BSOD after each start

M

mylifeforaiur

New member
Local time
5:02 PM
Messages
17
Hello


I was playing a flash game which was beginning to lag heavily. Then the computer crashed. Since then, I get a BOSD every time i try to do something after startup (like for example starting the resource monitor. This gets me a crash everytime.). I can start firefox but after one minute or so, it will crash. I have had something like 12 BSODs now, after so many reboots.

I managed to create the dump files in safe mode, and now i can even post here, but safe mode is not 100% free of BSODs either

What I did:
- ran the memory diagnostic tool from booting the windows seven DVD. I didn't see the results though...
- tried to do a system restore in safe mode but I had a BSOD in the middle of it. The it said at the next reboot the system restore failed. Now at each reboot the computer says the system restore was effective. I seriously doubt it.
- ran the sf diag tool
- unable to get a perfmon report (is this because of safe mode?)


Specs:
Windows 7 pro 32 bit
Downloaded from MSDNAA (would thqt be OEM or retail?!)
This OS install is 6 months old. The computer I bought used from a friend, must be 5 years old, is in very good condition. Hard drive was changed with the new OS, it's 6 months old.



Any hints on what is causing this? I have not installed any new hardware or drivers recently. Memerror? Virus?

Thank you very much.

ps: ran for 25 minutes in safe mode now, that's a record tonight.

edit:
perfmon error message:An error occured while attempting to generate the report. The system cannot find the path specified.

Edit²: i also get a BSOD a shutdown, i now realize.
 
Last edited:

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
Hello,

Install SP1: Learn how to install Windows 7 Service Pack 1 (SP1)

Enable driver verifier: http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

Start on some hardware diagnostics as well:

http://www.sevenforums.com/tutorials/105647-ram-test-memtest86.html

Run all three Prime95 tests: http://www.sevenforums.com/tutorials/100352-cpu-stress-test-prime95.html

...Summary of the dumps:
Code: 
[font=lucida console]
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Tue May  3 16:53:01.484 2011 (UTC - 4:00)
System Uptime: 0 days 0:00:59.250
BUGCHECK_STR:  0xA0
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  wininit.exe
FAILURE_BUCKET_ID:  0xA0_nt!PopAllocateIrp+a0
BiosReleaseDate = 11/11/2005
SystemProductName =  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Tue May  3 16:51:06.941 2011 (UTC - 4:00)
System Uptime: 0 days 0:04:06.707
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ataport.SYS - 
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!AtaPortGetScatterGatherList+b7d )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!AtaPortGetScatterGatherList+b7d
BiosReleaseDate = 11/11/2005
SystemProductName =  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Tue May  3 16:46:15.761 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:43.511
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ataport.SYS - 
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!AtaPortGetScatterGatherList+b7d )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  WmiPrvSE.exe
FAILURE_BUCKET_ID:  0x8E_ataport!AtaPortGetScatterGatherList+b7d
BiosReleaseDate = 11/11/2005
SystemProductName =  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Tue May  3 16:41:43.952 2011 (UTC - 4:00)
System Uptime: 0 days 0:03:02.702
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ataport.SYS - 
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!AtaPortGetScatterGatherList+b7d )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x8E
PROCESS_NAME:  perfmon.exe
FAILURE_BUCKET_ID:  0x8E_ataport!AtaPortGetScatterGatherList+b7d
BiosReleaseDate = 11/11/2005
SystemProductName =  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Tue May  3 16:35:57.781 2011 (UTC - 4:00)
System Uptime: 0 days 0:04:47.281
BUGCHECK_STR:  0xA0
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  wininit.exe
FAILURE_BUCKET_ID:  0xA0_nt!PopAllocateIrp+a0
BiosReleaseDate = 11/11/2005
SystemProductName =  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16695.x86fre.win7_gdr.101026-1503
Debug session time: Tue May  3 16:07:47.359 2011 (UTC - 4:00)
System Uptime: 0 days 0:08:09.875
BUGCHECK_STR:  0xA0
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  wininit.exe
FAILURE_BUCKET_ID:  0xA0_nt!PopAllocateIrp+a0
BiosReleaseDate = 11/11/2005
SystemProductName =  
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
  
[/font]
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
Thank you. I will probably have to wait until the weekend before I can do these.

One question: do you really advise trying to install SP1 before I do anything else? I'm worried I'll probably get a Blue Screen in the middle of the installation. What would be best: install sp1 in safe mode with networking enabled, or burning an iso of it from my laptop?
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
I wouldn't worry about it, personally. You should be able to install it normally, and if it fails, try again.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
Running windows update crashes the pc

No windows update in safe mode.

