TechSpot

Several viruses took out internet, desktop, drives and who knows what else ugh!

By jrod4571
Mar 29, 2012
  1. I got a phoney virus scan which I could not stop in time. My desk top went black, my hard drives were gone and I could not access internet. I had microsoft essentials running but it could not remove infection. I managed to get my desktop and drives back using "unhide", and used Dr Web which listed several rootkits and trojoans, holy cow!!. managed to getrid of most of it, but I'm stuck. No internet connection though host shows "available" . Device Manager is a train wreck
    Help would be appreciated. Currently using wifes pc for this.
    JRod

    Ran Microsoft Safety Scanner and got the following:
    Found Java/Blacole.ET
    Java/cve.2012-05-07.D
    Win32/Fakesysdef
    Trojandownloader: WIN32/Obvod.K

    All deleted, rebooted and scanning again
    also found
    virtool:win32/Obfuscator.PC , which was detected but not deleted.
    still no fix regarding device manager
    Thanks
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.01.31.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Johnny Rod :: JOHNNYROD-PC [administrator]

    3/29/2012 9:36:10 PM
    mbam-log-2012-03-29 (21-36-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199288
    Time elapsed: 1 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-29 21:47:38
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000064 SAMSUNG_ rev.CXM0
    Running: dpfjevuf.exe; Driver: C:\Users\JOHNNY~1\AppData\Local\Temp\axddyuob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 890486E0
    Device \FileSystem\Ntfs \Ntfs 88FED0D0
    Device \FileSystem\Ntfs \Ntfs 88E811F0
    Device \FileSystem\Ntfs \Ntfs 88AA3170
    Device \FileSystem\Ntfs \Ntfs 88D7AC50

    AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat dwprot.sys
    AttachedDevice \Driver\tdx \Device\Ip dwprot.sys
    AttachedDevice \Driver\tdx \Device\Tcp dwprot.sys
    AttachedDevice \Driver\tdx \Device\Udp dwprot.sys
    AttachedDevice \Driver\tdx \Device\RawIp dwprot.sys

    ---- EOF - GMER 1.0.15 ----
     
  5. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Johnny Rod at 21:50:25 on 2012-03-29
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3325.2472 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    G:\Program Files\SUPERantispyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
    G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkASv2K.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    G:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.foxnews.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - g:\program files\java\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\bin\jp2ssv.dll
    uRun: [Verizon Media Manager] c:\program files\verizon\verizon media manager\release\Verizon Media Manager.exe 0
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [SUPERAntiSpyware] g:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [PPort11reminder] "g:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
    mRun: [PS121v2] "c:\program files\netgear\ps121v2\PS121v2.exe" /hide
    mRun: [MRUTray] c:\program files\marvell\raid\tray\MarvellTray.exe
    mRun: [UVS10 Preload] g:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Garmin Lifetime Updater] g:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
    mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\johnny~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\samsung ssd magician\Samsung SSD Magician.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B1EC83AA-DA16-4F69-B448-DA053D423864} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: !SASWinLogon - g:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - g:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-13 20008]
    R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2009-11-5 255016]
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-12-19 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-12-19 12464]
    R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-12-19 18544]
    R1 SASDIFSV;SASDIFSV;g:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;g:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;g:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AODDriver4.1;AODDriver4.1;g:\program files\amd\overdrive\i386\AODDriver2.sys [2011-10-14 39936]
    R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\raid\svc\mvraidsvc.exe [2009-10-13 151552]
    R2 MRUWebService;MRU Web Service;c:\program files\marvell\raid\apache2\bin\httpd.exe [2008-6-12 24635]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
    R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2012-1-7 13824]
    R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2012-1-7 35840]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 64904]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 146568]
    R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-19 30392]
    RUnknown DwProt;DwProt; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2011-12-19 24944]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-19 15872]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-24 393320]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-19 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-19 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2012-03-30 01:12:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d3323c31-8a9b-4b05-8554-c099a744ead1}\offreg.dll
    2012-03-29 04:49:05 -------- d-----w- c:\users\johnny rod\appdata\roaming\SUPERAntiSpyware.com
    2012-03-29 04:48:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-29 04:46:37 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-29 04:13:52 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-03-29 03:17:59 -------- d-----w- c:\users\johnny rod\appdata\local\temp
    2012-03-29 02:35:09 98816 ----a-w- c:\windows\sed.exe
    2012-03-29 02:35:09 518144 ----a-w- c:\windows\SWREG.exe
    2012-03-29 02:35:09 256000 ----a-w- c:\windows\PEV.exe
    2012-03-29 02:35:09 208896 ----a-w- c:\windows\MBR.exe
    2012-03-28 23:24:57 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-27 18:32:53 -------- d-----w- c:\users\johnny rod\DoctorWeb
    2012-03-14 18:13:02 -------- d-----w- c:\program files\iPod
    2012-03-13 18:49:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-13 18:49:04 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-11 15:04:53 -------- d-----w- c:\users\johnny rod\appdata\local\WBFSManager
    2012-03-11 14:17:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
    2012-03-04 18:50:26 -------- d-----w- c:\users\johnny rod\appdata\roaming\Catalina Marketing Corp
    2012-03-04 18:50:25 485576 ----a-w- c:\users\johnny rod\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe
    2012-03-03 23:35:53 -------- d-----w- c:\program files\VideoLAN
    2012-02-29 17:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    ==================== Find3M ====================
    .
    2012-03-29 04:28:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-28 23:26:58 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
    2012-03-25 18:16:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-12 21:50:17 17488 ----a-w- c:\windows\gdrv.sys
    2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-29 23:59:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-29 23:59:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-29 23:59:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-29 23:59:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-29 23:59:00 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-29 23:59:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-29 23:59:00 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-22 22:58:20 71072 ----a-w- c:\windows\CouponPrinter.ocx
    2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 22:06:54 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-01-19 22:00:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-01-18 10:44:28 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2012-01-18 10:44:26 196896 ----a-w- c:\windows\system32\lvci13311044.dll
    2012-01-18 10:44:00 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
    2012-01-18 10:44:00 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
    2012-01-18 10:44:00 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-01 03:42:20 249856 ------w- c:\windows\Setup1.exe
    2012-01-01 03:42:19 73216 ----a-w- c:\windows\ST6UNST.EXE
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: SAMSUNG_ rev.CXM0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
    c:\windows\system32\drivers\amdxata.sys Advanced Micro Devices Stor Filter Driver
    c:\windows\system32\drivers\amdsata.sys Advanced Micro Devices AHCI 1.2 Device Driver
    1 ntkrnlpa!IofCallDriver[0x8383955A] -> \Device\Harddisk0\DR0[0x871F7030]
    3 CLASSPNP[0x8CC6659E] -> ntkrnlpa!IofCallDriver[0x8383955A] -> [0x86CA7C80]
    5 amdxata[0x8457D6B3] -> ntkrnlpa!IofCallDriver[0x8383955A] -> [0x86CA5930]
    7 ACPI[0x83F293D4] -> ntkrnlpa!IofCallDriver[0x8383955A] -> \Device\00000064[0x86C9E030]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    sectors 125045422 (+255): user != kernel
    .
    ============= FINISH: 21:50:40.19 ===============
     
