875 2976  aswSnx - ok

02:21:55.0140 2976  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys

02:21:55.0359 2976  aswSP - ok

02:21:55.0390 2976  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys

02:21:55.0437 2976  aswTdi - ok

02:21:55.0515 2976  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys

02:21:55.0593 2976  aswVmm - ok

02:21:55.0625 2976  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

02:21:55.0796 2976  AsyncMac - ok

02:21:55.0859 2976  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

02:21:56.0171 2976  atapi - ok

02:21:56.0187 2976  Atdisk - ok

02:21:56.0343 2976  [ 5CCA7DF290D82D1048F217E3C6272384 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

02:21:56.0578 2976  Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning

02:21:56.0578 2976  Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)

02:21:56.0765 2976  [ 4EC3786956F3BEE0A96C65094CBA64D1 ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe

02:21:57.0156 2976  ATI Smart ( UnsignedFile.Multi.Generic ) - warning

02:21:57.0156 2976  ATI Smart - detected UnsignedFile.Multi.Generic (1)

02:21:57.0437 2976  [ 8759322FFC1A50569C1E5528EE8026B7 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

02:21:58.0156 2976  ati2mtag - ok

02:21:58.0218 2976  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

02:21:58.0437 2976  Atmarpc - ok

02:21:58.0468 2976  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

02:21:58.0671 2976  AudioSrv - ok

02:21:58.0703 2976  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

02:21:58.0890 2976  audstub - ok

02:21:59.0078 2976  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

02:21:59.0125 2976  avast! Antivirus - ok

02:21:59.0140 2976  AVG Anti-Rootkit - ok

02:21:59.0156 2976  AvgArCln - ok

02:21:59.0203 2976  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

02:21:59.0390 2976  Beep - ok

02:21:59.0546 2976  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll

02:22:00.0062 2976  BITS - ok

02:22:00.0125 2976  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll

02:22:00.0375 2976  Browser - ok

02:22:00.0406 2976  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

02:22:00.0593 2976  cbidf2k - ok

02:22:00.0625 2976  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

02:22:00.0828 2976  CCDECODE - ok

02:22:00.0843 2976  cd20xrnt - ok

02:22:00.0890 2976  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

02:22:01.0203 2976  Cdaudio - ok

02:22:01.0250 2976  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

02:22:01.0468 2976  Cdfs - ok

02:22:01.0531 2976  [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

02:22:01.0593 2976  Cdrom - ok

02:22:01.0609 2976  Changer - ok

02:22:01.0656 2976  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe

02:22:01.0859 2976  CiSvc - ok

02:22:01.0968 2976  [ 333A88E0227007E2E0677A92057A6D90 ] cleanhlp        C:\EEK\Run\cleanhlp32.sys

02:22:02.0125 2976  cleanhlp - ok

02:22:02.0171 2976  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

02:22:02.0390 2976  ClipSrv - ok

02:22:02.0437 2976  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:22:02.0515 2976  clr_optimization_v2.0.50727_32 - ok

02:22:02.0640 2976  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:22:02.0718 2976  clr_optimization_v4.0.30319_32 - ok

02:22:02.0718 2976  CmdIde - ok

02:22:03.0296 2976  [ E5ADEEF2C0DB43964223F408F1FCC97E ] cmuda           C:\WINDOWS\system32\drivers\cmuda.sys

02:22:04.0234 2976  cmuda - ok

02:22:04.0250 2976  COMSysApp - ok

02:22:04.0281 2976  Cpqarray - ok

02:22:04.0343 2976  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

02:22:04.0546 2976  CryptSvc - ok

02:22:04.0562 2976  dac2w2k - ok

02:22:04.0578 2976  dac960nt - ok

02:22:04.0734 2976  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

02:22:05.0125 2976  DcomLaunch - ok

02:22:05.0203 2976  [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

02:22:05.0375 2976  Dhcp - ok

02:22:05.0406 2976  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

02:22:05.0609 2976  Disk - ok

02:22:05.0625 2976  dmadmin - ok

02:22:05.0921 2976  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

02:22:06.0703 2976  dmboot - ok

02:22:06.0765 2976  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

02:22:07.0125 2976  dmio - ok

02:22:07.0171 2976  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

02:22:07.0375 2976  dmload - ok

02:22:07.0406 2976  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll

02:22:07.0593 2976  dmserver - ok

02:22:07.0656 2976  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

02:22:07.0843 2976  DMusic - ok

02:22:07.0906 2976  [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

02:22:07.0953 2976  Dnscache - ok

02:22:07.0968 2976  dpti2o - ok

02:22:08.0109 2976  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

02:22:08.0312 2976  drmkaud - ok

02:22:08.0343 2976  [ E41F6AC72E597E5F87B4A9AB0D8AB8BC ] EIO             C:\WINDOWS\system32\drivers\EIO.sys

02:22:08.0359 2976  EIO ( UnsignedFile.Multi.Generic ) - warning

02:22:08.0359 2976  EIO - detected UnsignedFile.Multi.Generic (1)

02:22:08.0375 2976  EntDrv51 - ok

02:22:08.0437 2976  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll

02:22:08.0609 2976  ERSvc - ok

02:22:08.0671 2976  [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog        C:\WINDOWS\system32\services.exe

02:22:08.0750 2976  Eventlog - ok

02:22:08.0890 2976  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\System32\es.dll

02:22:09.0093 2976  EventSystem - ok

02:22:09.0187 2976  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

02:22:09.0453 2976  Fastfat - ok

02:22:09.0515 2976  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

02:22:09.0609 2976  FastUserSwitchingCompatibility - ok

02:22:09.0640 2976  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys

02:22:09.0828 2976  Fdc - ok

02:22:09.0875 2976  [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS         C:\WINDOWS\system32\DRIVERS\fetnd5.sys

02:22:10.0187 2976  FETNDIS - ok

02:22:10.0234 2976  [ B7186B33B6CF3A23841015531E6E7D68 ] FETNDISB        C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

02:22:10.0312 2976  FETNDISB - ok

02:22:10.0359 2976  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

02:22:10.0562 2976  Fips - ok

02:22:10.0593 2976  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys

02:22:10.0781 2976  Flpydisk - ok

02:22:10.0859 2976  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys

02:22:11.0093 2976  FltMgr - ok

02:22:11.0171 2976  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

02:22:11.0203 2976  FontCache3.0.0.0 - ok

02:22:11.0234 2976  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

02:22:11.0437 2976  Fs_Rec - ok

02:22:11.0515 2976  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

02:22:11.0734 2976  Ftdisk - ok

02:22:11.0750 2976  getPlusHelper - ok

02:22:11.0796 2976  [ 52ADA45F60D6382C9B3C52826CDB9D26 ] ggsemc          C:\WINDOWS\system32\DRIVERS\ggsemc.sys