Great!!!! :D

I'm downloading from download center, wish me good luck.
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
Good luck!

A friend looked at this thread and wondered if your problems may be caused by a rootkit. Try running Malwarebytes in Safe Mode. It most likely won't cure whatever problems you're having (though there's a chance), but if it shows infections, it may confirm our suspicions.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
I can't install SP1. When the installation process needs to restart, a BSOD occurs when shutting down (as it always does). Then the system reverts the changes with the next start.

I use Malwarebytes regularly, I'll do a scan right away.
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
Your friend was right:

Code: 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6508

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

04.05.2011 23:35:47
mbam-log-2011-05-04 (23-35-31).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 234712
Time elapsed: 16 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.

Files Infected:
c:\Users\Adrien\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\9986VF1F\load[1].htm (Rootkit.TDSS.Gen) -> No action taken.
c:\Users\Adrien\AppData\LocalLow\Sun\Java\deployment\cache\6.0\42\62f28eea-24e20c0e (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\Temp\0.13306498612903617.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\0.29983778702970043.exe (Trojan.Dropper) -> No action taken.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken.
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
Run Malwarebytes again, this time having it clean everything it finds. Please post the resulting log here, and we'll go from there.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
There seems to be no automatic cleaning in Malwarebytes. I quarantined and deleted the threats after the last scan.

New scan is clean: (I added my thumb drive in the mix)

Code: 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6514

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

05.05.2011 20:05:45
mbam-log-2011-05-05 (20-05-45).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 234183
Time elapsed: 16 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
Ran the utility 3 times:
- one time in safe mode, detected the rootkit and a forged file, bsod at shutdown, at reboot no action done
- another time, same result, no bsod this time so file was deleted and system rebooted in normal mode
- a third check in normal mode to be sure, this time the rootkit is gone.

