Jump to content

RogueSecurityIS


Gooch
 Share

Recommended Posts

Hi there,

It certainly looks like I'm infected on my home PC with one of these Rogue Security type viruses/malware, and I suspect it might be quite an effort to clean everything up - primarily because most of the time, my system freezes in a minute or two after I get logged in as one of the Windows users.

I did get a full Malwarebytes scan the other morning which showed just a single file infected in the MBAM log:

C:\Users\Matt\AppData\Local\Temp\acmvblxhd\mhjanpidlta.exe (RogueSecurityIS) -> Quarantined and deleted successfully

So that sounded kind of good but it's obvious that this malware is still in my PC, and by now maybe as several different files.

When I get home later today, I will try going through the handy step-by-step instructions for "I'm infected ...", but I would appreciate any information that someone might have concerning this whole process:

(1) Can anyone identify the specific virus/malware from just that one infected file noted above?

(2) Should I be booting up my machine in just normal mode?

For (2), I'm concerned that being up in normal mode with networking exposes the PC to being used by the outside "bad guys", and that they'll have more control over what the machine is doing than I! On the other hand, the times I've tried coming up in different safe modes, or even in command line mode, the PC has both rebooted itself before I get any control, or does a "freeze up" fairly quickly after I log in as a user (where sometimes I have time to start a virus scan, only to watch it basically hang in a few minutes).

So really for (2), I'm searching for the best strategy to bring up my PC in an attempt to clean it up. If I don't have networking enabled, then I won't be able to access/download the various tools that are suggested. But I sure don't want the PC sending out bogus emails to all our Outlook contacts either!

Any insight/suggestions are appreciated!

Thanks,

Gooch

P.S.: I've looked through some of the postings of folks who have gone through some of these cleanups. From the looks of some of those, I'm wondering whether it would actually take less time to copy off our personal data and just format the hard drive and reinstall the OS?!?!?

Link to post
Share on other sites

Hello Gooch

Welcome to Malwarebytes.

Please try to get these to run in any mode possible.

Once you save the files and post them you can then take the system offline by unplugging the network cable.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi Kahdah,

Thanks for the response and the suggestions. I wasn't able to run anything out of Windows Explorer before things would freeze (I couldn't even get to a website for awhile. I finally did get OTL to run to completion on a different user than "Matt". I selected the options you indicated, but also selected "All Users" near the top, thinking that would see things across the 3 users configured on the PC. So hope that wasn't bad or a mistake. Here's the output:

OTL.Txt:

OTL logfile created on: 10/30/2010 1:51:16 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = J:\

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.69 Gb Total Space | 303.33 Gb Free Space | 67.30% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 13.95 Gb Free Space | 92.99% Space Free | Partition Type: NTFS

Drive E: | 46.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 959.97 Mb Total Space | 959.27 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: GALGOCY-MONSTER | User Name: Susan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - J:\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

PRC - C:\Program Files (x86)\Upromise\UpromiseTray.exe ()

PRC - C:\Program Files (x86)\Upromise\dca-ua.exe (Compete Inc)

PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)

PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

========== Modules (SafeList) ==========

MOD - J:\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (RoxLiveShare10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)

SRV - (RoxWatch10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)

SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)

SRV - (LinksysUpdater) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX

Link to post
Share on other sites

I haven't seen any unusual security alerts, if that's what you're referring to (like messages from McAfee or Malwarebytes).

I updated Malwarebytes to the most recent version, but could not get any Full Scans to complete. The last three I did got this far:

(a) 55372 files, 19 minutes, 26 seconds

(:D 55424 files, 18 minutes, 57 seconds

© 55511 files, 19 minutes, 5 seconds

I believe a Full Scan usually needs around an hour and 15 minutes to complete.

Before I attempted these Full Scans, I did get a Quick Scan to complete and that log file follows:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5009

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

10/31/2010 2:04:31 PM

mbam-log-2010-10-31 (14-04-31).txt

Scan type: Quick scan

Objects scanned: 174376

Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********************************************************************************

**********

The PC freezing up continues, although it seems like there's now a pretty obvious pattern to it:

If I'm connected to my DSL service, it usually freezes up within a minute or two after logging into one of the Windows users.