02:22:11.0812 2976  ggsemc ( UnsignedFile.Multi.Generic ) - warning

02:22:11.0812 2976  ggsemc - detected UnsignedFile.Multi.Generic (1)

02:22:11.0859 2976  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

02:22:12.0171 2976  Gpc - ok

02:22:12.0265 2976  [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c987d58499b23e C:\Program Files\Google\Update\GoogleUpdate.exe

02:22:12.0328 2976  gupdate1c987d58499b23e - ok

02:22:12.0375 2976  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

02:22:12.0406 2976  gupdatem - ok

02:22:12.0484 2976  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

02:22:12.0546 2976  gusvc - ok

02:22:12.0625 2976  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

02:22:12.0812 2976  helpsvc - ok

02:22:12.0828 2976  HidServ - ok

02:22:12.0875 2976  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

02:22:13.0171 2976  HidUsb - ok

02:22:13.0187 2976  hpn - ok

02:22:13.0312 2976  [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

02:22:13.0562 2976  HSFHWBS2 - ok

02:22:13.0921 2976  [ EBB354438A4C5A3327FB97306260714A ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

02:22:14.0906 2976  HSF_DP - ok

02:22:15.0156 2976  [ CB77BB47E67E84DEB17BA29632501730 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

02:22:15.0359 2976  HTTP - ok

02:22:15.0406 2976  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

02:22:15.0578 2976  HTTPFilter - ok

02:22:15.0593 2976  i2omgmt - ok

02:22:15.0609 2976  i2omp - ok

02:22:15.0656 2976  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

02:22:15.0828 2976  i8042prt - ok

02:22:15.0921 2976  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

02:22:16.0000 2976  IDriverT ( UnsignedFile.Multi.Generic ) - warning

02:22:16.0000 2976  IDriverT - detected UnsignedFile.Multi.Generic (1)

02:22:16.0468 2976  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

02:22:17.0156 2976  idsvc - ok

02:22:17.0234 2976  [ 74B9FA2AFAF60B7F4E2A952E77B9DC6C ] IISADMIN        C:\WINDOWS\system32\inetsrv\inetinfo.exe

02:22:17.0343 2976  IISADMIN - ok

02:22:17.0375 2976  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

02:22:17.0546 2976  Imapi - ok

02:22:17.0640 2976  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe

02:22:17.0859 2976  ImapiService - ok

02:22:17.0875 2976  ImmunetProtectDriver - ok

02:22:17.0921 2976  [ D7C401435ECA9F5FEAF82894A99BB85E ] ImmunetSelfProtectDriver C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys

02:22:17.0953 2976  ImmunetSelfProtectDriver - ok

02:22:18.0000 2976  ini910u - ok

02:22:18.0093 2976  IntelIde - ok

02:22:18.0156 2976  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

02:22:18.0343 2976  intelppm - ok

02:22:18.0406 2976  [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys

02:22:18.0562 2976  ip6fw - ok

02:22:18.0625 2976  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

02:22:18.0781 2976  IpFilterDriver - ok

02:22:18.0828 2976  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

02:22:19.0125 2976  IpInIp - ok

02:22:19.0203 2976  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

02:22:19.0328 2976  IpNat - ok

02:22:19.0359 2976  [ 14522C1499B146E016359EF216BDDB78 ] Iprip           C:\WINDOWS\System32\iprip.dll

02:22:19.0531 2976  Iprip - ok

02:22:19.0593 2976  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

02:22:19.0765 2976  IPSec - ok

02:22:19.0812 2976  [ 86C204836FEEC22510D434982D4221B8 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys

02:22:19.0937 2976  irda - ok

02:22:19.0968 2976  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

02:22:20.0187 2976  IRENUM - ok

02:22:20.0234 2976  [ A02512C315C84F475BD89F847048B27B ] Irmon           C:\WINDOWS\System32\irmon.dll

02:22:20.0359 2976  Irmon - ok

02:22:20.0375 2976  [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir           C:\WINDOWS\system32\DRIVERS\irsir.sys

02:22:20.0468 2976  irsir - ok

02:22:20.0515 2976  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

02:22:20.0703 2976  isapnp - ok

02:22:20.0906 2976  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

02:22:21.0109 2976  JavaQuickStarterService - ok

02:22:21.0140 2976  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

02:22:21.0312 2976  Kbdclass - ok

02:22:21.0406 2976  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

02:22:21.0546 2976  kmixer - ok

02:22:21.0609 2976  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

02:22:21.0796 2976  KSecDD - ok

02:22:21.0859 2976  [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll

02:22:21.0937 2976  lanmanserver - ok

02:22:22.0125 2976  [ 3CD291A2C4909088B3D1E98DED73D4B2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

02:22:22.0203 2976  lanmanworkstation - ok

02:22:22.0203 2976  lbrtfdc - ok

02:22:22.0265 2976  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

02:22:22.0453 2976  LmHosts - ok

02:22:22.0484 2976  [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC          C:\WINDOWS\System32\tcpsvcs.exe

02:22:22.0671 2976  LPDSVC - ok

02:22:22.0718 2976  [ 09721F2C56681A83C93ECDFAB8B102A9 ] massfilter      C:\WINDOWS\system32\drivers\massfilter.sys

02:22:22.0750 2976  massfilter - ok

02:22:22.0796 2976  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys

02:22:22.0828 2976  mbamchameleon - ok

02:22:22.0875 2976  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys

02:22:22.0906 2976  MBAMProtector - ok

02:22:23.0203 2976  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

02:22:23.0343 2976  MDM - ok

02:22:23.0359 2976  [ 195741AEE20369980796B557358CD774 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

