Inactive Several viruses took out internet, desktop, drives and who knows what else ugh!

[jrod4571]

I got a phoney virus scan which I could not stop in time. My desk top went black, my hard drives were gone and I could not access internet. I had microsoft essentials running but it could not remove infection. I managed to get my desktop and drives back using "unhide", and used Dr Web which listed several rootkits and trojoans, holy cow!!. managed to getrid of most of it, but I'm stuck. No internet connection though host shows "available" . Device Manager is a train wreck
Help would be appreciated. Currently using wifes pc for this.
JRod

Ran Microsoft Safety Scanner and got the following:
Found Java/Blacole.ET
Java/cve.2012-05-07.D
Win32/Fakesysdef
Trojandownloader: WIN32/Obvod.K

All deleted, rebooted and scanning again
also found
virtool:win32/Obfuscator.PC , which was detected but not deleted.
still no fix regarding device manager
Thanks

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[jrod4571]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Johnny Rod :: JOHNNYROD-PC [administrator]

3/29/2012 9:36:10 PM
mbam-log-2012-03-29 (21-36-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199288
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[jrod4571]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-29 21:47:38
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000064 SAMSUNG_ rev.CXM0
Running: dpfjevuf.exe; Driver: C:\Users\JOHNNY~1\AppData\Local\Temp\axddyuob.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 890486E0
Device \FileSystem\Ntfs \Ntfs 88FED0D0
Device \FileSystem\Ntfs \Ntfs 88E811F0
Device \FileSystem\Ntfs \Ntfs 88AA3170
Device \FileSystem\Ntfs \Ntfs 88D7AC50

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat dwprot.sys
AttachedDevice \Driver\tdx \Device\Ip dwprot.sys
AttachedDevice \Driver\tdx \Device\Tcp dwprot.sys
AttachedDevice \Driver\tdx \Device\Udp dwprot.sys
AttachedDevice \Driver\tdx \Device\RawIp dwprot.sys

---- EOF - GMER 1.0.15 ----

 