  6. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/19/2011 5:23:22 PM
    System Uptime: 3/29/2012 9:11:53 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-880GM-USB3
    Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3214/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 60 GiB total, 19.411 GiB free.
    D: is Removable
    F: is FIXED (NTFS) - 233 GiB total, 204.555 GiB free.
    G: is FIXED (NTFS) - 149 GiB total, 116.62 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 41.477 GiB free.
    I: is FIXED (NTFS) - 190 GiB total, 182.539 GiB free.
    J: is Removable
    K: is Removable
    L: is Removable
    M: is Removable
    N: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
    Description: AOC V22
    Device ID: DISPLAY\AOC2200\5&5921B6E&0&UID1048848
    Manufacturer: AOC International (Europe) GmbH
    Name: AOC V22
    PNP Device ID: DISPLAY\AOC2200\5&5921B6E&0&UID1048848
    Service: monitor
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: PEAUTH
    Device ID: ROOT\LEGACY_PEAUTH\0000
    Manufacturer:
    Name: PEAUTH
    PNP Device ID: ROOT\LEGACY_PEAUTH\0000
    Service: PEAUTH
    .
    Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
    Description: Texas Instruments 1394 OHCI Compliant Host Controller
    Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_10001458&REV_00\4&35E69562&0&70A4
    Manufacturer: Texas Instruments
    Name: Texas Instruments 1394 OHCI Compliant Host Controller
    PNP Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_10001458&REV_00\4&35E69562&0&70A4
    Service: 1394ohci
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: High Definition Audio Controller
    Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_A1021458&REV_00\3&18D45AA6&0&A2
    Manufacturer: Microsoft
    Name: High Definition Audio Controller
    PNP Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_A1021458&REV_00\3&18D45AA6&0&A2
    Service: HDAudBus
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: msisadrv
    Device ID: ROOT\LEGACY_MSISADRV\0000
    Manufacturer:
    Name: msisadrv
    PNP Device ID: ROOT\LEGACY_MSISADRV\0000
    Service: msisadrv
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Virtual Machine Bus
    Device ID: ROOT\LEGACY_VMBUS\0000
    Manufacturer:
    Name: Virtual Machine Bus
    PNP Device ID: ROOT\LEGACY_VMBUS\0000
    Service: vmbus
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Composite Bus Enumerator
    Device ID: ROOT\COMPOSITEBUS\0000
    Manufacturer: Microsoft
    Name: Composite Bus Enumerator
    PNP Device ID: ROOT\COMPOSITEBUS\0000
    Service: CompositeBus
    .
    Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Description: AMD Processor
    Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_0
    Manufacturer: Advanced Micro Devices
    Name: AMD Phenom(tm) II X4 955 Processor
    PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_0
    Service: AmdPPM
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: UMBus Root Bus Enumerator
    Device ID: ROOT\UMBUS\0000
    Manufacturer: Microsoft
    Name: UMBus Root Bus Enumerator
    PNP Device ID: ROOT\UMBUS\0000
    Service: umbus
    .
    Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Description: AMD Processor
    Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_1
    Manufacturer: Advanced Micro Devices
    Name: AMD Phenom(tm) II X4 955 Processor
    PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_1
    Service: AmdPPM
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual Drive Enumerator Driver
    Device ID: ROOT\VDRVROOT\0000
    Manufacturer: (Standard system devices)
    Name: Microsoft Virtual Drive Enumerator Driver
    PNP Device ID: ROOT\VDRVROOT\0000
    Service: vdrvroot
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&2BE2F00&0&0050
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&2BE2F00&0&0050
    Service: RTL8167
    .
    Class GUID: {aed279d9-7dd0-49ab-8024-4f65418531fb}
    Description: USB Virtualization Connector Driver
    Device ID: ROOT\VMUSBCONNECTOR\0000
    Manufacturer: (Standard system devices)
    Name: USB Virtualization Connector Driver
    PNP Device ID: ROOT\VMUSBCONNECTOR\0000
    Service: vpcusb
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Virtual PC Host Bus Driver
    Device ID: ROOT\VPCBUS\0000
    Manufacturer: Microsoft
    Name: Virtual PC Host Bus Driver
    PNP Device ID: ROOT\VPCBUS\0000
    Service: vpcbus
    .
    Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Description: AMD Processor
    Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_2
    Manufacturer: Advanced Micro Devices
    Name: AMD Phenom(tm) II X4 955 Processor
    PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_2
    Service: AmdPPM
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: SCSI\CDROM&VEN_ATAPI&PROD_IHBS112___2\4&D21DEFA&0&060000
    Manufacturer: (Standard CD-ROM drives)
    Name: CD-ROM Drive
    PNP Device ID: SCSI\CDROM&VEN_ATAPI&PROD_IHBS112___2\4&D21DEFA&0&060000
    Service: cdrom
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: PCI standard ISA bridge
    Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_00\3&18D45AA6&0&A3
    Manufacturer: (Standard system devices)
    Name: PCI standard ISA bridge
    PNP Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_00\3&18D45AA6&0&A3
    Service: msisadrv
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_CDDVDW_SH-S223C\4&D21DEFA&0&030000
    Manufacturer: (Standard CD-ROM drives)
    Name: TSSTcorp CDDVDW SH-S223C SATA CdRom Device
    PNP Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_CDDVDW_SH-S223C\4&D21DEFA&0&030000
    Service: cdrom
    .
    Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Description: AMD Processor
    Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_3
    Manufacturer: Advanced Micro Devices
    Name: AMD Phenom(tm) II X4 955 Processor
    PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_3
    Service: AmdPPM
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Disk Virtual Machine Bus Acceleration Filter Driver
    Device ID: ROOT\LEGACY_STORFLT\0000
    Manufacturer:
    Name: Disk Virtual Machine Bus Acceleration Filter Driver
    PNP Device ID: ROOT\LEGACY_STORFLT\0000
    Service: storflt
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: USBSTOR\CDROM&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_2.18\0000060505128913&1
    Manufacturer: (Standard CD-ROM drives)
    Name: SanDisk U3 Cruzer Micro USB Device
    PNP Device ID: USBSTOR\CDROM&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_2.18\0000060505128913&1
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    RP19: 3/28/2012 11:44:37 PM - Removed Java(TM) 6 Update 30
    RP20: 3/28/2012 11:45:23 PM - Removed JavaFX 2.0.2
    RP21: 3/28/2012 11:55:10 PM - Removed Java(TM) 7 Update 2
    RP22: 3/29/2012 12:28:22 AM - Installed Java(TM) 6 Update 31
    .
    ==== Installed Programs ======================
    .
    @BIOS
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    AMD USB Filter Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV and Media Player 3.1.1.12
    AutoGreen B10.1021.1
    Bonjour
    Brother MFL-Pro Suite MFC-290C
    CameraHelperMsi
    CD Recovery Toolbox Free 1.1
    Coupon Printer for Windows
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DriverUpdate
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Print CD
    EPSON Printer Software
    erLT
    FormatFactory 2.90
    Garmin Lifetime Updater
    Garmin USB Drivers
    High-Definition Video Playback
    ImgBurn
    iSEEK AnswerWorks English Runtime
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marvell MRU V4
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser (KB973685)
    Nero 11
    Nero 11 Cliparts
    Nero 11 Disc Menus 1
    Nero 11 Disc Menus 2
    Nero 11 Disc Menus 3
    Nero 11 Disc Menus Basic
    Nero 11 Effects Basic
    Nero 11 Image Samples
    Nero 11 InfoTool
    Nero 11 Kwik Themes 1
    Nero 11 Kwik Themes 2
    Nero 11 Kwik Themes Basic
    Nero 11 PiP Effects Basic
    Nero 11 Video Samples
    Nero Audio Pack 1
    Nero BackItUp 11
    Nero BackItUp 11 Help (CHM)
    Nero Backup Drivers
    Nero Burning ROM 11
    Nero Burning ROM 11 Help (CHM)
    Nero ControlCenter 11
    Nero ControlCenter 11 Help (CHM)
    Nero Core Components 11
    Nero CoverDesigner 11
    Nero CoverDesigner 11 Help (CHM)
    Nero Express 11
    Nero Express 11 Help (CHM)
    Nero InfoTool 11
    Nero InfoTool 11 Help (CHM)
    Nero Kwik Media
    Nero Kwik Media Help (CHM)
    Nero Recode 11
    Nero Recode 11 Help (CHM)
    Nero RescueAgent 11
    Nero RescueAgent 11 Help (CHM)
    Nero SoundTrax 11
    Nero SoundTrax 11 Help (CHM)
    Nero Update
    Nero Video 11
    Nero Video 11 Help (CHM)
    Nero WaveEditor 11
    Nero WaveEditor 11 Help (CHM)
    nero.prerequisites.msi
    NetGear PS121v2
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Drivers
    NVIDIA Graphics Driver 296.10
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA Update 1.7.11
    ON_OFF Charge B11.0110.1
    ooVoo
    Picasa 3
    QuickBooks Premier: Accountant Edition 2007
    QuickBooks Product Listing Service
    Quicken 2011
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    RealUpgrade 1.1
    Redist
    Renesas Electronics USB 3.0 Host Controller Driver
    Samsung SSD Magician
    SAMSUNG USB Driver for Mobile Phones
    ScanSoft PaperPort 11
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Stellarium 0.11.1
    StreamTransport version: 1.0.2.2171
    SUPERAntiSpyware
    Ulead VideoStudio SE DVD
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    USB2.0 Capture Device
    Verizon Media Manager
    VLC media player 1.1.5
    Vuze
    WBFS Manager 3.0
    WBFS to ISO
    welcome
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/29/2012 9:23:08 PM, Error: Microsoft Antimalware [2001] -
    3/29/2012 9:12:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom msisadrv storflt vdrvroot vmbus
    3/29/2012 9:12:09 PM, Error: Service Control Manager [7023] - The Apache2 service terminated with the following error: The specified module could not be found.
    3/29/2012 9:12:09 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
    3/29/2012 12:09:09 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/28/2012 8:40:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/28/2012 8:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    3/28/2012 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    3/28/2012 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/28/2012 8:30:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/28/2012 8:30:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/28/2012 8:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/28/2012 8:30:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/28/2012 8:30:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger cdrom discache ElbyCDIO MpFilter msisadrv spldr storflt vdrvroot vmbus vpcvmm Wanarpv6
    3/28/2012 8:30:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 7:27:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/28/2012 7:27:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    3/28/2012 3:59:34 PM, Error: Service Control Manager [7023] - The NtMtlFax service terminated with the following error: Access is denied.
    3/28/2012 3:56:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 11:13:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    3/28/2012 11:13:11 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/28/2012 11:13:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    3/28/2012 10:35:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    3/28/2012 1:34:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/28/2012 1:34:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/28/2012 1:34:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
    3/28/2012 1:34:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x864fa990, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger cdrom CSC DfsC discache ElbyCDIO MpFilter msisadrv NetBIOS NetBT nsiproxy Psched rdbss spldr storflt tdx vdrvroot vmbus vpcnfltr vpcvmm Wanarpv6 WfpLwf
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The MRU Web Service service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/28/2012 1:25:38 PM, Error: Service Control Manager [7023] - The Tm_cfw service terminated with the following error: Access is denied.
    3/28/2012 1:24:41 PM, Error: Service Control Manager [7024] - The MRU Web Service service terminated with service-specific error Incorrect function..
    3/28/2012 1:24:41 PM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The service has returned a service-specific error code.
    3/28/2012 1:24:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xa7078000, 0x00000000, 0x8a10158a, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032812-30966-01.
    3/28/2012 1:17:33 AM, Error: Service Control Manager [7023] - The Minilog service terminated with the following error: Access is denied.
    3/28/2012 1:02:46 AM, Error: Service Control Manager [7023] - The Wintabservice service terminated with the following error: Access is denied.
    3/27/2012 8:08:10 PM, Error: Service Control Manager [7023] - The S616unic service terminated with the following error: Access is denied.
    3/27/2012 7:13:42 PM, Error: Service Control Manager [7023] - The Vci service terminated with the following error: Access is denied.
    3/27/2012 6:48:40 PM, Error: Service Control Manager [7023] - The Elnkservice service terminated with the following error: Access is denied.
    3/27/2012 2:59:40 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
    3/27/2012 2:30:05 PM, Error: Service Control Manager [7023] - The SeratoUsb service terminated with the following error: Access is denied.
    3/27/2012 11:40:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom msisadrv spldr storflt vdrvroot vmbus
    3/27/2012 11:39:58 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    3/27/2012 11:39:58 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    3/27/2012 11:33:56 AM, Error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: Access is denied.
    3/27/2012 11:30:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/27/2012 11:30:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/27/2012 11:03:10 AM, Error: Service Control Manager [7023] - The Vzfw service terminated with the following error: Access is denied.
    3/27/2012 10:48:05 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the path specified.
    3/27/2012 10:47:50 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    3/27/2012 10:46:06 AM, Error: Service Control Manager [7023] - The GTWModem service terminated with the following error: Access is denied.
    3/27/2012 10:45:06 AM, Error: Service Control Manager [7023] - The Venturi2 service terminated with the following error: Access is denied.
    3/26/2012 5:09:04 PM, Error: Ntfs [137] - The default transaction resource manager on volume O: encountered a non-retryable error and could not start. The data contains the error code.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-29 22:14:01
    -----------------------------
    22:14:01.095 OS Version: Windows 6.1.7601 Service Pack 1
    22:14:01.095 Number of processors: 4 586 0x403
    22:14:01.096 ComputerName: JOHNNYROD-PC UserName: Johnny Rod
    22:14:01.938 Initialize success
    22:14:08.997 AVAST engine download error: 0
    22:14:23.123 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
    22:14:23.125 Disk 0 Vendor: SAMSUNG_ CXM0 Size: 61057MB BusType: 11
    22:14:23.126 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
    22:14:23.128 Disk 1 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 11
    22:14:23.130 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
    22:14:23.132 Disk 2 Vendor: ST350041 JC45 Size: 476940MB BusType: 11
    22:14:23.134 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\mv91xx1Port1Path0Target0Lun0
    22:14:23.137 Disk 3 Vendor: Maxtor_6 VA11 Size: 194481MB BusType: 11
    22:14:23.140 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:14:23.142 Disk 4 Vendor: HDT722525DLAT80 V44OA70A Size: 238471MB BusType: 3
    22:14:23.147 Disk 0 MBR read successfully
    22:14:23.150 Disk 0 MBR scan
    22:14:23.153 Disk 0 Windows 7 default MBR code
    22:14:23.158 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:14:23.162 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
    22:14:23.167 Disk 0 scanning sectors +125042688
    22:14:23.175 Disk 0 scanning C:\Windows\system32\drivers
    22:14:25.017 Service scanning
    22:14:27.652 Modules scanning
    22:14:29.547 Disk 0 trace - called modules:
    22:14:29.553 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
    22:14:29.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871f7030]
    22:14:29.561 3 CLASSPNP.SYS[8cc6659e] -> nt!IofCallDriver -> [0x86ca7c80]
    22:14:29.565 5 amdxata.sys[8457d6b3] -> nt!IofCallDriver -> [0x86ca5930]
    22:14:29.569 7 ACPI.sys[83f293d4] -> nt!IofCallDriver -> \Device\00000064[0x86c9e030]
    22:14:29.573 Scan finished successfully
    22:14:43.157 Disk 0 MBR has been saved successfully to "C:\Users\Johnny Rod\Desktop\MBR.dat"
    22:14:43.161 The log file has been saved successfully to "C:\Users\Johnny Rod\Desktop\aswMBR.txt"
     