02:22:23.0515 2976  mdmxsdk - ok

02:22:23.0578 2976  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll

02:22:23.0750 2976  Messenger - ok

02:22:23.0796 2976  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

02:22:23.0968 2976  mnmdd - ok

02:22:24.0015 2976  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe

02:22:24.0328 2976  mnmsrvc - ok

02:22:24.0375 2976  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

02:22:24.0562 2976  Modem - ok

02:22:24.0593 2976  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys

02:22:24.0781 2976  MODEMCSA - ok

02:22:24.0812 2976  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

02:22:25.0000 2976  Mouclass - ok

02:22:25.0125 2976  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

02:22:25.0312 2976  mouhid - ok

02:22:25.0375 2976  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

02:22:25.0546 2976  MountMgr - ok

02:22:25.0562 2976  mraid35x - ok

02:22:25.0656 2976  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

02:22:25.0734 2976  MRxDAV - ok

02:22:25.0906 2976  [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

02:22:26.0343 2976  MRxSmb - ok

02:22:26.0406 2976  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe

02:22:26.0578 2976  MSDTC - ok

02:22:26.0609 2976  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

02:22:26.0765 2976  Msfs - ok

02:22:26.0781 2976  MSIServer - ok

02:22:26.0828 2976  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

02:22:27.0000 2976  MSKSSRV - ok

02:22:27.0140 2976  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

02:22:27.0312 2976  MSPCLOCK - ok

02:22:27.0343 2976  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

02:22:27.0515 2976  MSPQM - ok

02:22:27.0546 2976  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

02:22:27.0703 2976  mssmbios - ok

02:22:27.0765 2976  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys

02:22:27.0906 2976  MSTEE - ok

02:22:27.0984 2976  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

02:22:28.0328 2976  Mup - ok

02:22:28.0375 2976  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

02:22:28.0578 2976  NABTSFEC - ok

02:22:28.0656 2976  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

02:22:28.0890 2976  NDIS - ok

02:22:28.0937 2976  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys

02:22:29.0203 2976  NdisIP - ok

02:22:29.0250 2976  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

02:22:29.0406 2976  NdisTapi - ok

02:22:29.0437 2976  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

02:22:29.0609 2976  Ndisuio - ok

02:22:29.0671 2976  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

02:22:29.0843 2976  NdisWan - ok

02:22:29.0890 2976  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

02:22:30.0156 2976  NDProxy - ok

02:22:30.0203 2976  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

02:22:30.0406 2976  NetBIOS - ok

02:22:30.0484 2976  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

02:22:30.0703 2976  NetBT - ok

02:22:30.0765 2976  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe

02:22:30.0953 2976  NetDDE - ok

02:22:31.0000 2976  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

02:22:31.0265 2976  NetDDEdsdm - ok

02:22:31.0328 2976  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe

02:22:31.0500 2976  Netlogon - ok

02:22:31.0593 2976  [ 36739B39267914BA69AD0610A0299732 ] Netman          C:\WINDOWS\System32\netman.dll

02:22:31.0718 2976  Netman - ok

02:22:31.0781 2976  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

02:22:31.0843 2976  NetTcpPortSharing - ok

02:22:31.0953 2976  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll

02:22:32.0218 2976  Nla - ok

02:22:32.0265 2976  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys

02:22:32.0406 2976  nmwcd - ok

02:22:32.0437 2976  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys

02:22:32.0562 2976  nmwcdc - ok

02:22:32.0609 2976  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

02:22:32.0781 2976  Npfs - ok

02:22:33.0000 2976  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

02:22:33.0453 2976  Ntfs - ok

02:22:33.0500 2976  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe

02:22:33.0656 2976  NtLmSsp - ok

02:22:33.0828 2976  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

02:22:34.0343 2976  NtmsSvc - ok

02:22:34.0390 2976  [ A568B9A9FFE2D9387222A5C90F86D731 ] NTSIM           C:\WINDOWS\system32\ntsim.sys

02:22:34.0421 2976  NTSIM ( UnsignedFile.Multi.Generic ) - warning

02:22:34.0421 2976  NTSIM - detected UnsignedFile.Multi.Generic (1)

02:22:34.0437 2976  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys

02:22:34.0593 2976  Null - ok

02:22:34.0640 2976  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

02:22:34.0812 2976  NwlnkFlt - ok

02:22:34.0843 2976  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

02:22:35.0125 2976  NwlnkFwd - ok

02:22:35.0187 2976  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

02:22:35.0234 2976  ose - ok

02:22:35.0296 2976  [ 797906CD99C008FEA0E9A279A414D3CB ] p2pgasvc        C:\WINDOWS\system32\p2pgasvc.dll

02:22:35.0484 2976  p2pgasvc - ok

02:22:35.0687 2976  [ C9E234830A9A30DFF2AAA8005B7551E9 ] p2pimsvc        C:\WINDOWS\system32\p2psvc.dll

02:22:36.0218 2976  p2pimsvc - ok

02:22:36.0437 2976  [ C9E234830A9A30DFF2AAA8005B7551E9 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll

02:22:36.0656 2976  p2psvc - ok

02:22:36.0687 2976  PAC7311 - ok

02:22:36.0765 2976  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys

02:22:36.0968 2976  Parport - ok

02:22:37.0015 2976  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

02:22:37.0281 2976  PartMgr - ok

02:22:37.0312 2976  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

02:22:37.0500 2976  ParVdm - ok

02:22:37.0546 2976  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

02:22:37.0578 2976  pccsmcfd - ok

02:22:37.0625 2976  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

02:22:37.0796 2976  PCI - ok

02:22:37.0812 2976  PCIDump - ok

02:22:37.0843 2976  PCIIde - ok

02:22:37.0906 2976  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

02:22:38.0203 2976  Pcmcia - ok

02:22:38.0281 2976  [ CC174F32CC9C18EA3109C4B0FC2CA8DF ] PCTAppEvent     C:\WINDOWS\system32\drivers\PCTAppEvent.sys

02:22:38.0312 2976  PCTAppEvent - ok

02:22:38.0390 2976  [ 4A7EF973FCD9C6CAD6040EBB61262A5C ] PCTFW-PacketFilter C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys

02:22:38.0437 2976  PCTFW-PacketFilter - ok

02:22:38.0562 2976  [ 39E8623F9F29DBC9E053A696D85F8AC6 ] pctgntdi        C:\WINDOWS\system32\drivers\pctgntdi.sys

02:22:38.0656 2976  pctgntdi - ok

02:22:38.0703 2976  [ 8BBE917BC4DA64B0BA8DB33D4C0E0B7D ] pctNDIS         C:\WINDOWS\system32\DRIVERS\pctNdis.sys

02:22:38.0750 2976  pctNDIS - ok

02:22:39.0171 2976  [ C45ED958D60B95E98BACB45F4F2F1649 ] PCToolsFirewallPlus C:\Program Files\PC Tools Firewall Plus\FWService.exe