[jrod4571]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Johnny Rod at 21:50:25 on 2012-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3325.2472 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
G:\Program Files\SUPERantispyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
G:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
I:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - g:\program files\java\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\bin\jp2ssv.dll
uRun: [Verizon Media Manager] c:\program files\verizon\verizon media manager\release\Verizon Media Manager.exe 0
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [SUPERAntiSpyware] g:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [PPort11reminder] "g:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [PS121v2] "c:\program files\netgear\ps121v2\PS121v2.exe" /hide
mRun: [MRUTray] c:\program files\marvell\raid\tray\MarvellTray.exe
mRun: [UVS10 Preload] g:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Garmin Lifetime Updater] g:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\johnny~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\samsung ssd magician\Samsung SSD Magician.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B1EC83AA-DA16-4F69-B448-DA053D423864} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - g:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - g:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-13 20008]
R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2009-11-5 255016]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-12-19 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-12-19 12464]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-12-19 18544]
R1 SASDIFSV;SASDIFSV;g:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;g:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;g:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AODDriver4.1;AODDriver4.1;g:\program files\amd\overdrive\i386\AODDriver2.sys [2011-10-14 39936]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\raid\svc\mvraidsvc.exe [2009-10-13 151552]
R2 MRUWebService;MRU Web Service;c:\program files\marvell\raid\apache2\bin\httpd.exe [2008-6-12 24635]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2012-1-7 13824]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2012-1-7 35840]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 146568]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-19 30392]
RUnknown DwProt;DwProt; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2011-12-19 24944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-19 15872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-24 393320]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-19 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-03-30 01:12:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d3323c31-8a9b-4b05-8554-c099a744ead1}\offreg.dll
2012-03-29 04:49:05 -------- d-----w- c:\users\johnny rod\appdata\roaming\SUPERAntiSpyware.com
2012-03-29 04:48:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-29 04:46:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-29 04:13:52 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-29 03:17:59 -------- d-----w- c:\users\johnny rod\appdata\local\temp
2012-03-29 02:35:09 98816 ----a-w- c:\windows\sed.exe
2012-03-29 02:35:09 518144 ----a-w- c:\windows\SWREG.exe
2012-03-29 02:35:09 256000 ----a-w- c:\windows\PEV.exe
2012-03-29 02:35:09 208896 ----a-w- c:\windows\MBR.exe
2012-03-28 23:24:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 18:32:53 -------- d-----w- c:\users\johnny rod\DoctorWeb
2012-03-14 18:13:02 -------- d-----w- c:\program files\iPod
2012-03-13 18:49:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 18:49:04 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-11 15:04:53 -------- d-----w- c:\users\johnny rod\appdata\local\WBFSManager
2012-03-11 14:17:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-04 18:50:26 -------- d-----w- c:\users\johnny rod\appdata\roaming\Catalina Marketing Corp
2012-03-04 18:50:25 485576 ----a-w- c:\users\johnny rod\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe
2012-03-03 23:35:53 -------- d-----w- c:\program files\VideoLAN
2012-02-29 17:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
==================== Find3M ====================
.
2012-03-29 04:28:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 23:26:58 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-03-25 18:16:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-12 21:50:17 17488 ----a-w- c:\windows\gdrv.sys
2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59:00 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-29 23:59:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-22 22:58:20 71072 ----a-w- c:\windows\CouponPrinter.ocx
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 22:06:54 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-19 22:00:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-18 10:44:28 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys
2012-01-18 10:44:26 196896 ----a-w- c:\windows\system32\lvci13311044.dll
2012-01-18 10:44:00 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 10:44:00 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 10:44:00 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-01 03:42:20 249856 ------w- c:\windows\Setup1.exe
2012-01-01 03:42:19 73216 ----a-w- c:\windows\ST6UNST.EXE
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_ rev.CXM0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
c:\windows\system32\drivers\amdxata.sys Advanced Micro Devices Stor Filter Driver
c:\windows\system32\drivers\amdsata.sys Advanced Micro Devices AHCI 1.2 Device Driver
1 ntkrnlpa!IofCallDriver[0x8383955A] -> \Device\Harddisk0\DR0[0x871F7030]
3 CLASSPNP[0x8CC6659E] -> ntkrnlpa!IofCallDriver[0x8383955A] -> [0x86CA7C80]
5 amdxata[0x8457D6B3] -> ntkrnlpa!IofCallDriver[0x8383955A] -> [0x86CA5930]
7 ACPI[0x83F293D4] -> ntkrnlpa!IofCallDriver[0x8383955A] -> \Device\00000064[0x86C9E030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 125045422 (+255): user != kernel
.
============= FINISH: 21:50:40.19 ===============

 