  9. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

    Size Device Name MBR Status
    --------------------------------------------
    59 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    23:09:11.0617 5356 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    23:09:11.0623 5356 ============================================================
    23:09:11.0623 5356 Current date / time: 2012/03/29 23:09:11.0623
    23:09:11.0623 5356 SystemInfo:
    23:09:11.0623 5356
    23:09:11.0624 5356 OS Version: 6.1.7601 ServicePack: 1.0
    23:09:11.0624 5356 Product type: Workstation
    23:09:11.0624 5356 ComputerName: JOHNNYROD-PC
    23:09:11.0624 5356 UserName: Johnny Rod
    23:09:11.0624 5356 Windows directory: C:\Windows
    23:09:11.0624 5356 System windows directory: C:\Windows
    23:09:11.0624 5356 Processor architecture: Intel x86
    23:09:11.0624 5356 Number of processors: 4
    23:09:11.0624 5356 Page size: 0x1000
    23:09:11.0624 5356 Boot type: Normal boot
    23:09:11.0624 5356 ============================================================
    23:09:12.0211 5356 Drive \Device\Harddisk3\DR3 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    23:09:12.0212 5356 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:09:12.0224 5356 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:09:15.0971 5356 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:09:15.0995 5356 Drive \Device\Harddisk4\DR4 - Size: 0x3A38725E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    23:09:16.0090 5356 \Device\Harddisk3\DR3:
    23:09:16.0090 5356 MBR used
    23:09:16.0090 5356 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD5299
    23:09:16.0090 5356 \Device\Harddisk0\DR0:
    23:09:16.0090 5356 MBR used
    23:09:16.0090 5356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    23:09:16.0090 5356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
    23:09:16.0090 5356 \Device\Harddisk1\DR1:
    23:09:16.0107 5356 MBR used
    23:09:16.0107 5356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18AC1
    23:09:16.0107 5356 \Device\Harddisk2\DR2:
    23:09:16.0108 5356 MBR used
    23:09:16.0108 5356 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385C01
    23:09:16.0108 5356 \Device\Harddisk4\DR4:
    23:09:16.0108 5356 MBR used
    23:09:16.0108 5356 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C38F1
    23:09:16.0152 5356 Initialize success
    23:09:16.0152 5356 ============================================================
    23:15:15.0252 4620 ============================================================
    23:15:15.0252 4620 Scan started
    23:15:15.0252 4620 Mode: Manual;
    23:15:15.0252 4620 ============================================================
    23:15:15.0602 4620 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) G:\Program Files\SUPERantispyware\SASCORE.EXE
    23:15:15.0603 4620 !SASCORE - ok
    23:15:15.0622 4620 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    23:15:15.0623 4620 1394ohci - ok
    23:15:15.0632 4620 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
    23:15:15.0633 4620 61883 - ok
    23:15:15.0644 4620 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    23:15:15.0645 4620 ACPI - ok
    23:15:15.0654 4620 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    23:15:15.0654 4620 AcpiPmi - ok
    23:15:15.0658 4620 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:15:15.0659 4620 AdobeARMservice - ok
    23:15:15.0672 4620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    23:15:15.0675 4620 adp94xx - ok
    23:15:15.0687 4620 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    23:15:15.0689 4620 adpahci - ok
    23:15:15.0699 4620 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    23:15:15.0701 4620 adpu320 - ok
    23:15:15.0711 4620 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    23:15:15.0711 4620 AeLookupSvc - ok
    23:15:15.0723 4620 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    23:15:15.0724 4620 AFD - ok
    23:15:15.0734 4620 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    23:15:15.0734 4620 agp440 - ok
    23:15:15.0743 4620 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    23:15:15.0744 4620 aic78xx - ok
    23:15:15.0753 4620 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    23:15:15.0753 4620 ALG - ok
    23:15:15.0762 4620 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    23:15:15.0762 4620 aliide - ok
    23:15:15.0771 4620 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    23:15:15.0772 4620 amdagp - ok
    23:15:15.0781 4620 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    23:15:15.0781 4620 amdide - ok
    23:15:15.0790 4620 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    23:15:15.0791 4620 AmdK8 - ok
    23:15:15.0800 4620 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    23:15:15.0801 4620 AmdPPM - ok
    23:15:15.0810 4620 amdsata (04b2587c961c084634054d60d3eb385b) C:\Windows\system32\DRIVERS\amdsata.sys
    23:15:15.0810 4620 amdsata - ok
    23:15:15.0820 4620 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    23:15:15.0822 4620 amdsbs - ok
    23:15:15.0831 4620 amdxata (c078b06811670b90a52ae51ac3808e1e) C:\Windows\system32\DRIVERS\amdxata.sys
    23:15:15.0831 4620 amdxata - ok
    23:15:15.0839 4620 AODDriver - ok
    23:15:15.0883 4620 AODDriver4.1 (f72ae76124039a9ac37cdf05cfafa9dc) G:\Program Files\AMD\OverDrive\i386\AODDriver2.sys
    23:15:15.0883 4620 AODDriver4.1 - ok
    23:15:15.0892 4620 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    23:15:15.0893 4620 AppID - ok
    23:15:15.0901 4620 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    23:15:15.0902 4620 AppIDSvc - ok
    23:15:15.0910 4620 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    23:15:15.0910 4620 Appinfo - ok
    23:15:15.0914 4620 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:15:15.0915 4620 Apple Mobile Device - ok
    23:15:15.0924 4620 AppleCharger (e592751036c1d0a74ec3e57302a03745) C:\Windows\system32\DRIVERS\AppleCharger.sys
    23:15:15.0924 4620 AppleCharger - ok
    23:15:15.0932 4620 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
    23:15:15.0933 4620 AppleChargerSrv - ok
    23:15:15.0943 4620 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    23:15:15.0943 4620 AppMgmt - ok
    23:15:15.0953 4620 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    23:15:15.0954 4620 arc - ok
    23:15:15.0963 4620 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    23:15:15.0964 4620 arcsas - ok
    23:15:15.0969 4620 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    23:15:15.0969 4620 aspnet_state - ok
    23:15:15.0978 4620 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    23:15:15.0979 4620 AsyncMac - ok
    23:15:15.0988 4620 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    23:15:15.0988 4620 atapi - ok
    23:15:15.0997 4620 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
    23:15:15.0998 4620 AtiPcie - ok
    23:15:16.0011 4620 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    23:15:16.0013 4620 AudioEndpointBuilder - ok
    23:15:16.0018 4620 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    23:15:16.0020 4620 Audiosrv - ok
    23:15:16.0029 4620 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
    23:15:16.0030 4620 Avc - ok
    23:15:16.0039 4620 AVCSTRM (1983e63a12427f8f26d625ceb5cd01fc) C:\Windows\system32\DRIVERS\avcstrm.sys
    23:15:16.0039 4620 AVCSTRM - ok
    23:15:16.0048 4620 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    23:15:16.0049 4620 AxInstSV - ok
    23:15:16.0061 4620 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    23:15:16.0065 4620 b06bdrv - ok
    23:15:16.0076 4620 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    23:15:16.0078 4620 b57nd60x - ok
    23:15:16.0088 4620 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    23:15:16.0088 4620 BDESVC - ok
    23:15:16.0097 4620 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    23:15:16.0097 4620 Beep - ok
    23:15:16.0111 4620 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    23:15:16.0113 4620 BFE - ok
    23:15:16.0127 4620 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
    23:15:16.0131 4620 BITS - ok
    23:15:16.0140 4620 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    23:15:16.0140 4620 blbdrive - ok
    23:15:16.0146 4620 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    23:15:16.0148 4620 Bonjour Service - ok
    23:15:16.0157 4620 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    23:15:16.0158 4620 bowser - ok
    23:15:16.0166 4620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:15:16.0167 4620 BrFiltLo - ok
    23:15:16.0176 4620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:15:16.0176 4620 BrFiltUp - ok
    23:15:16.0187 4620 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    23:15:16.0188 4620 BridgeMP - ok
    23:15:16.0197 4620 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    23:15:16.0198 4620 Browser - ok
    23:15:16.0209 4620 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    23:15:16.0211 4620 Brserid - ok
    23:15:16.0221 4620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    23:15:16.0221 4620 BrSerWdm - ok
    23:15:16.0230 4620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:15:16.0230 4620 BrUsbMdm - ok
    23:15:16.0239 4620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    23:15:16.0240 4620 BrUsbSer - ok
    23:15:16.0249 4620 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    23:15:16.0250 4620 BTHMODEM - ok
    23:15:16.0260 4620 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    23:15:16.0260 4620 bthserv - ok
    23:15:16.0262 4620 catchme - ok
    23:15:16.0272 4620 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    23:15:16.0273 4620 cdfs - ok
    23:15:16.0282 4620 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    23:15:16.0283 4620 cdrom - ok
    23:15:16.0292 4620 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    23:15:16.0293 4620 CertPropSvc - ok
    23:15:16.0302 4620 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    23:15:16.0302 4620 circlass - ok
    23:15:16.0313 4620 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    23:15:16.0314 4620 CLFS - ok
    23:15:16.0318 4620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:15:16.0319 4620 clr_optimization_v2.0.50727_32 - ok
    23:15:16.0324 4620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:15:16.0324 4620 clr_optimization_v4.0.30319_32 - ok
    23:15:16.0333 4620 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    23:15:16.0333 4620 CmBatt - ok
    23:15:16.0343 4620 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    23:15:16.0343 4620 cmdide - ok
    23:15:16.0356 4620 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    23:15:16.0357 4620 CNG - ok
    23:15:16.0366 4620 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    23:15:16.0366 4620 Compbatt - ok
    23:15:16.0376 4620 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    23:15:16.0376 4620 CompositeBus - ok
    23:15:16.0384 4620 COMSysApp - ok
    23:15:16.0394 4620 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    23:15:16.0394 4620 crcdisk - ok
    23:15:16.0405 4620 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    23:15:16.0406 4620 CryptSvc - ok
    23:15:16.0442 4620 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    23:15:16.0443 4620 CSC - ok
    23:15:16.0461 4620 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    23:15:16.0464 4620 CscService - ok
    23:15:16.0485 4620 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    23:15:16.0488 4620 DcomLaunch - ok
    23:15:16.0507 4620 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    23:15:16.0508 4620 defragsvc - ok
    23:15:16.0524 4620 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    23:15:16.0525 4620 DfsC - ok
    23:15:16.0542 4620 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    23:15:16.0543 4620 Dhcp - ok
    23:15:16.0557 4620 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    23:15:16.0558 4620 discache - ok
    23:15:16.0576 4620 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    23:15:16.0576 4620 Disk - ok
    23:15:16.0592 4620 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    23:15:16.0593 4620 Dnscache - ok
    23:15:16.0611 4620 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    23:15:16.0612 4620 dot3svc - ok
    23:15:16.0630 4620 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    23:15:16.0631 4620 DPS - ok
    23:15:16.0647 4620 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    23:15:16.0647 4620 drmkaud - ok
    23:15:16.0659 4620 dsunidrv - ok
    23:15:16.0676 4620 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    23:15:16.0679 4620 DXGKrnl - ok
    23:15:16.0688 4620 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    23:15:16.0689 4620 EapHost - ok
    23:15:16.0725 4620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    23:15:16.0749 4620 ebdrv - ok
    23:15:16.0758 4620 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    23:15:16.0759 4620 EFS - ok
    23:15:16.0767 4620 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    23:15:16.0771 4620 ehRecvr - ok
    23:15:16.0775 4620 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    23:15:16.0776 4620 ehSched - ok
    23:15:16.0789 4620 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    23:15:16.0793 4620 elxstor - ok
    23:15:16.0801 4620 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    23:15:16.0802 4620 ErrDev - ok
    23:15:16.0817 4620 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    23:15:16.0818 4620 EventSystem - ok
    23:15:16.0829 4620 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    23:15:16.0830 4620 exfat - ok
    23:15:16.0840 4620 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    23:15:16.0841 4620 fastfat - ok
    23:15:16.0854 4620 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    23:15:16.0856 4620 Fax - ok
    23:15:16.0865 4620 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    23:15:16.0866 4620 fdc - ok
    23:15:16.0874 4620 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    23:15:16.0875 4620 fdPHost - ok
    23:15:16.0883 4620 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    23:15:16.0884 4620 FDResPub - ok
    23:15:16.0893 4620 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    23:15:16.0893 4620 FileInfo - ok
    23:15:16.0902 4620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    23:15:16.0903 4620 Filetrace - ok
    23:15:16.0912 4620 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    23:15:16.0912 4620 flpydisk - ok
    23:15:16.0923 4620 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    23:15:16.0924 4620 FltMgr - ok
    23:15:16.0940 4620 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    23:15:16.0944 4620 FontCache - ok
    23:15:16.0948 4620 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    23:15:16.0949 4620 FontCache3.0.0.0 - ok
    23:15:16.0958 4620 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    23:15:16.0959 4620 FsDepends - ok
    23:15:16.0967 4620 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    23:15:16.0968 4620 Fs_Rec - ok
    23:15:16.0979 4620 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    23:15:16.0980 4620 fvevol - ok
    23:15:16.0989 4620 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:15:16.0990 4620 gagp30kx - ok
    23:15:16.0992 4620 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
    23:15:16.0992 4620 gdrv - ok
    23:15:17.0001 4620 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    23:15:17.0002 4620 GEARAspiWDM - ok
    23:15:17.0016 4620 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    23:15:17.0019 4620 gpsvc - ok
    23:15:17.0023 4620 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:15:17.0024 4620 gusvc - ok
    23:15:17.0033 4620 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\Windows\system32\Drivers\GVTDrv.sys
    23:15:17.0034 4620 GVTDrv - ok
    23:15:17.0043 4620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    23:15:17.0043 4620 hcw85cir - ok
    23:15:17.0055 4620 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    23:15:17.0058 4620 HdAudAddService - ok
    23:15:17.0068 4620 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    23:15:17.0069 4620 HDAudBus - ok
    23:15:17.0078 4620 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    23:15:17.0078 4620 HidBatt - ok
    23:15:17.0088 4620 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    23:15:17.0089 4620 HidBth - ok
    23:15:17.0098 4620 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    23:15:17.0099 4620 HidIr - ok
    23:15:17.0107 4620 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    23:15:17.0108 4620 hidserv - ok
    23:15:17.0117 4620 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    23:15:17.0117 4620 HidUsb - ok
    23:15:17.0126 4620 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    23:15:17.0128 4620 hkmsvc - ok
    23:15:17.0137 4620 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    23:15:17.0139 4620 HomeGroupListener - ok
    23:15:17.0149 4620 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    23:15:17.0151 4620 HomeGroupProvider - ok
    23:15:17.0160 4620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    23:15:17.0161 4620 HpSAMD - ok
    23:15:17.0175 4620 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    23:15:17.0177 4620 HTTP - ok
    23:15:17.0186 4620 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    23:15:17.0186 4620 hwpolicy - ok
    23:15:17.0196 4620 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    23:15:17.0197 4620 i8042prt - ok
    23:15:17.0209 4620 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
     