02:22:39.0625 2976  PCToolsFirewallPlus - ok

02:22:39.0703 2976  [ 6D74DF36716A458619A62DD764FC4F8B ] pctplfw         C:\WINDOWS\system32\drivers\pctplfw.sys

02:22:39.0765 2976  pctplfw - ok

02:22:39.0781 2976  PDCOMP - ok

02:22:39.0796 2976  PDFRAME - ok

02:22:39.0812 2976  PDRELI - ok

02:22:39.0828 2976  PDRFRAME - ok

02:22:39.0843 2976  perc2 - ok

02:22:39.0859 2976  perc2hib - ok

02:22:39.0937 2976  [ 5903FA75200807AD739286BBF40C4904 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys

02:22:39.0953 2976  pfc ( UnsignedFile.Multi.Generic ) - warning

02:22:39.0953 2976  pfc - detected UnsignedFile.Multi.Generic (1)

02:22:40.0015 2976  [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay        C:\WINDOWS\system32\services.exe

02:22:40.0187 2976  PlugPlay - ok

02:22:40.0437 2976  [ C9E234830A9A30DFF2AAA8005B7551E9 ] PNRPSvc         C:\WINDOWS\system32\p2psvc.dll

02:22:40.0687 2976  PNRPSvc - ok

02:22:40.0718 2976  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

02:22:40.0859 2976  PolicyAgent - ok

02:22:40.0906 2976  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

02:22:41.0171 2976  PptpMiniport - ok

02:22:41.0218 2976  [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys

02:22:41.0421 2976  Processor - ok

02:22:41.0468 2976  [ 3D98831E9274076F7520304DF99DA022 ] ProcObsrv       C:\Program Files\Glary Utilities 3\ProcObsrv.sys

02:22:41.0500 2976  ProcObsrv - ok

02:22:41.0515 2976  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

02:22:41.0671 2976  ProtectedStorage - ok

02:22:41.0703 2976  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

02:22:41.0875 2976  PSched - ok

02:22:41.0921 2976  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf.sys

02:22:41.0937 2976  PSI - ok

02:22:41.0984 2976  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

02:22:42.0250 2976  Ptilink - ok

02:22:42.0296 2976  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys

02:22:42.0375 2976  PxHelp20 - ok

02:22:42.0421 2976  ql1080 - ok

02:22:42.0437 2976  Ql10wnt - ok

02:22:42.0468 2976  ql12160 - ok

02:22:42.0484 2976  ql1240 - ok

02:22:42.0500 2976  ql1280 - ok

02:22:42.0531 2976  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

02:22:42.0687 2976  RasAcd - ok

02:22:42.0750 2976  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll

02:22:42.0937 2976  RasAuto - ok

02:22:42.0984 2976  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys

02:22:43.0203 2976  Rasirda - ok

02:22:43.0234 2976  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

02:22:43.0421 2976  Rasl2tp - ok

02:22:43.0515 2976  [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan          C:\WINDOWS\System32\rasmans.dll

02:22:43.0656 2976  RasMan - ok

02:22:43.0703 2976  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

02:22:43.0875 2976  RasPppoe - ok

02:22:43.0906 2976  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

02:22:44.0171 2976  Raspti - ok

02:22:44.0265 2976  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

02:22:44.0421 2976  Rdbss - ok

02:22:44.0453 2976  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

02:22:44.0625 2976  RDPCDD - ok

02:22:44.0703 2976  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

02:22:44.0937 2976  rdpdr - ok

02:22:45.0031 2976  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

02:22:45.0234 2976  RDPWD - ok

02:22:45.0312 2976  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

02:22:45.0500 2976  RDSessMgr - ok

02:22:45.0578 2976  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

02:22:45.0750 2976  redbook - ok

02:22:45.0796 2976  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

02:22:45.0968 2976  RemoteAccess - ok

02:22:46.0031 2976  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

02:22:46.0328 2976  RemoteRegistry - ok

02:22:46.0390 2976  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys

02:22:46.0546 2976  ROOTMODEM - ok

02:22:46.0625 2976  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\System32\locator.exe

02:22:46.0812 2976  RpcLocator - ok

02:22:46.0968 2976  [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs           C:\WINDOWS\System32\rpcss.dll

02:22:47.0234 2976  RpcSs - ok

02:22:47.0359 2976  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe

02:22:47.0562 2976  RSVP - ok

02:22:47.0640 2976  [ 815445F4676CC96BC9AEEC303C727E19 ] s116bus         C:\WINDOWS\system32\DRIVERS\s116bus.sys

02:22:47.0671 2976  s116bus - ok

02:22:47.0703 2976  [ 333D1E0743E6DE1779C3C418AC601C3A ] s116mdfl        C:\WINDOWS\system32\DRIVERS\s116mdfl.sys

02:22:47.0734 2976  s116mdfl - ok

02:22:47.0781 2976  [ 50D6E5B021E9EC7553AB8A3553CC1B6B ] s116mdm         C:\WINDOWS\system32\DRIVERS\s116mdm.sys

02:22:47.0843 2976  s116mdm - ok

02:22:47.0906 2976  [ 1589AA53E43F8D193A7D4D580D3FFA95 ] s116mgmt        C:\WINDOWS\system32\DRIVERS\s116mgmt.sys

02:22:47.0953 2976  s116mgmt - ok

02:22:48.0000 2976  [ 306F85733671FE507470F0273025E768 ] s116nd5         C:\WINDOWS\system32\DRIVERS\s116nd5.sys

02:22:48.0031 2976  s116nd5 - ok

02:22:48.0203 2976  [ EC32601F04A5A5DE89315D0F55E73D66 ] s116obex        C:\WINDOWS\system32\DRIVERS\s116obex.sys

02:22:48.0250 2976  s116obex - ok

02:22:48.0312 2976  [ 32E3ECB4B2B5887426EAF241A8149CDE ] s116unic        C:\WINDOWS\system32\DRIVERS\s116unic.sys

02:22:48.0375 2976  s116unic - ok

02:22:48.0406 2976  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe

02:22:48.0546 2976  SamSs - ok

02:22:48.0578 2976  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

02:22:48.0593 2976  SASDIFSV - ok

02:22:48.0640 2976  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

02:22:48.0687 2976  SASKUTIL - ok

02:22:48.0750 2976  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

02:22:48.0937 2976  SCardSvr - ok

02:22:49.0031 2976  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll

02:22:49.0406 2976  Schedule - ok

02:22:49.0468 2976  [ 62AF804EBB0CC6A34DDD1B0AACACD47F ] SE2Bbus         C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys

02:22:49.0515 2976  SE2Bbus ( UnsignedFile.Multi.Generic ) - warning

02:22:49.0515 2976  SE2Bbus - detected UnsignedFile.Multi.Generic (1)

02:22:49.0562 2976  [ FEF0BC327F083210C5A5DD890BF41C0A ] SE2Bmdfl        C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys

02:22:49.0578 2976  SE2Bmdfl ( UnsignedFile.Multi.Generic ) - warning

02:22:49.0578 2976  SE2Bmdfl - detected UnsignedFile.Multi.Generic (1)

02:22:49.0625 2976  [ 00CFA9A63E3915BEE7E3FBC23213B8FD ] SE2Bmdm         C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys

02:22:49.0687 2976  SE2Bmdm ( UnsignedFile.Multi.Generic ) - warning

02:22:49.0687 2976  SE2Bmdm - detected UnsignedFile.Multi.Generic (1)

02:22:49.0750 2976  [ 46147915DA4525A95E9404B646DF91EF ] SE2Bmgmt        C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys

02:22:49.0796 2976  SE2Bmgmt ( UnsignedFile.Multi.Generic ) - warning

02:22:49.0796 2976  SE2Bmgmt - detected UnsignedFile.Multi.Generic (1)

02:22:49.0828 2976  [ DBAAF0DE434F4D88DB40DB3AFAB301FE ] se2Bnd5         C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys

02:22:49.0859 2976  se2Bnd5 ( UnsignedFile.Multi.Generic ) - warning

02:22:49.0859 2976  se2Bnd5 - detected UnsignedFile.Multi.Generic (1)

02:22:49.0906 2976  [ 98B2F0E34D1F3AEE840F741C161C01EE ] SE2Bobex        C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys

02:22:49.0968 2976  SE2Bobex ( UnsignedFile.Multi.Generic ) - warning

02:22:49.0968 2976  SE2Bobex - detected UnsignedFile.Multi.Generic (1)

02:22:50.0015 2976  [ 29ACFCC6AFBA06DFD7C66C5C33087F9C ] se2Bunic        C:\WINDOWS\system32\DRIVERS\se2Bunic.sys

02:22:50.0187 2976  se2Bunic ( UnsignedFile.Multi.Generic ) - warning

02:22:50.0187 2976  se2Bunic - detected UnsignedFile.Multi.Generic (1)

02:22:50.0250 2976  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

02:22:50.0281 2976  Secdrv - ok

02:22:50.0328 2976  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll

02:22:50.0515 2976  seclogon - ok

02:22:50.0875 2976  [ 1CE8490E8919EF5C72275952C202E749 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe

02:22:51.0609 2976  Secunia PSI Agent - ok

02:22:51.0656 2976  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll

02:22:51.0828 2976  SENS - ok

02:22:51.0890 2976  [ FD245689004356AA2928B678736B9ABD ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys

02:22:51.0921 2976  Ser2pl ( UnsignedFile.Multi.Generic ) - warning

02:22:51.0921 2976  Ser2pl - detected UnsignedFile.Multi.Generic (1)

02:22:51.0968 2976  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys

02:22:52.0234 2976  serenum - ok

02:22:52.0296 2976  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys

02:22:52.0500 2976  Serial - ok

02:22:52.0781 2976  [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

02:22:53.0359 2976  ServiceLayer - ok

02:22:53.0484 2976  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

02:22:53.0656 2976  Sfloppy - ok

02:22:53.0796 2976  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

02:22:54.0234 2976  SharedAccess - ok

02:22:54.0296 2976  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

02:22:54.0375 2976  ShellHWDetection - ok

02:22:54.0453 2976  [ 9FA648138FF703B1457CD05817CC23B5 ] ShredderVolumeDriver C:\WINDOWS\system32\Drivers\ShredderDriver32.sys

02:22:54.0500 2976  ShredderVolumeDriver - ok

02:22:54.0531 2976  Simbad - ok

02:22:54.0546 2976  [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp         C:\WINDOWS\System32\tcpsvcs.exe

02:22:54.0703 2976  SimpTcp - ok

02:22:54.0734 2976  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys

02:22:54.0875 2976  SLIP - ok

02:22:54.0937 2976  [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

02:22:54.0953 2976  SmartDefragDriver - ok

02:22:55.0000 2976  [ 74B9FA2AFAF60B7F4E2A952E77B9DC6C ] SMTPSVC         C:\WINDOWS\system32\inetsrv\inetinfo.exe

02:22:55.0187 2976  SMTPSVC - ok

02:22:55.0234 2976  [ 6FEB04DE6288F5466391E29057DC5B0E ] SNMP            C:\WINDOWS\System32\snmp.exe

02:22:55.0296 2976  SNMP - ok

02:22:55.0343 2976  [ 6F591DBEFD11F7697042907B516F1212 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe

02:22:55.0484 2976  SNMPTRAP - ok

02:22:55.0500 2976  Sparrow - ok

02:22:55.0546 2976  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

02:22:55.0625 2976  splitter - ok

02:22:55.0671 2976  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe

02:22:55.0734 2976  Spooler - ok

02:22:55.0781 2976  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

02:22:55.0890 2976  sr - ok

02:22:55.0984 2976  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll

02:22:56.0234 2976  srservice - ok

02:22:56.0390 2976  [ AB9C79ED12D65E800AAAD3D72A04792F ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

02:22:56.0656 2976  Srv - ok

02:22:56.0718 2976  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

02:22:56.0843 2976  SSDPSRV - ok

02:22:56.0890 2976  [ ED78DFAD8EFCDFBC89500492C4D14645 ] STI Simulator   C:\WINDOWS\System32\PAStiSvc.exe

02:22:56.0937 2976  STI Simulator ( UnsignedFile.Multi.Generic ) - warning

02:22:56.0937 2976  STI Simulator - detected UnsignedFile.Multi.Generic (1)

02:22:57.0234 2976  [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc          C:\WINDOWS\system32\wiaservc.dll

02:22:57.0484 2976  stisvc - ok

02:22:57.0515 2976  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys

02:22:57.0671 2976  streamip - ok

02:22:57.0718 2976  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

02:22:57.0890 2976  swenum - ok

02:22:57.0937 2976  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

02:22:58.0203 2976  swmidi - ok

02:22:58.0234 2976  SwPrv - ok

02:22:58.0250 2976  symc810 - ok

02:22:58.0281 2976  symc8xx - ok

02:22:58.0296 2976  sym_hi - ok

02:22:58.0312 2976  sym_u3 - ok

02:22:58.0359 2976  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

02:22:58.0531 2976  sysaudio - ok

02:22:58.0593 2976  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

02:22:58.0781 2976  SysmonLog - ok

02:22:58.0906 2976  [ FB78839B36025AA286A51289ED28B73E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