[jrod4571]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/19/2011 5:23:22 PM
System Uptime: 3/29/2012 9:11:53 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-880GM-USB3
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3214/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 19.411 GiB free.
D: is Removable
F: is FIXED (NTFS) - 233 GiB total, 204.555 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 116.62 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 41.477 GiB free.
I: is FIXED (NTFS) - 190 GiB total, 182.539 GiB free.
J: is Removable
K: is Removable
L: is Removable
M: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
Description: AOC V22
Device ID: DISPLAY\AOC2200\5&5921B6E&0&UID1048848
Manufacturer: AOC International (Europe) GmbH
Name: AOC V22
PNP Device ID: DISPLAY\AOC2200\5&5921B6E&0&UID1048848
Service: monitor
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PEAUTH
Device ID: ROOT\LEGACY_PEAUTH\0000
Manufacturer:
Name: PEAUTH
PNP Device ID: ROOT\LEGACY_PEAUTH\0000
Service: PEAUTH
.
Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Description: Texas Instruments 1394 OHCI Compliant Host Controller
Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_10001458&REV_00\4&35E69562&0&70A4
Manufacturer: Texas Instruments
Name: Texas Instruments 1394 OHCI Compliant Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_10001458&REV_00\4&35E69562&0&70A4
Service: 1394ohci
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Controller
Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_A1021458&REV_00\3&18D45AA6&0&A2
Manufacturer: Microsoft
Name: High Definition Audio Controller
PNP Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_A1021458&REV_00\3&18D45AA6&0&A2
Service: HDAudBus
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: msisadrv
Device ID: ROOT\LEGACY_MSISADRV\0000
Manufacturer:
Name: msisadrv
PNP Device ID: ROOT\LEGACY_MSISADRV\0000
Service: msisadrv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Virtual Machine Bus
Device ID: ROOT\LEGACY_VMBUS\0000
Manufacturer:
Name: Virtual Machine Bus
PNP Device ID: ROOT\LEGACY_VMBUS\0000
Service: vmbus
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Composite Bus Enumerator
Device ID: ROOT\COMPOSITEBUS\0000
Manufacturer: Microsoft
Name: Composite Bus Enumerator
PNP Device ID: ROOT\COMPOSITEBUS\0000
Service: CompositeBus
.
Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Description: AMD Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_0
Manufacturer: Advanced Micro Devices
Name: AMD Phenom(tm) II X4 955 Processor
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_0
Service: AmdPPM
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: UMBus Root Bus Enumerator
Device ID: ROOT\UMBUS\0000
Manufacturer: Microsoft
Name: UMBus Root Bus Enumerator
PNP Device ID: ROOT\UMBUS\0000
Service: umbus
.
Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Description: AMD Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_1
Manufacturer: Advanced Micro Devices
Name: AMD Phenom(tm) II X4 955 Processor
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_1
Service: AmdPPM
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual Drive Enumerator Driver
Device ID: ROOT\VDRVROOT\0000
Manufacturer: (Standard system devices)
Name: Microsoft Virtual Drive Enumerator Driver
PNP Device ID: ROOT\VDRVROOT\0000
Service: vdrvroot
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&2BE2F00&0&0050
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&2BE2F00&0&0050
Service: RTL8167
.
Class GUID: {aed279d9-7dd0-49ab-8024-4f65418531fb}
Description: USB Virtualization Connector Driver
Device ID: ROOT\VMUSBCONNECTOR\0000
Manufacturer: (Standard system devices)
Name: USB Virtualization Connector Driver
PNP Device ID: ROOT\VMUSBCONNECTOR\0000
Service: vpcusb
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Virtual PC Host Bus Driver
Device ID: ROOT\VPCBUS\0000
Manufacturer: Microsoft
Name: Virtual PC Host Bus Driver
PNP Device ID: ROOT\VPCBUS\0000
Service: vpcbus
.
Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Description: AMD Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_2
Manufacturer: Advanced Micro Devices
Name: AMD Phenom(tm) II X4 955 Processor
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_2
Service: AmdPPM
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_ATAPI&PROD_IHBS112___2\4&D21DEFA&0&060000
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_ATAPI&PROD_IHBS112___2\4&D21DEFA&0&060000
Service: cdrom
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: PCI standard ISA bridge
Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_00\3&18D45AA6&0&A3
Manufacturer: (Standard system devices)
Name: PCI standard ISA bridge
PNP Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_00\3&18D45AA6&0&A3
Service: msisadrv
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_CDDVDW_SH-S223C\4&D21DEFA&0&030000
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp CDDVDW SH-S223C SATA CdRom Device
PNP Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_CDDVDW_SH-S223C\4&D21DEFA&0&030000
Service: cdrom
.
Class GUID: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Description: AMD Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_3