report:
Code: 
2011/05/06 07:46:23.0872 3208    TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/06 07:46:24.0012 3208    ================================================================================
2011/05/06 07:46:24.0012 3208    SystemInfo:
2011/05/06 07:46:24.0012 3208    
2011/05/06 07:46:24.0012 3208    OS Version: 6.1.7600 ServicePack: 0.0
2011/05/06 07:46:24.0012 3208    Product type: Workstation
2011/05/06 07:46:24.0012 3208    ComputerName: ADRIEN-PC
2011/05/06 07:46:24.0012 3208    UserName: Adrien
2011/05/06 07:46:24.0012 3208    Windows directory: C:\Windows
2011/05/06 07:46:24.0012 3208    System windows directory: C:\Windows
2011/05/06 07:46:24.0012 3208    Processor architecture: Intel x86
2011/05/06 07:46:24.0012 3208    Number of processors: 1
2011/05/06 07:46:24.0012 3208    Page size: 0x1000
2011/05/06 07:46:24.0012 3208    Boot type: Normal boot
2011/05/06 07:46:24.0012 3208    ================================================================================
2011/05/06 07:46:24.0622 3208    Initialize success
2011/05/06 07:46:27.0450 1184    ================================================================================
2011/05/06 07:46:27.0450 1184    Scan started
2011/05/06 07:46:27.0450 1184    Mode: Manual; 
2011/05/06 07:46:27.0450 1184    ================================================================================
2011/05/06 07:46:28.0528 1184    1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys
2011/05/06 07:46:28.0590 1184    ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys
2011/05/06 07:46:28.0637 1184    AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys
2011/05/06 07:46:28.0715 1184    adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/06 07:46:28.0731 1184    adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/06 07:46:28.0793 1184    adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/06 07:46:28.0872 1184    AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/06 07:46:28.0918 1184    agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/06 07:46:28.0981 1184    aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/06 07:46:29.0106 1184    ALCXWDM         (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
2011/05/06 07:46:29.0215 1184    aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/06 07:46:29.0278 1184    amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/06 07:46:29.0325 1184    amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/06 07:46:29.0403 1184    AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/06 07:46:29.0450 1184    AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/06 07:46:29.0497 1184    amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys
2011/05/06 07:46:29.0559 1184    amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/06 07:46:29.0606 1184    amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys
2011/05/06 07:46:29.0668 1184    AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/06 07:46:29.0762 1184    arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/06 07:46:29.0793 1184    arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/06 07:46:29.0887 1184    AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/06 07:46:29.0934 1184    atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/06 07:46:30.0028 1184    athr            (c910b8ebe20289565a55d9b8904e1563) C:\Windows\system32\DRIVERS\athr.sys
2011/05/06 07:46:30.0153 1184    b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/06 07:46:30.0200 1184    b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/06 07:46:30.0247 1184    Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/06 07:46:30.0325 1184    blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/06 07:46:30.0372 1184    bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/06 07:46:30.0403 1184    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/06 07:46:30.0434 1184    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/06 07:46:30.0481 1184    Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/06 07:46:30.0497 1184    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/06 07:46:30.0543 1184    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/06 07:46:30.0575 1184    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/06 07:46:30.0606 1184    BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/06 07:46:30.0668 1184    cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/06 07:46:30.0731 1184    cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\drivers\cdrom.sys
2011/05/06 07:46:30.0809 1184    circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/06 07:46:30.0856 1184    CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/06 07:46:30.0918 1184    CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/06 07:46:30.0950 1184    cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/06 07:46:31.0012 1184    CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/06 07:46:31.0106 1184    Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/06 07:46:31.0168 1184    CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/06 07:46:31.0231 1184    crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/06 07:46:31.0309 1184    CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/06 07:46:31.0403 1184    DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/06 07:46:31.0465 1184    discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/06 07:46:31.0512 1184    Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/06 07:46:31.0575 1184    drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/06 07:46:31.0637 1184    DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/06 07:46:31.0747 1184    ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/06 07:46:31.0856 1184    elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/06 07:46:31.0918 1184    ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/06 07:46:31.0997 1184    exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/06 07:46:32.0043 1184    fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/06 07:46:32.0106 1184    fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/06 07:46:32.0168 1184    FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/06 07:46:32.0200 1184    Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/06 07:46:32.0247 1184    flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/06 07:46:32.0293 1184    FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/06 07:46:32.0340 1184    FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/06 07:46:32.0403 1184    Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/06 07:46:32.0481 1184    fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/06 07:46:32.0543 1184    gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/06 07:46:32.0637 1184    hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/06 07:46:32.0684 1184    HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/06 07:46:32.0731 1184    HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/06 07:46:32.0747 1184    HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/06 07:46:32.0793 1184    HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/06 07:46:32.0856 1184    HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\drivers\hidusb.sys
2011/05/06 07:46:32.0934 1184    HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/06 07:46:33.0012 1184    HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/06 07:46:33.0059 1184    hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/06 07:46:33.0122 1184    i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/06 07:46:33.0215 1184    iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
2011/05/06 07:46:33.0309 1184    iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/06 07:46:33.0387 1184    intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/06 07:46:33.0434 1184    intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/06 07:46:33.0481 1184    IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/06 07:46:33.0543 1184    IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/06 07:46:33.0590 1184    IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/06 07:46:33.0637 1184    IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/06 07:46:33.0684 1184    isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/06 07:46:33.0747 1184    iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys
2011/05/06 07:46:33.0825 1184    kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/06 07:46:33.0887 1184    kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\drivers\kbdhid.sys
2011/05/06 07:46:33.0965 1184    KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/06 07:46:34.0043 1184    KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/06 07:46:34.0153 1184    lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/06 07:46:34.0231 1184    LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/06 07:46:34.0262 1184    LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/06 07:46:34.0293 1184    LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/06 07:46:34.0340 1184    LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/06 07:46:34.0387 1184    luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/06 07:46:34.0434 1184    megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/06 07:46:34.0481 1184    MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/06 07:46:34.0528 1184    Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/06 07:46:34.0559 1184    monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/06 07:46:34.0622 1184    mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/05/06 07:46:34.0684 1184    mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/06 07:46:34.0715 1184    mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/06 07:46:34.0809 1184    MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/06 07:46:34.0856 1184    mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys
2011/05/06 07:46:35.0043 1184    MpKsl2ba21a99   (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl2ba21a99.sys
2011/05/06 07:46:35.0059 1184    Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl2ba21a99.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
2011/05/06 07:46:35.0075 1184    MpKsl2ba21a99 - detected ForgedFile.Multi.Generic (1)
2011/05/06 07:46:35.0153 1184    MpKsl433f0822   (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl433f0822.sys
2011/05/06 07:46:35.0278 1184    MpKsl8d31a349   (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl8d31a349.sys
2011/05/06 07:46:35.0497 1184    MpNWMon         (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/06 07:46:35.0559 1184    mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/06 07:46:35.0606 1184    MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/06 07:46:35.0700 1184    mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/06 07:46:35.0747 1184    mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/06 07:46:35.0825 1184    mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/06 07:46:35.0887 1184    msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
2011/05/06 07:46:35.0934 1184    msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