If I don't have the wireless connection enabled, I appear to be getting somewhere around a 20-25 minute span of time to try to get a few things accomplished. But then it does always finally lock up everything.

Another interesting thing I've noticed 2 times: Just about the time the PC freezes up, an unfamiliar "icon" or picture appears a little left of the middle of the screen. It's been a different picture both times, kind of resembling something computer-like - nothing weird or nasty. For example, I think the one picture was sort of like two computer displays positioned at an angle a bit apart. The size of the picture is approximately about a square inch. And it doesn't show up all the time - as I noted, I've just seen it twice.

Any ideas or suggestions - please send them my way.

Happy Halloween!

Link to post
Share on other sites

Ok so it only locks up when the internet is plugged in?

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be skip, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • Click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

No, the PC also locks up without being connected to the Internet - it just takes awhile longer.

The PC is basically unusable when connecting to the Internet. Everything I'm running is transferred to the PC using a USB drive. Otherwise, I couldn't do anything.

TDDSKiller Log:

2010/11/02 00:44:29.0364 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49

2010/11/02 00:44:29.0364 ================================================================================

2010/11/02 00:44:29.0364 SystemInfo:

2010/11/02 00:44:29.0364

2010/11/02 00:44:29.0364 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/02 00:44:29.0364 Product type: Workstation

2010/11/02 00:44:29.0364 ComputerName: GALGOCY-MONSTER

2010/11/02 00:44:29.0364 UserName: Jeff

2010/11/02 00:44:29.0364 Windows directory: C:\Windows

2010/11/02 00:44:29.0364 System windows directory: C:\Windows

2010/11/02 00:44:29.0364 Running under WOW64

2010/11/02 00:44:29.0364 Processor architecture: Intel x64

2010/11/02 00:44:29.0364 Number of processors: 8

2010/11/02 00:44:29.0364 Page size: 0x1000

2010/11/02 00:44:29.0364 Boot type: Normal boot

2010/11/02 00:44:29.0364 ================================================================================

2010/11/02 00:44:29.0364 Utility is running under WOW64

2010/11/02 00:44:29.0973 Initialize success

2010/11/02 00:44:37.0741 ================================================================================

2010/11/02 00:44:37.0741 Scan started

2010/11/02 00:44:37.0741 Mode: Manual;

2010/11/02 00:44:37.0741 ================================================================================

2010/11/02 00:44:38.0225 acedrv06 (c8030d922511a926d0aa06b78c4b87a9) C:\Windows\system32\drivers\acedrv06.sys

2010/11/02 00:44:38.0381 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/11/02 00:44:38.0459 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys

2010/11/02 00:44:38.0584 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/11/02 00:44:38.0662 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/11/02 00:44:38.0693 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/11/02 00:44:38.0755 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/11/02 00:44:38.0818 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/11/02 00:44:38.0943 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/11/02 00:44:38.0989 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/11/02 00:44:39.0036 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

2010/11/02 00:44:39.0161 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/11/02 00:44:39.0208 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/11/02 00:44:39.0426 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/11/02 00:44:39.0769 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys

2010/11/02 00:44:39.0894 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/11/02 00:44:40.0035 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/11/02 00:44:40.0081 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/02 00:44:40.0128 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys

2010/11/02 00:44:40.0378 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/11/02 00:44:40.0518 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/11/02 00:44:40.0596 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/02 00:44:40.0627 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/02 00:44:40.0690 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/11/02 00:44:40.0737 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/11/02 00:44:40.0799 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/11/02 00:44:40.0846 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/02 00:44:40.0955 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/11/02 00:44:41.0002 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/11/02 00:44:41.0049 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/02 00:44:41.0111 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/02 00:44:41.0189 cfwids (0f75ec1c9e21f0fb4648a1d9bb322e5d) C:\Windows\system32\drivers\cfwids.sys

2010/11/02 00:44:41.0251 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/02 00:44:41.0298 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/11/02 00:44:41.0376 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/11/02 00:44:41.0407 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2010/11/02 00:44:41.0439 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/11/02 00:44:41.0579 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS

2010/11/02 00:44:41.0641 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS

2010/11/02 00:44:41.0719 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys

2010/11/02 00:44:41.0844 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys

2010/11/02 00:44:41.0953 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS

2010/11/02 00:44:42.0047 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS

2010/11/02 00:44:42.0125 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS

2010/11/02 00:44:42.0172 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS

2010/11/02 00:44:42.0234 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys

2010/11/02 00:44:42.0406 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys

2010/11/02 00:44:42.0546 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/11/02 00:44:42.0593 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/11/02 00:44:42.0671 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/11/02 00:44:42.0749 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/02 00:44:42.0843 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

2010/11/02 00:44:42.0874 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/11/02 00:44:42.0952 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/11/02 00:44:43.0014 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/11/02 00:44:43.0186 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys

2010/11/02 00:44:43.0295 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/11/02 00:44:43.0326 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/11/02 00:44:43.0373 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/11/02 00:44:43.0404 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/02 00:44:43.0451 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/11/02 00:44:43.0498 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/11/02 00:44:43.0576 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/02 00:44:43.0607 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/11/02 00:44:43.0654 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/02 00:44:43.0685 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/02 00:44:43.0747 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/11/02 00:44:43.0888 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys

2010/11/02 00:44:43.0997 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys

2010/11/02 00:44:44.0200 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

2010/11/02 00:44:44.0278 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/02 00:44:44.0340 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/11/02 00:44:44.0403 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/02 00:44:44.0465 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/02 00:44:44.0527 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/11/02 00:44:44.0574 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/11/02 00:44:44.0637 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/11/02 00:44:44.0699 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/02 00:44:44.0761 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys

2010/11/02 00:44:44.0808 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/11/02 00:44:44.0855 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/11/02 00:44:44.0902 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/11/02 00:44:44.0949 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/02 00:44:45.0058 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/02 00:44:45.0120 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/02 00:44:45.0151 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/02 00:44:45.0198 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/11/02 00:44:45.0245 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/11/02 00:44:45.0292 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/02 00:44:45.0323 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/11/02 00:44:45.0401 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/11/02 00:44:45.0432 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\drivers\jraid.sys

2010/11/02 00:44:45.0463 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/02 00:44:45.0495 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/02 00:44:45.0573 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/02 00:44:45.0635 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/11/02 00:44:45.0697 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/02 00:44:45.0744 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/02 00:44:45.0807 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/02 00:44:45.0838 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/02 00:44:45.0869 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/11/02 00:44:45.0994 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/11/02 00:44:46.0025 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/11/02 00:44:46.0150 mfeapfk (487f6ce8fc99da5ba55266c0fecc81fa) C:\Windows\system32\drivers\mfeapfk.sys

2010/11/02 00:44:46.0321 mfeavfk (15d3ffaf513780bf3feba824c84b4148) C:\Windows\system32\drivers\mfeavfk.sys

2010/11/02 00:44:46.0446 mfefirek (041435b0e11a7be7aec199d790b2ce90) C:\Windows\system32\drivers\mfefirek.sys

2010/11/02 00:44:46.0571 mfehidk (a3c142a8d5cccd4acb145d8e0bd347fd) C:\Windows\system32\drivers\mfehidk.sys

2010/11/02 00:44:46.0665 mfenlfk (89c623961f8e4fcb1c3cf6576aae06ef) C:\Windows\system32\DRIVERS\mfenlfk.sys

2010/11/02 00:44:46.0743 mferkdet (37dc16dd53e407cbb1a7c530288b7151) C:\Windows\system32\drivers\mferkdet.sys

2010/11/02 00:44:46.0836 mfewfpk (1680dd5958520e04cddc5faf51dbd781) C:\Windows\system32\drivers\mfewfpk.sys

2010/11/02 00:44:46.0899 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/11/02 00:44:46.0977 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/02 00:44:46.0992 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/02 00:44:47.0023 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/02 00:44:47.0039 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/11/02 00:44:47.0086 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/11/02 00:44:47.0117 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/02 00:44:47.0164 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/02 00:44:47.0226 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/11/02 00:44:47.0289 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/02 00:44:47.0367 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/02 00:44:47.0413 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/02 00:44:47.0460 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