  12. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    23:15:17.0211 4620 iaStorV - ok
    23:15:17.0215 4620 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    23:15:17.0216 4620 IDriverT - ok
    23:15:17.0228 4620 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:15:17.0236 4620 idsvc - ok
    23:15:17.0245 4620 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    23:15:17.0246 4620 iirsp - ok
    23:15:17.0261 4620 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    23:15:17.0264 4620 IKEEXT - ok
    23:15:17.0274 4620 IntcAzAudAddService - ok
    23:15:17.0283 4620 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    23:15:17.0284 4620 intelide - ok
    23:15:17.0294 4620 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    23:15:17.0294 4620 intelppm - ok
    23:15:17.0303 4620 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    23:15:17.0304 4620 IPBusEnum - ok
    23:15:17.0313 4620 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:15:17.0314 4620 IpFilterDriver - ok
    23:15:17.0327 4620 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    23:15:17.0330 4620 iphlpsvc - ok
    23:15:17.0339 4620 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    23:15:17.0340 4620 IPMIDRV - ok
    23:15:17.0350 4620 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    23:15:17.0351 4620 IPNAT - ok
    23:15:17.0361 4620 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
    23:15:17.0365 4620 iPod Service - ok
    23:15:17.0373 4620 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    23:15:17.0374 4620 IRENUM - ok
    23:15:17.0383 4620 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    23:15:17.0384 4620 isapnp - ok
    23:15:17.0395 4620 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    23:15:17.0397 4620 iScsiPrt - ok
    23:15:17.0406 4620 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    23:15:17.0407 4620 kbdclass - ok
    23:15:17.0416 4620 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    23:15:17.0416 4620 kbdhid - ok
    23:15:17.0425 4620 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    23:15:17.0426 4620 KeyIso - ok
    23:15:17.0435 4620 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    23:15:17.0436 4620 KSecDD - ok
    23:15:17.0446 4620 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    23:15:17.0446 4620 KSecPkg - ok
    23:15:17.0457 4620 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    23:15:17.0460 4620 KtmRm - ok
    23:15:17.0469 4620 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    23:15:17.0472 4620 LanmanServer - ok
    23:15:17.0481 4620 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    23:15:17.0483 4620 LanmanWorkstation - ok
    23:15:17.0493 4620 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    23:15:17.0494 4620 lltdio - ok
    23:15:17.0504 4620 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    23:15:17.0506 4620 lltdsvc - ok
    23:15:17.0514 4620 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    23:15:17.0515 4620 lmhosts - ok
    23:15:17.0525 4620 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:15:17.0527 4620 LSI_FC - ok
    23:15:17.0536 4620 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:15:17.0537 4620 LSI_SAS - ok
    23:15:17.0546 4620 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:15:17.0547 4620 LSI_SAS2 - ok
    23:15:17.0556 4620 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:15:17.0557 4620 LSI_SCSI - ok
    23:15:17.0567 4620 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    23:15:17.0567 4620 luafv - ok
    23:15:17.0577 4620 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    23:15:17.0577 4620 LVPr2Mon - ok
    23:15:17.0589 4620 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
    23:15:17.0591 4620 LVRS - ok
    23:15:17.0637 4620 LVUVC (d286215f0bbbe75f726b49261c63152d) C:\Windows\system32\DRIVERS\lvuvc.sys
    23:15:17.0654 4620 LVUVC - ok
    23:15:17.0659 4620 Marvell RAID (f8217a55b4b183188f8d5b30c5022b49) C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
    23:15:17.0660 4620 Marvell RAID - ok
    23:15:17.0669 4620 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    23:15:17.0670 4620 Mcx2Svc - ok
    23:15:17.0679 4620 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    23:15:17.0680 4620 megasas - ok
    23:15:17.0691 4620 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    23:15:17.0693 4620 MegaSR - ok
    23:15:17.0701 4620 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    23:15:17.0703 4620 MMCSS - ok
    23:15:17.0712 4620 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    23:15:17.0712 4620 Modem - ok
    23:15:17.0721 4620 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    23:15:17.0722 4620 monitor - ok
    23:15:17.0731 4620 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
    23:15:17.0732 4620 mouclass - ok
    23:15:17.0741 4620 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    23:15:17.0741 4620 mouhid - ok
    23:15:17.0751 4620 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    23:15:17.0752 4620 mountmgr - ok
    23:15:17.0762 4620 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    23:15:17.0763 4620 mpio - ok
    23:15:17.0772 4620 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    23:15:17.0773 4620 mpsdrv - ok
    23:15:17.0787 4620 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    23:15:17.0790 4620 MpsSvc - ok
    23:15:17.0794 4620 MRUWebService (8881574868e648689b7aa88a88716e17) C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
    23:15:17.0794 4620 MRUWebService - ok
    23:15:17.0804 4620 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    23:15:17.0806 4620 MRxDAV - ok
    23:15:17.0816 4620 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:15:17.0816 4620 mrxsmb - ok
    23:15:17.0827 4620 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:15:17.0828 4620 mrxsmb10 - ok
    23:15:17.0838 4620 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:15:17.0839 4620 mrxsmb20 - ok
    23:15:17.0847 4620 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    23:15:17.0848 4620 msahci - ok
    23:15:17.0858 4620 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    23:15:17.0859 4620 msdsm - ok
    23:15:17.0869 4620 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    23:15:17.0871 4620 MSDTC - ok
    23:15:17.0882 4620 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
    23:15:17.0883 4620 MSDV - ok
    23:15:17.0892 4620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    23:15:17.0892 4620 Msfs - ok
    23:15:17.0901 4620 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    23:15:17.0901 4620 mshidkmdf - ok
    23:15:17.0911 4620 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    23:15:17.0911 4620 msisadrv - ok
    23:15:17.0921 4620 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    23:15:17.0922 4620 MSiSCSI - ok
    23:15:17.0930 4620 msiserver - ok
    23:15:17.0939 4620 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    23:15:17.0940 4620 MSKSSRV - ok
    23:15:17.0949 4620 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    23:15:17.0950 4620 MSPCLOCK - ok
    23:15:17.0959 4620 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    23:15:17.0959 4620 MSPQM - ok
    23:15:17.0970 4620 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    23:15:17.0971 4620 MsRPC - ok
    23:15:17.0982 4620 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    23:15:17.0982 4620 mssmbios - ok
    23:15:17.0992 4620 MSTAPE (dccc7dfe06ac127529d8c86b06df4a37) C:\Windows\system32\DRIVERS\mstape.sys
    23:15:17.0992 4620 MSTAPE - ok
    23:15:18.0001 4620 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    23:15:18.0001 4620 MSTEE - ok
    23:15:18.0011 4620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    23:15:18.0011 4620 MTConfig - ok
    23:15:18.0021 4620 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    23:15:18.0021 4620 Mup - ok
    23:15:18.0030 4620 mv91cons (f1d1311c55333727a604d40be95881cd) C:\Windows\system32\DRIVERS\mv91cons.sys
    23:15:18.0031 4620 mv91cons - ok
    23:15:18.0042 4620 mv91xx (a66cd14e2bc2a2208e58b9b7b05a1f8a) C:\Windows\system32\DRIVERS\mv91xx.sys
    23:15:18.0043 4620 mv91xx - ok
    23:15:18.0055 4620 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    23:15:18.0058 4620 napagent - ok
    23:15:18.0069 4620 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    23:15:18.0072 4620 NativeWifiP - ok
    23:15:18.0081 4620 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe
    23:15:18.0083 4620 NAUpdate - ok
    23:15:18.0093 4620 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
    23:15:18.0093 4620 NBVol - ok
    23:15:18.0102 4620 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
    23:15:18.0102 4620 NBVolUp - ok
    23:15:18.0119 4620 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    23:15:18.0122 4620 NDIS - ok
    23:15:18.0131 4620 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    23:15:18.0132 4620 NdisCap - ok
    23:15:18.0141 4620 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    23:15:18.0141 4620 NdisTapi - ok
    23:15:18.0151 4620 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    23:15:18.0152 4620 Ndisuio - ok
    23:15:18.0161 4620 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    23:15:18.0162 4620 NdisWan - ok
    23:15:18.0171 4620 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    23:15:18.0172 4620 NDProxy - ok
    23:15:18.0181 4620 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    23:15:18.0181 4620 NetBIOS - ok
    23:15:18.0192 4620 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    23:15:18.0193 4620 NetBT - ok
    23:15:18.0202 4620 NETGEARUHOST (00fd381143c937b8cdf639c0de5189e2) C:\Windows\system32\DRIVERS\NETGEARUHOST.sys
    23:15:18.0202 4620 NETGEARUHOST - ok
    23:15:18.0212 4620 NETGEARUHUB (6f57a54419e6186975fc00dc405fe4b0) C:\Windows\system32\DRIVERS\NETGEARUHUB.sys
    23:15:18.0212 4620 NETGEARUHUB - ok
    23:15:18.0221 4620 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    23:15:18.0222 4620 Netlogon - ok
    23:15:18.0233 4620 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    23:15:18.0235 4620 Netman - ok