2011/05/06 07:46:36.0043 1184    Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/06 07:46:36.0090 1184    mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/06 07:46:36.0137 1184    msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/06 07:46:36.0215 1184    MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/06 07:46:36.0278 1184    MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/06 07:46:36.0293 1184    MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/06 07:46:36.0340 1184    MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/06 07:46:36.0387 1184    mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/06 07:46:36.0403 1184    MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/06 07:46:36.0434 1184    MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/06 07:46:36.0465 1184    Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/06 07:46:36.0543 1184    NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/06 07:46:36.0606 1184    NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/06 07:46:36.0668 1184    NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/06 07:46:36.0700 1184    NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/06 07:46:36.0747 1184    Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/06 07:46:36.0809 1184    NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/06 07:46:36.0856 1184    NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/06 07:46:36.0918 1184    NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/06 07:46:36.0950 1184    NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/06 07:46:37.0090 1184    nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/06 07:46:37.0137 1184    NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/06 07:46:37.0215 1184    Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/06 07:46:37.0262 1184    nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/06 07:46:37.0340 1184    Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/05/06 07:46:37.0418 1184    Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/06 07:46:37.0497 1184    NVENETFD        (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/06 07:46:37.0731 1184    nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/06 07:46:37.0840 1184    nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys
2011/05/06 07:46:37.0887 1184    nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys
2011/05/06 07:46:37.0997 1184    nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/06 07:46:38.0059 1184    ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/06 07:46:38.0153 1184    Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/06 07:46:38.0184 1184    partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/06 07:46:38.0247 1184    Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/06 07:46:38.0293 1184    pavboot         (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2011/05/06 07:46:38.0340 1184    pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\drivers\pci.sys
2011/05/06 07:46:38.0465 1184    pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/06 07:46:38.0497 1184    pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/06 07:46:38.0543 1184    pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/06 07:46:38.0590 1184    PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/06 07:46:38.0731 1184    PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/06 07:46:38.0778 1184    Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/06 07:46:38.0856 1184    Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/06 07:46:38.0918 1184    ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/06 07:46:38.0981 1184    ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/06 07:46:39.0028 1184    QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/06 07:46:39.0059 1184    RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/06 07:46:39.0106 1184    RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/06 07:46:39.0168 1184    Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/06 07:46:39.0231 1184    RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/06 07:46:39.0278 1184    RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/06 07:46:39.0340 1184    rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/06 07:46:39.0403 1184    rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/06 07:46:39.0434 1184    RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/06 07:46:39.0497 1184    RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/06 07:46:39.0575 1184    RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/06 07:46:39.0606 1184    RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/06 07:46:39.0653 1184    RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/06 07:46:39.0715 1184    rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/06 07:46:39.0840 1184    rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/06 07:46:39.0887 1184    s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\drivers\vms3cap.sys
2011/05/06 07:46:39.0965 1184    sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys
2011/05/06 07:46:40.0028 1184    scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/06 07:46:40.0090 1184    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/06 07:46:40.0168 1184    Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/06 07:46:40.0200 1184    Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/06 07:46:40.0247 1184    sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/06 07:46:40.0340 1184    sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/06 07:46:40.0387 1184    sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/06 07:46:40.0434 1184    sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/06 07:46:40.0481 1184    sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/06 07:46:40.0543 1184    sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/06 07:46:40.0590 1184    SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/06 07:46:40.0622 1184    SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/06 07:46:40.0668 1184    Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/06 07:46:40.0747 1184    spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/06 07:46:40.0840 1184    srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/06 07:46:40.0903 1184    srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/06 07:46:40.0981 1184    srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/06 07:46:41.0090 1184    stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/06 07:46:41.0168 1184    storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/06 07:46:41.0247 1184    storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\drivers\storvsc.sys
2011/05/06 07:46:41.0309 1184    swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/06 07:46:41.0418 1184    Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/06 07:46:41.0528 1184    TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/06 07:46:41.0590 1184    tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/06 07:46:41.0637 1184    TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/06 07:46:41.0684 1184    TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/06 07:46:41.0731 1184    tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/06 07:46:41.0809 1184    TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\drivers\termdd.sys
2011/05/06 07:46:41.0918 1184    tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/06 07:46:41.0997 1184    tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/06 07:46:42.0059 1184    uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/06 07:46:42.0106 1184    udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/06 07:46:42.0215 1184    uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/06 07:46:42.0293 1184    umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\drivers\umbus.sys
2011/05/06 07:46:42.0340 1184    UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/06 07:46:42.0418 1184    usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/05/06 07:46:42.0481 1184    usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\drivers\usbccgp.sys
2011/05/06 07:46:42.0543 1184    usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/06 07:46:42.0606 1184    usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/06 07:46:42.0653 1184    usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\drivers\usbhub.sys
2011/05/06 07:46:42.0731 1184    usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/06 07:46:42.0778 1184    usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/06 07:46:42.0825 1184    USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/06 07:46:42.0856 1184    usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/06 07:46:42.0918 1184    vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/06 07:46:42.0965 1184    vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/06 07:46:43.0012 1184    VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/06 07:46:43.0059 1184    vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys
2011/05/06 07:46:43.0137 1184    viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/06 07:46:43.0184 1184    ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/06 07:46:43.0231 1184    viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/06 07:46:43.0325 1184    vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\drivers\vmbus.sys
2011/05/06 07:46:43.0403 1184    VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/06 07:46:43.0450 1184    volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys
2011/05/06 07:46:43.0512 1184    volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/06 07:46:43.0575 1184    volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\drivers\volsnap.sys
2011/05/06 07:46:43.0637 1184    vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/06 07:46:43.0700 1184    vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/06 07:46:43.0762 1184    vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/06 07:46:43.0825 1184    WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/06 07:46:43.0856 1184    WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/06 07:46:43.0903 1184    Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/06 07:46:43.0981 1184    Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/06 07:46:44.0028 1184    Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/06 07:46:44.0137 1184    WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/06 07:46:44.0168 1184    WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/06 07:46:44.0309 1184    WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/06 07:46:44.0403 1184    ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/06 07:46:44.0481 1184    WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/06 07:46:44.0559 1184    WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/06 07:46:44.0778 1184    ================================================================================
2011/05/06 07:46:44.0778 1184    Scan finished
2011/05/06 07:46:44.0778 1184    ================================================================================
2011/05/06 07:46:44.0793 0412    Detected object count: 1
2011/05/06 07:46:52.0872 0412    MpKsl2ba21a99   (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl2ba21a99.sys
2011/05/06 07:46:52.0872 0412    Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl2ba21a99.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
2011/05/06 07:46:52.0872 0412    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{849E9EBA-3162-4EF3-83AF-BDE4C00B11D6}\MpKsl2ba21a99.sys - copied to quarantine
2011/05/06 07:46:52.0918 0412    ForgedFile.Multi.Generic(MpKsl2ba21a99) - User select action: Quarantine 
2011/05/06 07:46:57.0965 3520    Deinitialize success
I would carry on but i need to go to work. :(