Manufacturer: Advanced Micro Devices
Name: AMD Phenom(tm) II X4 955 Processor
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_16_MODEL_4_-_AMD_PHENOM(TM)_II_X4_955_PROCESSOR\_3
Service: AmdPPM
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Disk Virtual Machine Bus Acceleration Filter Driver
Device ID: ROOT\LEGACY_STORFLT\0000
Manufacturer:
Name: Disk Virtual Machine Bus Acceleration Filter Driver
PNP Device ID: ROOT\LEGACY_STORFLT\0000
Service: storflt
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: USBSTOR\CDROM&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_2.18\0000060505128913&1
Manufacturer: (Standard CD-ROM drives)
Name: SanDisk U3 Cruzer Micro USB Device
PNP Device ID: USBSTOR\CDROM&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_2.18\0000060505128913&1
Service: cdrom
.
==== System Restore Points ===================
.
RP19: 3/28/2012 11:44:37 PM - Removed Java(TM) 6 Update 30
RP20: 3/28/2012 11:45:23 PM - Removed JavaFX 2.0.2
RP21: 3/28/2012 11:55:10 PM - Removed Java(TM) 7 Update 2
RP22: 3/29/2012 12:28:22 AM - Installed Java(TM) 6 Update 31
.
==== Installed Programs ======================
.
@BIOS
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
AutoGreen B10.1021.1
Bonjour
Brother MFL-Pro Suite MFC-290C
CameraHelperMsi
CD Recovery Toolbox Free 1.1
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DriverUpdate
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Print CD
EPSON Printer Software
erLT
FormatFactory 2.90
Garmin Lifetime Updater
Garmin USB Drivers
High-Definition Video Playback
ImgBurn
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell MRU V4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB973685)
Nero 11
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 InfoTool
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero InfoTool 11
Nero InfoTool 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NetGear PS121v2
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA Drivers
NVIDIA Graphics Driver 296.10
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA Update 1.7.11
ON_OFF Charge B11.0110.1
ooVoo
Picasa 3
QuickBooks Premier: Accountant Edition 2007
QuickBooks Product Listing Service
Quicken 2011
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
RealUpgrade 1.1
Redist
Renesas Electronics USB 3.0 Host Controller Driver
Samsung SSD Magician
SAMSUNG USB Driver for Mobile Phones
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Stellarium 0.11.1
StreamTransport version: 1.0.2.2171
SUPERAntiSpyware
Ulead VideoStudio SE DVD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
USB2.0 Capture Device
Verizon Media Manager
VLC media player 1.1.5
Vuze
WBFS Manager 3.0
WBFS to ISO
welcome
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
.
==== Event Viewer Messages From Past Week ========
.
3/29/2012 9:23:08 PM, Error: Microsoft Antimalware [2001] -
3/29/2012 9:12:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom msisadrv storflt vdrvroot vmbus
3/29/2012 9:12:09 PM, Error: Service Control Manager [7023] - The Apache2 service terminated with the following error: The specified module could not be found.
3/29/2012 9:12:09 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
3/29/2012 12:09:09 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/28/2012 8:40:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/28/2012 8:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
3/28/2012 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/28/2012 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/28/2012 8:30:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/28/2012 8:30:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/28/2012 8:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/28/2012 8:30:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/28/2012 8:30:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger cdrom discache ElbyCDIO MpFilter msisadrv spldr storflt vdrvroot vmbus vpcvmm Wanarpv6
3/28/2012 8:30:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 7:27:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/28/2012 7:27:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/28/2012 3:59:34 PM, Error: Service Control Manager [7023] - The NtMtlFax service terminated with the following error: Access is denied.
3/28/2012 3:56:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 11:13:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/28/2012 11:13:11 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/28/2012 11:13:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/28/2012 10:35:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/28/2012 1:34:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/28/2012 1:34:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/28/2012 1:34:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
3/28/2012 1:34:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x864fa990, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
3/28/2012 1:34:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger cdrom CSC DfsC discache ElbyCDIO MpFilter msisadrv NetBIOS NetBT nsiproxy Psched rdbss spldr storflt tdx vdrvroot vmbus vpcnfltr vpcvmm Wanarpv6 WfpLwf