    23:15:18.0246 4620 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    23:15:18.0249 4620 netprofm - ok
    23:15:18.0254 4620 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:15:18.0256 4620 NetTcpPortSharing - ok
    23:15:18.0265 4620 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    23:15:18.0265 4620 nfrd960 - ok
    23:15:18.0276 4620 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    23:15:18.0278 4620 NlaSvc - ok
    23:15:18.0287 4620 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    23:15:18.0288 4620 Npfs - ok
    23:15:18.0296 4620 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    23:15:18.0298 4620 nsi - ok
    23:15:18.0306 4620 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    23:15:18.0307 4620 nsiproxy - ok
    23:15:18.0329 4620 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    23:15:18.0338 4620 Ntfs - ok
    23:15:18.0400 4620 nTuneService - ok
    23:15:18.0415 4620 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    23:15:18.0415 4620 Null - ok
    23:15:18.0425 4620 nusb3hub (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
    23:15:18.0426 4620 nusb3hub - ok
    23:15:18.0436 4620 nusb3xhc (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    23:15:18.0437 4620 nusb3xhc - ok
    23:15:18.0538 4620 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    23:15:18.0612 4620 nvlddmkm - ok
    23:15:18.0623 4620 nvoclock (96c5900331bd17344f338d006888bae5) C:\Windows\system32\DRIVERS\nvoclock.sys
    23:15:18.0623 4620 nvoclock - ok
    23:15:18.0633 4620 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    23:15:18.0635 4620 nvraid - ok
    23:15:18.0645 4620 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    23:15:18.0646 4620 nvstor - ok
    23:15:18.0661 4620 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
    23:15:18.0668 4620 nvsvc - ok
    23:15:18.0692 4620 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    23:15:18.0711 4620 nvUpdatusService - ok
    23:15:18.0721 4620 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    23:15:18.0722 4620 nv_agp - ok
    23:15:18.0732 4620 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    23:15:18.0732 4620 ohci1394 - ok
    23:15:18.0736 4620 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:15:18.0737 4620 ose - ok
    23:15:18.0781 4620 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:15:18.0799 4620 osppsvc - ok
    23:15:18.0813 4620 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    23:15:18.0816 4620 p2pimsvc - ok
    23:15:18.0827 4620 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    23:15:18.0829 4620 p2psvc - ok
    23:15:18.0839 4620 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    23:15:18.0840 4620 Parport - ok
    23:15:18.0849 4620 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    23:15:18.0850 4620 partmgr - ok
    23:15:18.0859 4620 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    23:15:18.0859 4620 Parvdm - ok
    23:15:18.0869 4620 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    23:15:18.0871 4620 PcaSvc - ok
    23:15:18.0882 4620 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    23:15:18.0883 4620 pci - ok
    23:15:18.0891 4620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    23:15:18.0892 4620 pciide - ok
    23:15:18.0903 4620 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    23:15:18.0905 4620 pcmcia - ok
    23:15:18.0914 4620 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    23:15:18.0915 4620 pcw - ok
    23:15:18.0930 4620 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    23:15:18.0934 4620 PEAUTH - ok
    23:15:18.0952 4620 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    23:15:18.0958 4620 PeerDistSvc - ok
    23:15:18.0985 4620 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    23:15:18.0993 4620 pla - ok
    23:15:19.0004 4620 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    23:15:19.0007 4620 PlugPlay - ok
    23:15:19.0016 4620 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    23:15:19.0017 4620 PNRPAutoReg - ok
    23:15:19.0028 4620 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    23:15:19.0030 4620 PNRPsvc - ok
    23:15:19.0042 4620 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    23:15:19.0044 4620 PolicyAgent - ok
    23:15:19.0055 4620 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    23:15:19.0057 4620 Power - ok
    23:15:19.0066 4620 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    23:15:19.0067 4620 PptpMiniport - ok
    23:15:19.0076 4620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    23:15:19.0077 4620 Processor - ok
    23:15:19.0086 4620 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    23:15:19.0089 4620 ProfSvc - ok
    23:15:19.0097 4620 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    23:15:19.0098 4620 ProtectedStorage - ok
    23:15:19.0108 4620 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    23:15:19.0108 4620 Psched - ok
    23:15:19.0112 4620 QBCFMonitorService (0f1f42c39ab2b16db957a7a1756feffb) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    23:15:19.0112 4620 QBCFMonitorService - ok
    23:15:19.0116 4620 QBFCService (92aa40e2b692e8637d45fb2d01137d17) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    23:15:19.0117 4620 QBFCService - ok
    23:15:19.0139 4620 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    23:15:19.0150 4620 ql2300 - ok
    23:15:19.0160 4620 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    23:15:19.0161 4620 ql40xx - ok
    23:15:19.0172 4620 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    23:15:19.0174 4620 QWAVE - ok
    23:15:19.0183 4620 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    23:15:19.0183 4620 QWAVEdrv - ok
    23:15:19.0193 4620 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    23:15:19.0193 4620 RasAcd - ok
    23:15:19.0203 4620 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:15:19.0203 4620 RasAgileVpn - ok
    23:15:19.0212 4620 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    23:15:19.0214 4620 RasAuto - ok
    23:15:19.0224 4620 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:15:19.0225 4620 Rasl2tp - ok
    23:15:19.0235 4620 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    23:15:19.0238 4620 RasMan - ok
    23:15:19.0248 4620 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    23:15:19.0248 4620 RasPppoe - ok
    23:15:19.0258 4620 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    23:15:19.0258 4620 RasSstp - ok
    23:15:19.0270 4620 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    23:15:19.0271 4620 rdbss - ok
    23:15:19.0280 4620 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    23:15:19.0280 4620 rdpbus - ok
    23:15:19.0290 4620 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:15:19.0290 4620 RDPCDD - ok
    23:15:19.0302 4620 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    23:15:19.0303 4620 RDPDR - ok
    23:15:19.0312 4620 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    23:15:19.0312 4620 RDPENCDD - ok
    23:15:19.0323 4620 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    23:15:19.0324 4620 RDPREFMP - ok
    23:15:19.0334 4620 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    23:15:19.0335 4620 RdpVideoMiniport - ok
    23:15:19.0346 4620 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    23:15:19.0348 4620 RDPWD - ok
    23:15:19.0359 4620 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    23:15:19.0359 4620 rdyboost - ok
    23:15:19.0368 4620 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    23:15:19.0370 4620 RemoteAccess - ok
    23:15:19.0379 4620 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    23:15:19.0381 4620 RemoteRegistry - ok
    23:15:19.0390 4620 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    23:15:19.0392 4620 RpcEptMapper - ok
    23:15:19.0400 4620 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    23:15:19.0401 4620 RpcLocator - ok
    23:15:19.0414 4620 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    23:15:19.0417 4620 RpcSs - ok
    23:15:19.0426 4620 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    23:15:19.0427 4620 rspndr - ok
    23:15:19.0439 4620 RTL8167 (6ebdca4806dfead818d0bd1d1ee4a069) C:\Windows\system32\DRIVERS\Rt86win7.sys
    23:15:19.0443 4620 RTL8167 - ok
    23:15:19.0452 4620 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    23:15:19.0452 4620 s3cap - ok
    23:15:19.0461 4620 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    23:15:19.0462 4620 SamSs - ok
    23:15:19.0505 4620 SASDIFSV (39763504067962108505bff25f024345) G:\Program Files\SUPERantispyware\SASDIFSV.SYS
    23:15:19.0505 4620 SASDIFSV - ok
    23:15:19.0515 4620 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) G:\Program Files\SUPERantispyware\SASKUTIL.SYS
    23:15:19.0516 4620 SASKUTIL - ok
    23:15:19.0525 4620 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    23:15:19.0526 4620 sbp2port - ok
    23:15:19.0537 4620 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    23:15:19.0539 4620 SCardSvr - ok
    23:15:19.0548 4620 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    23:15:19.0549 4620 scfilter - ok
    23:15:19.0565 4620 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    23:15:19.0569 4620 Schedule - ok
    23:15:19.0578 4620 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    23:15:19.0578 4620 SCPolicySvc - ok
    23:15:19.0588 4620 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    23:15:19.0590 4620 SDRSVC - ok
    23:15:19.0599 4620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    23:15:19.0599 4620 secdrv - ok
    23:15:19.0608 4620 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    23:15:19.0610 4620 seclogon - ok
    23:15:19.0618 4620 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    23:15:19.0620 4620 SENS - ok
    23:15:19.0629 4620 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    23:15:19.0630 4620 SensrSvc - ok
    23:15:19.0639 4620 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    23:15:19.0640 4620 Serenum - ok
    23:15:19.0650 4620 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
     