Thanks so far. :) I might be away during the weekend
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
That "forged file" is nothing to worry about; that's a false positive.

Let's watch to see if the problems persist...hopefully, that will be the end!
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
(Posting from work, no access to my system)

Cool! I already managed to shut down the pc without getting a BSOD so it looks like it's gonna be better now. I'll test everything when I get back home, that might be on monday.

I really need to think of where the gaping hole in my protection is though, this is the third virus in about 3 months. I'm using microsoft security essentials right now.
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
Microsoft Security Essentials is a good free one; I will probably go back to that after my ESET subscription runs out. If you're looking for a recommendation on a good paid program, my vote would be cast for ESET.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
The Blue Screens are all gone now, and Malwarebytes, MSE and Bitdefender onlinescan all indicate no threats, so everything seems solved here. Anything else I should check?

Thanks a lot for your help! :)
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
New threat....

Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software.
For more information please see the following:
Encyclopedia entry: Trojan:Win32/Coremhead - Learn more about malware - Microsoft Malware Protection Center
Name: Trojan:Win32/Coremhead
ID: 2147624664
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\56e05429-739564fe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: Adrien-PC\Adrien
Process Name: Unknown
Action: Remove
Action Status: No additional actions required
Signature Version: AV: 1.103.1373.0, AS: 1.103.1373.0, NIS: 9.146.0.0
Engine Version: AM: 1.1.6802.0, NIS: 2.0.5854.0


I just keep wondering where all that **** comes from.


I also have this other issue: http://www.sevenforums.com/network-...site-cant-opened-then-firefox-hangs-exit.html

Sorry if this is getting a little bit out of topic. edit: maybe i should make a new thread in the trojan section of the forum?
 

My Computer

OS
Windows 7 Professional 32bit
CPU
Athlon 64 3800+
Motherboard
ABIT KN8 SLI
Memory
2GB
Graphics Card(s)
Geforce7900
It may be a good idea to create a new thread in the Security forum; we'll see.

If you're sure you're visiting only safe sites, the problem must be coming from either another computer on the network, or is still buried in the OS. Try restricting yourself for a few days; visit only reputable sites such as Google, Facebook, Youtube, and whatever else you determine is low-risk. High-risk sites include "adult", torrent, crack/keygen, free music/movies, games, etc.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
You must log in or register to reply here.
Back
Top