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The MRU Web Service service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The dependency service or group failed to start.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/28/2012 1:34:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/28/2012 1:25:38 PM, Error: Service Control Manager [7023] - The Tm_cfw service terminated with the following error: Access is denied.
3/28/2012 1:24:41 PM, Error: Service Control Manager [7024] - The MRU Web Service service terminated with service-specific error Incorrect function..
3/28/2012 1:24:41 PM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The service has returned a service-specific error code.
3/28/2012 1:24:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xa7078000, 0x00000000, 0x8a10158a, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032812-30966-01.
3/28/2012 1:17:33 AM, Error: Service Control Manager [7023] - The Minilog service terminated with the following error: Access is denied.
3/28/2012 1:02:46 AM, Error: Service Control Manager [7023] - The Wintabservice service terminated with the following error: Access is denied.
3/27/2012 8:08:10 PM, Error: Service Control Manager [7023] - The S616unic service terminated with the following error: Access is denied.
3/27/2012 7:13:42 PM, Error: Service Control Manager [7023] - The Vci service terminated with the following error: Access is denied.
3/27/2012 6:48:40 PM, Error: Service Control Manager [7023] - The Elnkservice service terminated with the following error: Access is denied.
3/27/2012 2:59:40 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
3/27/2012 2:30:05 PM, Error: Service Control Manager [7023] - The SeratoUsb service terminated with the following error: Access is denied.
3/27/2012 11:40:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom msisadrv spldr storflt vdrvroot vmbus
3/27/2012 11:39:58 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
3/27/2012 11:39:58 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
3/27/2012 11:33:56 AM, Error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: Access is denied.
3/27/2012 11:30:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/27/2012 11:30:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/27/2012 11:03:10 AM, Error: Service Control Manager [7023] - The Vzfw service terminated with the following error: Access is denied.
3/27/2012 10:48:05 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the path specified.
3/27/2012 10:47:50 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/27/2012 10:46:06 AM, Error: Service Control Manager [7023] - The GTWModem service terminated with the following error: Access is denied.
3/27/2012 10:45:06 AM, Error: Service Control Manager [7023] - The Venturi2 service terminated with the following error: Access is denied.
3/26/2012 5:09:04 PM, Error: Ntfs [137] - The default transaction resource manager on volume O: encountered a non-retryable error and could not start. The data contains the error code.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[jrod4571]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 22:14:01
-----------------------------
22:14:01.095 OS Version: Windows 6.1.7601 Service Pack 1
22:14:01.095 Number of processors: 4 586 0x403
22:14:01.096 ComputerName: JOHNNYROD-PC UserName: Johnny Rod
22:14:01.938 Initialize success
22:14:08.997 AVAST engine download error: 0
22:14:23.123 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
22:14:23.125 Disk 0 Vendor: SAMSUNG_ CXM0 Size: 61057MB BusType: 11
22:14:23.126 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
22:14:23.128 Disk 1 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 11
22:14:23.130 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000067
22:14:23.132 Disk 2 Vendor: ST350041 JC45 Size: 476940MB BusType: 11
22:14:23.134 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\mv91xx1Port1Path0Target0Lun0
22:14:23.137 Disk 3 Vendor: Maxtor_6 VA11 Size: 194481MB BusType: 11
22:14:23.140 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP0T0L0-0
22:14:23.142 Disk 4 Vendor: HDT722525DLAT80 V44OA70A Size: 238471MB BusType: 3
22:14:23.147 Disk 0 MBR read successfully
22:14:23.150 Disk 0 MBR scan
22:14:23.153 Disk 0 Windows 7 default MBR code
22:14:23.158 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:14:23.162 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
22:14:23.167 Disk 0 scanning sectors +125042688
22:14:23.175 Disk 0 scanning C:\Windows\system32\drivers
22:14:25.017 Service scanning
22:14:27.652 Modules scanning
22:14:29.547 Disk 0 trace - called modules:
22:14:29.553 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
22:14:29.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871f7030]
22:14:29.561 3 CLASSPNP.SYS[8cc6659e] -> nt!IofCallDriver -> [0x86ca7c80]
22:14:29.565 5 amdxata.sys[8457d6b3] -> nt!IofCallDriver -> [0x86ca5930]
22:14:29.569 7 ACPI.sys[83f293d4] -> nt!IofCallDriver -> \Device\00000064[0x86c9e030]
22:14:29.573 Scan finished successfully
22:14:43.157 Disk 0 MBR has been saved successfully to "C:\Users\Johnny Rod\Desktop\MBR.dat"
22:14:43.161 The log file has been saved successfully to "C:\Users\Johnny Rod\Desktop\aswMBR.txt"