  13. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    23:15:19.0650 4620 Serial - ok
    23:15:19.0659 4620 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    23:15:19.0660 4620 sermouse - ok
    23:15:19.0673 4620 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    23:15:19.0675 4620 SessionEnv - ok
    23:15:19.0684 4620 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    23:15:19.0685 4620 sffdisk - ok
    23:15:19.0694 4620 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    23:15:19.0694 4620 sffp_mmc - ok
    23:15:19.0704 4620 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    23:15:19.0704 4620 sffp_sd - ok
    23:15:19.0714 4620 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    23:15:19.0714 4620 sfloppy - ok
    23:15:19.0727 4620 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    23:15:19.0729 4620 SharedAccess - ok
    23:15:19.0742 4620 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    23:15:19.0745 4620 ShellHWDetection - ok
    23:15:19.0755 4620 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    23:15:19.0756 4620 sisagp - ok
    23:15:19.0765 4620 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:15:19.0765 4620 SiSRaid2 - ok
    23:15:19.0775 4620 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    23:15:19.0776 4620 SiSRaid4 - ok
    23:15:19.0786 4620 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    23:15:19.0786 4620 Smb - ok
    23:15:19.0797 4620 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    23:15:19.0799 4620 SNMPTRAP - ok
    23:15:19.0808 4620 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    23:15:19.0808 4620 spldr - ok
    23:15:19.0820 4620 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    23:15:19.0823 4620 Spooler - ok
    23:15:19.0859 4620 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    23:15:19.0873 4620 sppsvc - ok
    23:15:19.0883 4620 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    23:15:19.0885 4620 sppuinotify - ok
    23:15:19.0897 4620 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    23:15:19.0898 4620 srv - ok
    23:15:19.0910 4620 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    23:15:19.0911 4620 srv2 - ok
    23:15:19.0922 4620 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    23:15:19.0922 4620 srvnet - ok
    23:15:19.0932 4620 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    23:15:19.0934 4620 SSDPSRV - ok
    23:15:19.0943 4620 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    23:15:19.0945 4620 SstpSvc - ok
    23:15:19.0952 4620 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    23:15:19.0955 4620 Stereo Service - ok
    23:15:19.0964 4620 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    23:15:19.0965 4620 stexstor - ok
    23:15:19.0978 4620 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    23:15:19.0982 4620 StiSvc - ok
    23:15:19.0993 4620 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
    23:15:19.0994 4620 StkAMini - ok
    23:15:20.0003 4620 StkASSrv (5ccfe3b03f97005d221ba897c9a20b38) C:\Windows\System32\StkASv2K.exe
    23:15:20.0005 4620 StkASSrv - ok
    23:15:20.0014 4620 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
    23:15:20.0014 4620 StkScan - ok
    23:15:20.0024 4620 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    23:15:20.0025 4620 storflt - ok
    23:15:20.0034 4620 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    23:15:20.0034 4620 storvsc - ok
    23:15:20.0043 4620 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    23:15:20.0044 4620 swenum - ok
    23:15:20.0056 4620 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    23:15:20.0059 4620 swprv - ok
    23:15:20.0067 4620 Synth3dVsc - ok
    23:15:20.0087 4620 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    23:15:20.0093 4620 SysMain - ok
    23:15:20.0102 4620 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    23:15:20.0104 4620 TabletInputService - ok
    23:15:20.0115 4620 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    23:15:20.0118 4620 TapiSrv - ok
    23:15:20.0126 4620 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    23:15:20.0128 4620 TBS - ok
    23:15:20.0150 4620 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    23:15:20.0159 4620 Tcpip - ok
    23:15:20.0180 4620 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    23:15:20.0185 4620 TCPIP6 - ok
    23:15:20.0196 4620 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    23:15:20.0197 4620 tcpipreg - ok
    23:15:20.0208 4620 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    23:15:20.0208 4620 TDPIPE - ok
    23:15:20.0218 4620 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    23:15:20.0218 4620 TDTCP - ok
    23:15:20.0228 4620 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    23:15:20.0229 4620 tdx - ok
    23:15:20.0238 4620 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    23:15:20.0238 4620 TermDD - ok
    23:15:20.0252 4620 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    23:15:20.0256 4620 TermService - ok
    23:15:20.0264 4620 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    23:15:20.0266 4620 Themes - ok
    23:15:20.0275 4620 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    23:15:20.0276 4620 THREADORDER - ok
    23:15:20.0285 4620 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    23:15:20.0287 4620 TrkWks - ok
    23:15:20.0291 4620 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    23:15:20.0293 4620 TrustedInstaller - ok
    23:15:20.0303 4620 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:15:20.0304 4620 tssecsrv - ok
    23:15:20.0314 4620 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    23:15:20.0314 4620 TsUsbFlt - ok
    23:15:20.0323 4620 tsusbhub - ok
    23:15:20.0334 4620 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    23:15:20.0335 4620 tunnel - ok
    23:15:20.0344 4620 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    23:15:20.0345 4620 uagp35 - ok
    23:15:20.0356 4620 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    23:15:20.0358 4620 udfs - ok
    23:15:20.0369 4620 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    23:15:20.0371 4620 UI0Detect - ok
    23:15:20.0375 4620 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    23:15:20.0376 4620 UleadBurningHelper - ok
    23:15:20.0385 4620 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    23:15:20.0386 4620 uliagpkx - ok
    23:15:20.0395 4620 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    23:15:20.0396 4620 umbus - ok
    23:15:20.0405 4620 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    23:15:20.0405 4620 UmPass - ok
    23:15:20.0422 4620 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    23:15:20.0425 4620 UmRdpService - ok
    23:15:20.0432 4620 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    23:15:20.0436 4620 UMVPFSrv - ok
    23:15:20.0447 4620 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    23:15:20.0450 4620 upnphost - ok
    23:15:20.0460 4620 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    23:15:20.0461 4620 USBAAPL - ok
    23:15:20.0470 4620 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    23:15:20.0471 4620 usbaudio - ok
    23:15:20.0481 4620 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    23:15:20.0481 4620 usbccgp - ok
    23:15:20.0491 4620 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    23:15:20.0492 4620 usbcir - ok
    23:15:20.0501 4620 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    23:15:20.0502 4620 usbehci - ok
    23:15:20.0511 4620 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\Windows\system32\DRIVERS\usbfilter.sys
    23:15:20.0512 4620 usbfilter - ok
    23:15:20.0524 4620 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    23:15:20.0525 4620 usbhub - ok
    23:15:20.0534 4620 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    23:15:20.0534 4620 usbohci - ok
    23:15:20.0544 4620 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    23:15:20.0544 4620 usbprint - ok
    23:15:20.0554 4620 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    23:15:20.0554 4620 usbscan - ok
    23:15:20.0564 4620 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:15:20.0565 4620 USBSTOR - ok
    23:15:20.0574 4620 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    23:15:20.0574 4620 usbuhci - ok
    23:15:20.0585 4620 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
    23:15:20.0586 4620 usbvideo - ok
    23:15:20.0595 4620 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    23:15:20.0597 4620 UxSms - ok
    23:15:20.0605 4620 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    23:15:20.0606 4620 VaultSvc - ok
    23:15:20.0616 4620 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    23:15:20.0616 4620 vdrvroot - ok
    23:15:20.0629 4620 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    23:15:20.0632 4620 vds - ok
    23:15:20.0642 4620 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    23:15:20.0642 4620 vga - ok
    23:15:20.0652 4620 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    23:15:20.0652 4620 VgaSave - ok
    23:15:20.0661 4620 VGPU - ok
    23:15:20.0672 4620 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    23:15:20.0674 4620 vhdmp - ok
    23:15:20.0683 4620 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    23:15:20.0684 4620 viaagp - ok
    23:15:20.0694 4620 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    23:15:20.0694 4620 ViaC7 - ok
    23:15:20.0704 4620 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    23:15:20.0704 4620 viaide - ok
    23:15:20.0715 4620 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    23:15:20.0717 4620 vmbus - ok
    23:15:20.0726 4620 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    23:15:20.0726 4620 VMBusHID - ok
    23:15:20.0736 4620 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    23:15:20.0737 4620 volmgr - ok
    23:15:20.0749 4620 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    23:15:20.0750 4620 volmgrx - ok
    23:15:20.0761 4620 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    23:15:20.0763 4620 volsnap - ok
    23:15:20.0773 4620 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
    23:15:20.0775 4620 vpcbus - ok
    23:15:20.0785 4620 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    23:15:20.0785 4620 vpcnfltr - ok
    23:15:20.0795 4620 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
    23:15:20.0796 4620 vpcusb - ok
    23:15:20.0808 4620 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
    23:15:20.0809 4620 vpcvmm - ok
    23:15:20.0820 4620 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    23:15:20.0821 4620 vsmraid - ok
    23:15:20.0840 4620 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    23:15:20.0846 4620 VSS - ok
    23:15:20.0855 4620 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    23:15:20.0856 4620 vwifibus - ok
    23:15:20.0867 4620 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    23:15:20.0870 4620 W32Time - ok
    23:15:20.0881 4620 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    23:15:20.0881 4620 WacomPen - ok
    23:15:20.0891 4620 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    23:15:20.0892 4620 WANARP - ok
    23:15:20.0894 4620 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    23:15:20.0894 4620 Wanarpv6 - ok
    23:15:20.0915 4620 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    23:15:20.0926 4620 WatAdminSvc - ok
    23:15:20.0946 4620 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    23:15:20.0953 4620 wbengine - ok
    23:15:20.0963 4620 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    23:15:20.0965 4620 WbioSrvc - ok
    23:15:20.0976 4620 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    23:15:20.0979 4620 wcncsvc - ok
    23:15:20.0988 4620 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    23:15:20.0990 4620 WcsPlugInService - ok
    23:15:20.0999 4620 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    23:15:20.0999 4620 Wd - ok
    23:15:21.0009 4620 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    23:15:21.0009 4620 WDC_SAM - ok