02:22:59.0046 2976  TapiSrv - ok

02:22:59.0312 2976  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

02:22:59.0640 2976  Tcpip - ok

02:22:59.0734 2976  [ 00586ED87AB564B03870A2A3DCC84B55 ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys

02:22:59.0890 2976  Tcpip6 - ok

02:22:59.0937 2976  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

02:23:00.0203 2976  TDPIPE - ok

02:23:00.0250 2976  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

02:23:00.0453 2976  TDTCP - ok

02:23:00.0500 2976  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

02:23:00.0656 2976  TermDD - ok

02:23:00.0796 2976  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll

02:23:01.0046 2976  TermService - ok

02:23:01.0234 2976  [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes          C:\WINDOWS\System32\shsvcs.dll

02:23:01.0265 2976  Themes - ok

02:23:01.0328 2976  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe

02:23:01.0468 2976  TlntSvr - ok

02:23:01.0484 2976  TosIde - ok

02:23:01.0546 2976  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll

02:23:01.0734 2976  TrkWks - ok

02:23:01.0859 2976  [ D391F1171A2E3A7080DF6FAAE7A20C0B ] Trufos          C:\WINDOWS\system32\DRIVERS\Trufos.sys

02:23:01.0984 2976  Trufos - ok

02:23:02.0031 2976  [ 87A0E9E18C10A9E454238E3330E2A26D ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys

02:23:02.0296 2976  tunmp - ok

02:23:02.0343 2976  [ 49C805D42D75EDDC9B6A7130999C9054 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys

02:23:02.0515 2976  uagp35 - ok

02:23:02.0562 2976  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

02:23:02.0734 2976  Udfs - ok

02:23:02.0859 2976  [ 65E19ACEBB2DB2B76529A77316D8A34B ] UI Assistant Service C:\Program Files\Join Air\AssistantServices.exe

02:23:02.0984 2976  UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning

02:23:02.0984 2976  UI Assistant Service - detected UnsignedFile.Multi.Generic (1)

02:23:03.0000 2976  ultra - ok

02:23:03.0281 2976  [ CED744117E91BDC0BEB810F7D8608183 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

02:23:03.0593 2976  Update - ok

02:23:03.0703 2976  [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost        C:\WINDOWS\System32\upnphost.dll

02:23:03.0812 2976  upnphost - ok

02:23:03.0859 2976  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

02:23:03.0984 2976  upperdev - ok

02:23:04.0031 2976  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe

02:23:04.0296 2976  UPS - ok

02:23:04.0359 2976  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys

02:23:04.0531 2976  usbaudio - ok

02:23:04.0593 2976  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys

02:23:04.0750 2976  usbccgp - ok

02:23:04.0781 2976  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

02:23:04.0937 2976  usbehci - ok

02:23:05.0015 2976  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

02:23:05.0296 2976  usbhub - ok

02:23:05.0359 2976  [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser          C:\WINDOWS\system32\drivers\usbser.sys

02:23:05.0515 2976  usbser - ok

02:23:05.0562 2976  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

02:23:05.0671 2976  UsbserFilt - ok

02:23:05.0718 2976  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

02:23:05.0890 2976  usbstor - ok

02:23:05.0921 2976  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

02:23:06.0187 2976  usbuhci - ok

02:23:06.0250 2976  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

02:23:06.0437 2976  VgaSave - ok

02:23:06.0468 2976  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys

02:23:06.0625 2976  ViaIde - ok

02:23:06.0687 2976  [ 7DC3E1DC6E4F8BE381C31BFEA578412A ] viamraid        C:\WINDOWS\system32\DRIVERS\viamraid.sys

02:23:06.0750 2976  viamraid - ok

02:23:06.0812 2976  [ 819BF44085104BE6527B86A88ACF856B ] VIAudio         C:\WINDOWS\system32\drivers\ac97via.sys

02:23:07.0000 2976  VIAudio - ok

02:23:07.0062 2976  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

02:23:07.0328 2976  VolSnap - ok

02:23:07.0500 2976  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe

02:23:07.0703 2976  VSS - ok

02:23:07.0796 2976  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll

02:23:07.0984 2976  W32Time - ok

02:23:08.0015 2976  [ 74B9FA2AFAF60B7F4E2A952E77B9DC6C ] W3SVC           C:\WINDOWS\system32\inetsrv\inetinfo.exe

02:23:08.0203 2976  W3SVC - ok

02:23:08.0250 2976  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

02:23:08.0453 2976  Wanarp - ok

02:23:08.0640 2976  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

02:23:08.0890 2976  Wdf01000 - ok

02:23:08.0890 2976  WDICA - ok

02:23:08.0953 2976  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

02:23:09.0187 2976  wdmaud - ok

02:23:09.0250 2976  [ 265F534EF76832435AFBF771EC97176D ] WebClient       C:\WINDOWS\System32\webclnt.dll

02:23:09.0359 2976  WebClient - ok

02:23:09.0656 2976  [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys

02:23:10.0296 2976  winachsf - ok

02:23:10.0437 2976  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

02:23:10.0640 2976  winmgmt - ok

02:23:10.0953 2976  [ A7C993F86BE5AF035DE06DF9160D7008 ] WiseBootAssistant C:\Program Files\Wise\Wise Care 365\BootTime.exe

02:23:11.0375 2976  WiseBootAssistant - ok

02:23:11.0421 2976  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll

02:23:11.0500 2976  WmdmPmSN - ok

02:23:11.0750 2976  [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi             C:\WINDOWS\System32\advapi32.dll