2010/11/02 00:44:47.0523 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/11/02 00:44:47.0554 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/11/02 00:44:47.0569 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/11/02 00:44:47.0647 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/02 00:44:47.0679 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/02 00:44:47.0725 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/11/02 00:44:47.0772 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/11/02 00:44:47.0803 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/02 00:44:47.0850 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/11/02 00:44:47.0866 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/11/02 00:44:47.0959 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/02 00:44:48.0053 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/11/02 00:44:48.0100 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/02 00:44:48.0131 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/02 00:44:48.0178 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/02 00:44:48.0193 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/11/02 00:44:48.0209 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/02 00:44:48.0240 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/02 00:44:48.0334 netr28ux (7d536aacb9329fe4b21c1870e3410ba6) C:\Windows\system32\DRIVERS\netr28ux.sys

2010/11/02 00:44:48.0443 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/11/02 00:44:48.0537 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/11/02 00:44:48.0583 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/02 00:44:48.0661 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/11/02 00:44:48.0771 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/11/02 00:44:48.0802 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/11/02 00:44:48.0880 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/11/02 00:44:48.0927 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/11/02 00:44:49.0005 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/02 00:44:49.0129 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys

2010/11/02 00:44:49.0239 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys

2010/11/02 00:44:49.0301 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/11/02 00:44:49.0348 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/11/02 00:44:49.0395 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/11/02 00:44:49.0426 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2010/11/02 00:44:49.0457 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/11/02 00:44:49.0504 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/11/02 00:44:49.0613 pnarp (328b99e25901d314fdfb31f18a7e302e) C:\Windows\system32\DRIVERS\pnarp.sys

2010/11/02 00:44:49.0722 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/02 00:44:49.0753 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/11/02 00:44:49.0816 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/02 00:44:49.0847 purendis (e33ae01d03ebe68cd6a934bf52702bfd) C:\Windows\system32\DRIVERS\purendis.sys

2010/11/02 00:44:49.0987 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys

2010/11/02 00:44:50.0128 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/11/02 00:44:50.0237 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/11/02 00:44:50.0268 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/02 00:44:50.0502 R300 (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/11/02 00:44:50.0565 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/02 00:44:50.0627 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/02 00:44:50.0752 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/02 00:44:50.0814 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/02 00:44:50.0845 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/02 00:44:50.0877 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/02 00:44:50.0923 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/11/02 00:44:50.0955 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/02 00:44:51.0001 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/11/02 00:44:51.0157 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/02 00:44:51.0220 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys

2010/11/02 00:44:51.0313 RTSTOR (0851174830dafad4eacc4dd818d803d1) C:\Windows\system32\drivers\RTSTOR64.SYS

2010/11/02 00:44:51.0391 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/11/02 00:44:51.0454 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/02 00:44:51.0485 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2010/11/02 00:44:51.0516 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2010/11/02 00:44:51.0547 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/11/02 00:44:51.0610 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/11/02 00:44:51.0672 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/02 00:44:51.0703 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/02 00:44:51.0719 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/11/02 00:44:51.0766 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/11/02 00:44:51.0813 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/11/02 00:44:51.0859 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/11/02 00:44:51.0906 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/11/02 00:44:51.0969 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/11/02 00:44:52.0031 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/02 00:44:52.0093 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/02 00:44:52.0203 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/02 00:44:52.0249 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/11/02 00:44:52.0296 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/11/02 00:44:52.0421 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/11/02 00:44:52.0546 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/11/02 00:44:52.0655 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/02 00:44:52.0702 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/02 00:44:52.0733 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/11/02 00:44:52.0780 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/11/02 00:44:52.0827 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/02 00:44:52.0873 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/02 00:44:52.0998 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/02 00:44:53.0076 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/02 00:44:53.0123 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/02 00:44:53.0154 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/11/02 00:44:53.0217 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/02 00:44:53.0263 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/02 00:44:53.0326 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/11/02 00:44:53.0373 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/11/02 00:44:53.0404 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/11/02 00:44:53.0451 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/02 00:44:53.0529 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/11/02 00:44:53.0622 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/02 00:44:53.0685 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/02 00:44:53.0716 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/02 00:44:53.0763 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/02 00:44:53.0794 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2010/11/02 00:44:53.0825 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/02 00:44:53.0856 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/02 00:44:53.0903 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/02 00:44:53.0950 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/02 00:44:53.0997 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/11/02 00:44:54.0043 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/11/02 00:44:54.0106 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/11/02 00:44:54.0168 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/11/02 00:44:54.0215 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/11/02 00:44:54.0262 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/11/02 00:44:54.0309 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/11/02 00:44:54.0355 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/02 00:44:54.0371 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/02 00:44:54.0418 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/11/02 00:44:54.0480 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/02 00:44:54.0621 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/02 00:44:54.0761 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/11/02 00:44:54.0792 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/02 00:44:54.0855 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/02 00:44:54.0933 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (177590b0d2f8be513626bb8c8d6e6a08) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl

2010/11/02 00:44:55.0073 ================================================================================

2010/11/02 00:44:55.0073 Scan finished

2010/11/02 00:44:55.0073 ================================================================================

Link to post
Share on other sites

That is not a legitimate site see what I get when trying to access it

Spyware doctor is a joke to they only remove if you pay them money plus they do nothing special and in addition you get a bogged down system when you install it.

This is not caused by the infection something else is at play here.

When did the freezing start?

Link to post
Share on other sites

Thanks for the heads up! I guess it sounded too good to be true.

The PC "freezing" has really been going on for about a week. I was actually surprised that I got a Malwarebytes Full Scan to run to completion, I believe last Wednesday. That's when the log showed that message I noted in my first post:

C:\Users\Matt\AppData\Local\Temp\acmvblxhd\mhjanpidlta.exe (RogueSecurityIS) -> Quarantined and deleted successfully

Since that time, the PC has always frozen up in about 25 minutes or less when not connected to the Internet. When connected to the Internet, it freezes up in a minute or two after logging in as one of the users.

A bunch of checkdisk scans have run during this time, as I'm never able to shutdown the machine softly after it freezes - must always use the power button.

Another thing that happened before everything went bad is that last Monday (Oct. 25), I attempted to do a Windows Update for the Live Essentials software. That was a huge update, something like 150 to 170 MB, and it appeared to only get about halfway through the update when it displayed what seemed to be kind of a funky message that I had "already updated" or that this software "didn't match up" with my OS version. I can't remember exactly what it said but it obviously didn't seem to update correctly. To be honest, it's difficult to say whether or not that just happened to trash something in Vista.

Another symptom of all of this: There is now sort of a low, continuous "hum" from the speakers that didn't exist in the past. And I don't believe the volume makes any difference with this "hum".

Obviously it's all pretty frustrating...

Link to post
Share on other sites

Ok I see the chkdsk seems to indicate one of the issues I had suspected.

Since this appears to be a dell computer please reboot and select F12 you should be brought to a boot selection screen,see if one of the options is Diagnostics and select it and go through those tests.

Let me know if it finds anything or says there is a problem.

Link to post
Share on other sites

Well sure enough, that looks like some bad stuff.

Yes, it's a Dell PC - F12 gets you to a menu where you can select "Pre-boot System Assessment Build 4518".

Here's the issues from that:

******************************************

Error Code 0142.

Msg: Error Code 2000-0142

Msg: Hard Drive 0 - self test unsuccessful. Status: 79

The given error code and message can be used by Dell Technical Support to help diagnose the problem.

Do you want to continue testing? ( Yes or No or Retry ) And I selected Yes

( The test was noted as the: Hard Drive - DST Short Test )

Do you want to run the remaining memory tests? This will take about 30 minutes or more.

( I ran those and all seemed okay with those. Then there was an option where you can run an "Extended Test", and these are categorized by several types of issues that you might be experiencing. I selected "Tests for System Locks Up". )

This ran okay through several tests for awhile, such as SMBIOS - System Information, CPU/Rear Fan tests, several Cache tests, etc.

But this looks like it pinpoints a bad problem:

** SATA Disk S/N = WD-WMASY7130732 - Confidence Test

Error Code 0F00:1332

Msg: DISK - Block 33330792: Interrupt Request(IRQ) not sent in time

The given error code and message can be used by Technical Support to help diagnose the problem.

Do you want to continue testing? ( Yes or No or Retry )

This has happened for consecutive blocks, now on block 33330819, and it's taking about 10 minutes to come back with the error message for each block, so I will soon probably exit out of this testing so I don't spend the next 1 million years doing it...

********************************************

I have not yet had the chance to research these issues on the Dell website, but I can imagine it won't bring lots of good news...

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.