    23:15:21.0018 4620 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    23:15:21.0021 4620 WdiServiceHost - ok
    23:15:21.0023 4620 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    23:15:21.0025 4620 WdiSystemHost - ok
    23:15:21.0035 4620 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    23:15:21.0038 4620 WebClient - ok
    23:15:21.0048 4620 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    23:15:21.0050 4620 Wecsvc - ok
    23:15:21.0059 4620 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    23:15:21.0061 4620 wercplsupport - ok
    23:15:21.0070 4620 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    23:15:21.0072 4620 WerSvc - ok
    23:15:21.0081 4620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    23:15:21.0081 4620 WfpLwf - ok
    23:15:21.0091 4620 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    23:15:21.0092 4620 WIMMount - ok
    23:15:21.0102 4620 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    23:15:21.0107 4620 WinDefend - ok
    23:15:21.0110 4620 WinHttpAutoProxySvc - ok
    23:15:21.0122 4620 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    23:15:21.0123 4620 Winmgmt - ok
    23:15:21.0143 4620 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    23:15:21.0149 4620 WinRM - ok
    23:15:21.0162 4620 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    23:15:21.0163 4620 WinUsb - ok
    23:15:21.0180 4620 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    23:15:21.0185 4620 Wlansvc - ok
    23:15:21.0194 4620 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    23:15:21.0194 4620 WmiAcpi - ok
    23:15:21.0207 4620 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    23:15:21.0208 4620 wmiApSrv - ok
    23:15:21.0221 4620 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    23:15:21.0230 4620 WMPNetworkSvc - ok
    23:15:21.0239 4620 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    23:15:21.0241 4620 WPCSvc - ok
    23:15:21.0250 4620 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    23:15:21.0252 4620 WPDBusEnum - ok
    23:15:21.0262 4620 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    23:15:21.0262 4620 ws2ifsl - ok
    23:15:21.0272 4620 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    23:15:21.0274 4620 wscsvc - ok
    23:15:21.0282 4620 WSearch - ok
    23:15:21.0310 4620 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    23:15:21.0319 4620 wuauserv - ok
    23:15:21.0330 4620 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    23:15:21.0330 4620 WudfPf - ok
    23:15:21.0341 4620 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:15:21.0342 4620 WUDFRd - ok
    23:15:21.0351 4620 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    23:15:21.0353 4620 wudfsvc - ok
    23:15:21.0365 4620 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    23:15:21.0367 4620 WwanSvc - ok
    23:15:21.0393 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
    23:15:21.0574 4620 \Device\Harddisk3\DR3 - ok
    23:15:21.0576 4620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    23:15:21.0578 4620 \Device\Harddisk0\DR0 - ok
    23:15:21.0593 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    23:15:21.0662 4620 \Device\Harddisk1\DR1 - ok
    23:15:21.0664 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    23:15:21.0705 4620 \Device\Harddisk2\DR2 - ok
    23:15:21.0726 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
    23:15:21.0740 4620 \Device\Harddisk4\DR4 - ok
    23:15:21.0749 4620 Boot (0x1200) (5dfbc33f58ff7ca1c59729d3b3346a75) \Device\Harddisk3\DR3\Partition0
    23:15:21.0750 4620 \Device\Harddisk3\DR3\Partition0 - ok
    23:15:21.0752 4620 Boot (0x1200) (2752bde6e507854ceb94b8479f977f4f) \Device\Harddisk0\DR0\Partition0
    23:15:21.0752 4620 \Device\Harddisk0\DR0\Partition0 - ok
    23:15:21.0754 4620 Boot (0x1200) (51961d4800dc782fcb07ee9f61699b66) \Device\Harddisk0\DR0\Partition1
    23:15:21.0755 4620 \Device\Harddisk0\DR0\Partition1 - ok
    23:15:21.0757 4620 Boot (0x1200) (98b67da43d56a50ea98eb1e88cea2955) \Device\Harddisk1\DR1\Partition0
    23:15:21.0758 4620 \Device\Harddisk1\DR1\Partition0 - ok
    23:15:21.0760 4620 Boot (0x1200) (3613f36894733b2dae182c65c7aa7e47) \Device\Harddisk2\DR2\Partition0
    23:15:21.0761 4620 \Device\Harddisk2\DR2\Partition0 - ok
    23:15:21.0762 4620 Boot (0x1200) (dab7c98557b72b8ad979f7fb9ce56597) \Device\Harddisk4\DR4\Partition0
    23:15:21.0763 4620 \Device\Harddisk4\DR4\Partition0 - ok
    23:15:21.0764 4620 ============================================================
    23:15:21.0764 4620 Scan finished
    23:15:21.0764 4620 ============================================================
    23:15:21.0774 3264 Detected object count: 0
    23:15:21.0774 3264 Actual detected object count: 0
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    ComboFix 12-03-28.02 - Johnny Rod 03/30/2012 0:16.3.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3325.2290 [GMT -4:00]
    Running from: c:\users\Johnny Rod\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-30 04:20 . 2012-03-30 04:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-03-28 23:24 . 2012-03-28 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-27 18:32 . 2012-03-27 19:50 -------- d-----w- c:\users\Johnny Rod\DoctorWeb
    2012-03-14 18:13 . 2012-03-14 18:13 -------- d-----w- c:\program files\iPod
    2012-03-13 18:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-13 18:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-11 15:04 . 2012-03-11 15:04 -------- d-----w- c:\users\Johnny Rod\AppData\Local\WBFSManager
    2012-03-11 14:17 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
    2012-03-07 19:14 . 2012-03-07 19:14 -------- d-----w- c:\users\Johnny Rod\AppData\Roaming\dvdcss
    2012-03-04 18:50 . 2012-03-04 18:50 -------- d-----w- c:\users\Johnny Rod\AppData\Roaming\Catalina Marketing Corp
    2012-03-04 18:50 . 2012-03-04 18:51 485576 ----a-w- c:\users\Johnny Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
    2012-03-04 00:20 . 2012-03-07 19:11 -------- d-----w- c:\users\Johnny Rod\AppData\Roaming\vlc
    2012-03-03 23:35 . 2012-03-03 23:35 -------- d-----w- c:\program files\VideoLAN
    2012-02-29 17:26 . 2012-02-29 17:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-29 04:28 . 2012-02-04 22:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-28 23:26 . 2011-12-27 16:34 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
    2012-03-25 18:16 . 2011-12-20 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-12 21:50 . 2012-01-30 22:43 17488 ----a-w- c:\windows\gdrv.sys
    2012-02-29 23:59 . 2011-12-21 02:05 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-29 23:59 . 2011-12-21 02:05 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-29 23:59 . 2011-12-21 02:05 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-29 23:59 . 2011-05-21 11:01 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-29 23:59 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-29 20:56 . 2011-12-20 05:22 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-29 20:55 . 2011-12-20 05:22 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-29 20:53 . 2011-12-20 05:22 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-29 20:53 . 2011-12-20 05:22 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-29 20:53 . 2011-12-20 05:22 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-22 22:58 . 2012-01-30 03:25 71072 ----a-w- c:\windows\CouponPrinter.ocx
    2012-02-15 21:23 . 2012-02-15 21:23 53248 ----a-r- c:\users\Johnny Rod\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-01-31 22:06 . 2011-12-19 22:56 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2012-01-31 12:44 . 2011-12-19 23:20 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-19 22:00 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-01-18 10:44 . 2012-01-18 10:44 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2012-01-18 10:44 . 2012-01-18 10:44 196896 ----a-w- c:\windows\system32\lvci13311044.dll
    2012-01-18 10:44 . 2012-01-18 10:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
    2012-01-18 10:44 . 2012-01-18 10:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
    2012-01-18 10:44 . 2012-01-18 10:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2012-01-04 08:58 . 2012-02-15 01:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-01 03:42 . 2012-01-01 03:36 249856 ------w- c:\windows\Setup1.exe
    2012-01-01 03:42 . 2012-01-01 03:36 73216 ----a-w- c:\windows\ST6UNST.EXE
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Verizon Media Manager"="c:\program files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2011-10-14 1499136]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
    "SUPERAntiSpyware"="g:\program files\SUPERantispyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2000-01-01 113288]
    "PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2007-05-18 699104]
    "MRUTray"="c:\program files\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
    "UVS10 Preload"="g:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Garmin Lifetime Updater"="g:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
    "iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Johnny Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Samsung SSD Magician.lnk - c:\program files\Samsung SSD Magician\Samsung SSD Magician.exe [2012-1-16 2056192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "g:\program files\SUPERantispyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- g:\program files\SUPERantispyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 AODDriver;AODDriver; [x]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2012-01-31 24944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 393320]
    R3 Synth3dVsc;Synth3dVsc; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub; [x]
    R3 VGPU;VGPU; [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-20 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-13 20008]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-11-05 255016]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
    S1 SASDIFSV;SASDIFSV;g:\program files\SUPERantispyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;g:\program files\SUPERantispyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;g:\program files\SUPERantispyware\SASCORE.EXE [2011-08-11 116608]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AODDriver4.1;AODDriver4.1;g:\program files\AMD\OverDrive\i386\AODDriver2.sys [2011-10-14 39936]
    S2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\raid\svc\mvraidsvc.exe [2009-10-14 151552]
    S2 MRUWebService;MRU Web Service;c:\program files\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 13824]
    S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 35840]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2000-01-01 64904]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2000-01-01 146568]
    S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 34103675
    *NewlyCreated* - AXDDYUOB
    *Deregistered* - 34103675
    *Deregistered* - aswMBR
    *Deregistered* - axddyuob
    *Deregistered* - hswd00000C10
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    dsunidrv
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-30 c:\windows\Tasks\DriverUpdate Startup.job
    - c:\program files\DriverUpdate\DriverUpdate.exe [2011-12-06 21:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.foxnews.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: SAMSUNG_ rev.CXM0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    .
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 125045422 (+255): user != kernel
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
    "value"="?\01\05\06\06\05\0f?"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-30 00:21:35
    ComboFix-quarantined-files.txt 2012-03-30 04:21
    ComboFix2.txt 2012-03-29 03:22
    .
    Pre-Run: 20,666,458,112 bytes free
    Post-Run: 20,365,889,536 bytes free
    .
    - - End Of File - - DA0F516F464169149FE6E8164068FE03
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    All looks clean so far.