02:23:12.0265 2976  Wmi - ok

02:23:12.0359 2976  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe

02:23:12.0578 2976  WmiApSrv - ok

02:23:12.0875 2976  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

02:23:13.0468 2976  WPFFontCache_v0400 - ok

02:23:13.0515 2976  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys

02:23:13.0656 2976  WS2IFSL - ok

02:23:13.0718 2976  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

02:23:13.0906 2976  wscsvc - ok

02:23:13.0937 2976  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

02:23:14.0093 2976  WSTCODEC - ok

02:23:14.0234 2976  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

02:23:14.0406 2976  wuauserv - ok

02:23:14.0484 2976  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys

02:23:14.0562 2976  WudfPf - ok

02:23:14.0625 2976  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys

02:23:14.0703 2976  WudfRd - ok

02:23:14.0765 2976  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll

02:23:14.0828 2976  WudfSvc - ok

02:23:14.0968 2976  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

02:23:15.0484 2976  WZCSVC - ok

02:23:15.0562 2976  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

02:23:15.0765 2976  xmlprov - ok

02:23:15.0828 2976  [ B31932DC33072CA98A8DBF76F866F22E ] ZTEusbmdm6k     C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

02:23:15.0890 2976  ZTEusbmdm6k - ok

02:23:15.0968 2976  [ B31932DC33072CA98A8DBF76F866F22E ] ZTEusbnmea      C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

02:23:16.0015 2976  ZTEusbnmea - ok

02:23:16.0078 2976  [ B31932DC33072CA98A8DBF76F866F22E ] ZTEusbser6k     C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

02:23:16.0250 2976  ZTEusbser6k - ok

02:23:16.0281 2976  ================ Scan global ===============================

02:23:16.0343 2976  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll

02:23:16.0515 2976  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll

02:23:16.0750 2976  [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll

02:23:16.0812 2976  [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe

02:23:16.0812 2976  [Global] - ok

02:23:16.0812 2976  ================ Scan MBR ==================================

02:23:16.0843 2976  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

02:23:17.0703 2976  \Device\Harddisk0\DR0 - ok

02:23:17.0703 2976  ================ Scan VBR ==================================

02:23:17.0718 2976  [ 0723DBC65E26922F050D791BD2D8D5FE ] \Device\Harddisk0\DR0\Partition1

02:23:17.0734 2976  \Device\Harddisk0\DR0\Partition1 - ok

02:23:17.0734 2976  ============================================================

02:23:17.0734 2976  Scan finished

02:23:17.0734 2976  ============================================================

02:23:17.0859 3576  Detected object count: 19

02:23:17.0859 3576  Actual detected object count: 19

02:24:45.0265 3576  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0281 3576  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0281 3576  Apowersoft_AudioDevice ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0281 3576  Apowersoft_AudioDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0281 3576  Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0281 3576  Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0281 3576  ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0296 3576  ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0296 3576  EIO ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0296 3576  EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0296 3576  ggsemc ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0296 3576  ggsemc ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0296 3576  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0312 3576  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0312 3576  NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0312 3576  NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0312 3576  pfc ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0312 3576  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0328 3576  SE2Bbus ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0328 3576  SE2Bbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0328 3576  SE2Bmdfl ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0328 3576  SE2Bmdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0328 3576  SE2Bmdm ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0328 3576  SE2Bmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0343 3576  SE2Bmgmt ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0343 3576  SE2Bmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0343 3576  se2Bnd5 ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0343 3576  se2Bnd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0343 3576  SE2Bobex ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0343 3576  SE2Bobex ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0359 3576  se2Bunic ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0359 3576  se2Bunic ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0359 3576  Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0359 3576  Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0375 3576  STI Simulator ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0375 3576  STI Simulator ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:24:45.0375 3576  UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user

02:24:45.0375 3576  UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 

Here is the aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-08-05 01:29:17
-----------------------------
01:29:17.765    OS Version: Windows 5.1.2600 Service Pack 2
01:29:17.765    Number of processors: 1 586 0x401
01:29:17.765    ComputerName: ADISOR-Y8QK9EN9  UserName: adi
01:29:20.703    Initialize success
01:29:21.015    AVAST engine defs: 13080401
01:29:25.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
01:29:25.968    Disk 0 Vendor: WDC_WD800BB-00JHC0 05.01C05 Size: 76319MB BusType: 3
01:29:26.234    Disk 0 MBR read successfully
01:29:26.234    Disk 0 MBR scan
01:29:26.234    Disk 0 Windows XP default MBR code
01:29:26.250    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
01:29:26.281    Disk 0 scanning sectors +156280320
01:29:26.640    Disk 0 scanning C:\WINDOWS\system32\drivers
01:30:04.828    Service scanning
01:30:45.656    Modules scanning
01:31:15.875    Disk 0 trace - called modules:
01:31:15.906    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys 
01:31:15.906    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8736fab8]
01:31:15.906    3 CLASSPNP.SYS[f773005b] -> nt!IofCallDriver -> \Device\0000007f[0x87373f18]
01:31:15.906    5 ACPI.sys[f76a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8738ed98]
01:31:17.796    AVAST engine scan C:\WINDOWS
01:31:33.843    AVAST engine scan C:\WINDOWS\system32
01:40:30.859    AVAST engine scan C:\WINDOWS\system32\drivers
01:41:44.906    AVAST engine scan C:\Documents and Settings\adi
02:02:16.343    AVAST engine scan C:\Documents and Settings\All Users
02:04:59.609    Scan finished successfully
02:05:22.375    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\adi\Desktop\MBR.dat"
02:05:22.390    The log file has been saved successfully to "C:\Documents and Settings\adi\Desktop\aswMBR.txt"
 
 

 

 

 

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:38 PM

Posted 05 August 2013 - 08:07 AM

Lets see what we can find.

WhoCrashed reveals the drivers responsible for crashing your computer.

Introduction.
http://www.resplendence.com/whocrashed

Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Please scroll down the Information window to copy and paste the results in your next reply.

whocra11.png



#11 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 05 August 2013 - 09:19 AM

Hello,

 

WhoCrashed required to download and install Windows Debugging package from Microsoft site. I know my Windows XP SP2 is not a genuine version and I hesitated a little.