    What are the current issues?
     
  17. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    this is what I ended up with

    please see image I cant paste the picture of device manager
     

    Attached Files:

  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I need to know what actually doesn't work.
     
  19. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    cant connect to the internet
    both cd/dvd drives dont work "code 3" error
    all other devices with exclamations point say corrupt or low resources
    thanks
     
  20. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    trying to avoid reformatting!!
     
  21. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    usb port still work so I copied gigabyte cd to external drive and tried to reistall ethernet driver but got code 31
    will not let me install any drivers to problem devices
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let's start with internet...

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  23. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    Farbar Service Scanner Version: 01-03-2012
    Ran by Johnny Rod (administrator) on 30-03-2012 at 12:07:59
    Running from "C:\Users\Johnny Rod\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    That looks fine.

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  25. jrod4571

    jrod4571 TS Rookie Topic Starter Posts: 29

    MiniToolBox by Farbar Version: 18-01-2012
    Ran by Johnny Rod (administrator) on 30-03-2012 at 13:01:15
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.
    ========================= Hosts content: =================================

    127.0.0.1 localhost
    127.0.0.1 localhost

    ========================= IP Configuration: ================================



    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : JohnnyRod-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host bleepingcomputer.com. Please check the name and try again.

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    1...........................Software Loopback Interface 1
    10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (03/30/2012 11:33:44 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

    Error: (03/30/2012 11:31:40 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

    Error: (03/30/2012 02:31:20 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/30/2012 00:48:09 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6698c4d1-41b9-4821-ab47-9638cc655d98}

    Error: (03/29/2012 11:03:23 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/29/2012 00:44:21 AM) (Source: Application Error) (User: )
    Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.0.0.1146, time stamp: 0x4ef36d2f
    Faulting module name: SHELL32.dll, version: 6.1.7601.17755, time stamp: 0x4f0412de
    Exception code: 0xc0000005
    Fault offset: 0x0004b223
    Faulting process id: 0x1228
    Faulting application start time: 0xSUPERAntiSpyware.exe0
    Faulting application path: SUPERAntiSpyware.exe1
    Faulting module path: SUPERAntiSpyware.exe2
    Report Id: SUPERAntiSpyware.exe3

    Error: (03/29/2012 00:26:58 AM) (Source: Application Error) (User: )
    Description: Faulting application name: jre-6u31-windows-i586.exe, version: 6.0.310.5, time stamp: 0x4f2ce2fa
    Faulting module name: SHELL32.dll, version: 6.1.7601.17755, time stamp: 0x4f0412de
    Exception code: 0xc0000005
    Fault offset: 0x0004b223
    Faulting process id: 0xe7c
    Faulting application start time: 0xjre-6u31-windows-i586.exe0
    Faulting application path: jre-6u31-windows-i586.exe1
    Faulting module path: jre-6u31-windows-i586.exe2
    Report Id: jre-6u31-windows-i586.exe3

    Error: (03/28/2012 10:35:11 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

    Error: (03/28/2012 10:35:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
    .


    Operation:
    Instantiating VSS server

    Error: (03/28/2012 10:35:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]


    Operation:
    Instantiating VSS server


    System errors:
    =============
    Error: (03/30/2012 11:56:08 AM) (Source: Service Control Manager) (User: )
    Description: The AODDriver service failed to start due to the following error:
    %%2

    Error: (03/30/2012 11:55:57 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    msisadrv
    storflt
    vdrvroot
    vmbus

    Error: (03/30/2012 11:55:52 AM) (Source: Service Control Manager) (User: )
    Description: The PEAUTH service failed to start due to the following error:
    %%1450

    Error: (03/30/2012 11:55:52 AM) (Source: Service Control Manager) (User: )
    Description: The Apache2 service terminated with the following error:
    %%126

    Error: (03/30/2012 11:40:30 AM) (Source: Service Control Manager) (User: )
    Description: The AODDriver service failed to start due to the following error:
    %%2

    Error: (03/30/2012 11:40:20 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    msisadrv
    storflt
    vdrvroot
    vmbus

    Error: (03/30/2012 11:40:13 AM) (Source: Service Control Manager) (User: )
    Description: The PEAUTH service failed to start due to the following error:
    %%1450

    Error: (03/30/2012 11:40:13 AM) (Source: Service Control Manager) (User: )
    Description: The Apache2 service terminated with the following error:
    %%126

    Error: (03/30/2012 11:37:53 AM) (Source: Service Control Manager) (User: )
    Description: The AODDriver service failed to start due to the following error:
    %%2

    Error: (03/30/2012 11:37:42 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    msisadrv
    storflt
    vdrvroot
    vmbus


    Microsoft Office Sessions:
    =========================
    Error: (03/30/2012 11:33:44 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

    Error: (03/30/2012 11:31:40 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

    Error: (03/30/2012 02:31:20 AM) (Source: SideBySide)(User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 11\nero backitup\NBVSSTool_x64.exe

    Error: (03/30/2012 00:48:09 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6698c4d1-41b9-4821-ab47-9638cc655d98}

    Error: (03/29/2012 11:03:23 PM) (Source: SideBySide)(User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 11\nero backitup\NBVSSTool_x64.exe

    Error: (03/29/2012 00:44:21 AM) (Source: Application Error)(User: )
    Description: SUPERAntiSpyware.exe5.0.0.11464ef36d2fSHELL32.dll6.1.7601.177554f0412dec00000050004b223122801cd0d667c1d1bc1C:\Users\Johnny Rod\Desktop\SUPERAntiSpyware.exeC:\Windows\system32\SHELL32.dlld9694494-7959-11e1-9163-f3c81959c6de

    Error: (03/29/2012 00:26:58 AM) (Source: Application Error)(User: )
    Description: jre-6u31-windows-i586.exe6.0.310.54f2ce2faSHELL32.dll6.1.7601.177554f0412dec00000050004b223e7c01cd0d641262b5c5C:\Users\Johnny Rod\Desktop\jre-6u31-windows-i586.exeC:\Windows\system32\SHELL32.dll6bbb4e78-7957-11e1-9c96-827c4b9f5ddf

    Error: (03/28/2012 10:35:11 PM) (Source: System Restore)(User: )
    Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

    Error: (03/28/2012 10:35:11 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


    Operation:
    Instantiating VSS server

    Error: (03/28/2012 10:35:11 PM) (Source: VSS)(User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


    Operation:
    Instantiating VSS server


    ========================= Devices: ================================

    Name: CD-ROM Drive
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Disk Virtual Machine Bus Acceleration Filter Driver
    Description: Disk Virtual Machine Bus Acceleration Filter Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: storflt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: AOC V22
    Description: AOC V22
    Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
    Manufacturer: AOC International (Europe) GmbH
    Service: monitor
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Texas Instruments 1394 OHCI Compliant Host Controller
    Description: Texas Instruments 1394 OHCI Compliant Host Controller
    Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
    Manufacturer: Texas Instruments
    Service: 1394ohci
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: PEAUTH
    Description: PEAUTH
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: PEAUTH
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: High Definition Audio Controller
    Description: High Definition Audio Controller
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: HDAudBus
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: AMD Phenom(tm) II X4 955 Processor
    Description: AMD Processor
    Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Manufacturer: Advanced Micro Devices
    Service: AmdPPM
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Composite Bus Enumerator
    Description: Composite Bus Enumerator
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: CompositeBus
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Virtual Machine Bus
    Description: Virtual Machine Bus
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: vmbus
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: msisadrv
    Description: msisadrv
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: msisadrv
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: AMD Phenom(tm) II X4 955 Processor
    Description: AMD Processor
    Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Manufacturer: Advanced Micro Devices
    Service: AmdPPM
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: UMBus Root Bus Enumerator
    Description: UMBus Root Bus Enumerator
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: umbus
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft Virtual Drive Enumerator Driver
    Description: Microsoft Virtual Drive Enumerator Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service: vdrvroot
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Realtek PCIe GBE Family Controller
    Description: Realtek PCIe GBE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: USB Virtualization Connector Driver
    Description: USB Virtualization Connector Driver
    Class Guid: {aed279d9-7dd0-49ab-8024-4f65418531fb}
    Manufacturer: (Standard system devices)
    Service: vpcusb
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: AMD Phenom(tm) II X4 955 Processor
    Description: AMD Processor
    Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Manufacturer: Advanced Micro Devices
    Service: AmdPPM
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Virtual PC Host Bus Driver
    Description: Virtual PC Host Bus Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vpcbus
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: CD-ROM Drive
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: AMD Phenom(tm) II X4 955 Processor
    Description: AMD Processor
    Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
    Manufacturer: Advanced Micro Devices
    Service: AmdPPM
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: PCI standard ISA bridge
    Description: PCI standard ISA bridge
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service: msisadrv
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: TSSTcorp CDDVDW SH-S223C SATA CdRom Device
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
    Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
    If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
    You may need to install additional random access memory (RAM).
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: AODDriver
    Description: AODDriver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: AODDriver
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ========================= Memory info: ===================================

    Percentage of memory in use: 39%
    Total physical RAM: 3324.51 MB
    Available physical RAM: 2000.39 MB
    Total Pagefile: 6647.31 MB
    Available Pagefile: 4477 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1935.36 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:59.53 GB) (Free:19.23 GB) NTFS
    2 Drive d: () (Removable) (Total:0.95 GB) (Free:0.36 GB) FAT
    3 Drive f: () (Fixed) (Total:232.88 GB) (Free:204.56 GB) NTFS
    4 Drive g: () (Fixed) (Total:149.05 GB) (Free:116.66 GB) NTFS
    5 Drive h: () (Fixed) (Total:465.76 GB) (Free:41.48 GB) NTFS
    6 Drive i: () (Fixed) (Total:189.92 GB) (Free:182.54 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\JOHNNYROD-PC

    Administrator ASPNET Guest
    Johnny Rod UpdatusUser


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...