 

Here is the results of WhoCrashed:

 

System Information (local)

computer name: ADISOR-Y8QK9EN9
windows version: Windows XP Service Pack 2, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel® Celeron® CPU 2.80GHz Intel586, level: 15
1 logical processors, active mask: 1
RAM: 1072939008 total
VM: 2147352576, free: 2063585280


 

Crash Dump Analysis

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Sun 8/4/2013 6:58:36 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini080413-03.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x3779)
Bugcheck code: 0x100000D1 (0xFFFFFFFFF7267C07, 0x9, 0x0, 0xFFFFFFFFF7267C07)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 8/4/2013 8:21:55 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini080413-02.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x3779)
Bugcheck code: 0x100000D1 (0xFFFFFFFFF711CC07, 0x9, 0x0, 0xFFFFFFFFF711CC07)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 8/4/2013 6:33:13 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini080413-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x3879)
Bugcheck code: 0x1000000A (0xFFFFFFFFFFFFFFF4, 0x9, 0x0, 0xFFFFFFFF804DA879)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sat 8/3/2013 11:05:35 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini080313-02.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0xAB57)
Bugcheck code: 0x100000D1 (0xBB40, 0x9, 0x0, 0xBB40)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Fri 8/2/2013 10:06:08 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini080313-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x13879)
Bugcheck code: 0x1000000A (0x0, 0x9, 0x1, 0xFFFFFFFF804EA879)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 8/1/2013 7:47:59 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini080113-01.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0x1AFD0)
Bugcheck code: 0x100000D1 (0xD, 0x9, 0x0, 0xFFFFFFFFF6456FD0)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Wed 7/31/2013 8:35:01 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073113-04.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0x1AFD0)
Bugcheck code: 0x100000D1 (0xC, 0x9, 0x0, 0xFFFFFFFFF64AAFD0)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Wed 7/31/2013 8:10:47 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073113-03.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0x1AFD0)
Bugcheck code: 0x100000D1 (0xC, 0x9, 0x0, 0xFFFFFFFFF5F3CFD0)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Wed 7/31/2013 12:11:30 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073113-02.dmp
This was probably caused by the following module: ndis.sys (NDIS+0x18EAA)
Bugcheck code: 0x1000008E (0xFFFFFFFFC000001D, 0xFFFFFFFFF7DB2C02, 0xFFFFFFFF80550300, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\ndis.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NDIS 5.1 wrapper driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Tue 7/30/2013 10:47:21 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073113-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x3879)
Bugcheck code: 0x1000000A (0xFFFFFFFFFFFFFFF4, 0x9, 0x0, 0xFFFFFFFF804DA879)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 7/30/2013 6:15:22 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073013-03.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0x1AFD0)
Bugcheck code: 0x100000D1 (0xC, 0x9, 0x0, 0xFFFFFFFFF6413FD0)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Tue 7/30/2013 12:24:48 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073013-02.dmp
This was probably caused by the following module: hsfcxts2.sys (HSFCXTS2+0x974D5)
Bugcheck code: 0x100000D1 (0x0, 0x2, 0x0, 0xFFFFFFFFF55A64D5)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\hsfcxts2.sys
product: SoftK56 Modem Driver
company: Conexant Systems, Inc.
description: HSF_CNXT driver
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hsfcxts2.sys (HSF_CNXT driver, Conexant Systems, Inc.).
Google query: Conexant Systems, Inc. CUSTOM_ERROR



On Tue 7/30/2013 10:53:32 AM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini073013-01.dmp
This was probably caused by the following module: atapi.sys (atapi+0x55F8)
Bugcheck code: 0x100000D1 (0x3DFC6EDA, 0x5, 0x0, 0x3DFC6EDA)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\atapi.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: IDE/ATAPI Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Mon 7/29/2013 7:10:21 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini072913-04.dmp
This was probably caused by the following module: usbport.sys (USBPORT+0xAB57)
Bugcheck code: 0x100000D1 (0xBB40, 0x9, 0x0, 0xBB40)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbport.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB 1.1 & 2.0 Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Mon 7/29/2013 2:08:26 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini072913-03.dmp
This was probably caused by the following module: usbuhci.sys (usbuhci+0x3F43)
Bugcheck code: 0x100000D1 (0xFF00, 0x9, 0x0, 0xFFFFFFFF870B4668)
Error: CUSTOM_ERROR
file path: C:\WINDOWS\system32\drivers\usbuhci.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: UHCI USB Miniport Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.


 

Conclusion

67 crash dumps have been found and analyzed. Only 15 are included in this report. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

fetnd5b.sys (NDIS 5.0 miniport driver, VIA Technologies, Inc. )
hsfcxts2.sys (HSF_CNXT driver, Conexant Systems, Inc.)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:38 PM

Posted 05 August 2013 - 09:42 AM

See if you can get the update drivers from the sites suggested.

If that fails see what this tool can do for you.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
If interested in security I would download the tool and run it.
<<<>>>

#13 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 08 August 2013 - 06:11 AM

Hello,

Sorry for delay but I spent two days looking for updates of the 2 drivers.

 

First I updated  the driver fetnd5b.sys and I had another 9 BSOD during the search for the second driver.

 

The second driver, hsfcxts2.sys is part of product SoftK56 Modem Driver from Conexant Systems and I could not find any update, even on Conexant’s site. I could install only SoftV92 Data Fax Modem.

 

Long ago I made a backup of my drivers using DriverMax 5.5, which was uninstalled.

Now I tried to restore the driver hsfcxts2.sys from this old backup, using new DriverMax 7.5 and Double Driver but it was impossible. The version of DriverMax 5.5 is no more on the net. 

 

Because I don’t use a modem, on 7 august evening I decided to disable hsfcxts2.sys.

Using System Explorer portable I disabled all the 3 drivers of the product SoftK56 Modem Driver.

But after that I had another 2 BSOD (totally 78 crashes) and now I activated again these 3 drivers.

 

I intended to update also the driver intelppm.sys, which seems to be the cause in many crashes.

But no software found intelppm.sys is out of date (DriverMax, DriverUpdate, SlimDrivers, Driver Booster). Maybe can I disable this driver?

 

Regarding Secunia Personal Software Inspector, I already had v.2.0 but it is not useful at all in this problem.

 

I’m still looking on the net for driver hsfcxts2.sys.

I found only this link: http://www.driverguide.com/driver/detail.php?driverid=1601945

But the file version is 2.12.10.00 and my file version is 7.12.9.0 (see photo with description of HSFCXTS2). Attached File  Description.JPG   79.52KB   0 downloads

      

      Can I use somehow my old backup of drivers, with files which are not corrupted?

 

 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:38 PM

Posted 08 August 2013 - 08:04 AM

I wish I could help your on this matter but it's not my forte.

Since this is no longer a malware issue I can only suggest you start a new topic in the Windows XP forum
http://www.bleepingcomputer.com/forums/forum56.html

Someone may have the Driver you are looking for or will suggest an other avenue.

#15 Newuser12

Newuser12
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 08 August 2013 - 08:34 AM

Hello again,

 

I'm still not so sure if BSOD are caused by 2 corrupted drivers or by some rootkit, still active.

When I disabled the driver I cannot update, it was normal to stop crashes.

 

Ok, thank you very much for your support (WhoCrashed is really useful).

I wish you all the best! :)

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users