 

[jrod4571]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
59 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[jrod4571]

23:09:11.0617 5356 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:09:11.0623 5356 ============================================================
23:09:11.0623 5356 Current date / time: 2012/03/29 23:09:11.0623
23:09:11.0623 5356 SystemInfo:
23:09:11.0623 5356
23:09:11.0624 5356 OS Version: 6.1.7601 ServicePack: 1.0
23:09:11.0624 5356 Product type: Workstation
23:09:11.0624 5356 ComputerName: JOHNNYROD-PC
23:09:11.0624 5356 UserName: Johnny Rod
23:09:11.0624 5356 Windows directory: C:\Windows
23:09:11.0624 5356 System windows directory: C:\Windows
23:09:11.0624 5356 Processor architecture: Intel x86
23:09:11.0624 5356 Number of processors: 4
23:09:11.0624 5356 Page size: 0x1000
23:09:11.0624 5356 Boot type: Normal boot
23:09:11.0624 5356 ============================================================
23:09:12.0211 5356 Drive \Device\Harddisk3\DR3 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
23:09:12.0212 5356 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:12.0224 5356 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:15.0971 5356 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:15.0995 5356 Drive \Device\Harddisk4\DR4 - Size: 0x3A38725E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
23:09:16.0090 5356 \Device\Harddisk3\DR3:
23:09:16.0090 5356 MBR used
23:09:16.0090 5356 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD5299
23:09:16.0090 5356 \Device\Harddisk0\DR0:
23:09:16.0090 5356 MBR used
23:09:16.0090 5356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:09:16.0090 5356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
23:09:16.0090 5356 \Device\Harddisk1\DR1:
23:09:16.0107 5356 MBR used
23:09:16.0107 5356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18AC1
23:09:16.0107 5356 \Device\Harddisk2\DR2:
23:09:16.0108 5356 MBR used
23:09:16.0108 5356 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385C01
23:09:16.0108 5356 \Device\Harddisk4\DR4:
23:09:16.0108 5356 MBR used
23:09:16.0108 5356 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C38F1
23:09:16.0152 5356 Initialize success
23:09:16.0152 5356 ============================================================
23:15:15.0252 4620 ============================================================
23:15:15.0252 4620 Scan started
23:15:15.0252 4620 Mode: Manual;
23:15:15.0252 4620 ============================================================
23:15:15.0602 4620 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) G:\Program Files\SUPERantispyware\SASCORE.EXE
23:15:15.0603 4620 !SASCORE - ok
23:15:15.0622 4620 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:15:15.0623 4620 1394ohci - ok
23:15:15.0632 4620 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
23:15:15.0633 4620 61883 - ok
23:15:15.0644 4620 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:15:15.0645 4620 ACPI - ok
23:15:15.0654 4620 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:15:15.0654 4620 AcpiPmi - ok
23:15:15.0658 4620 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:15:15.0659 4620 AdobeARMservice - ok
23:15:15.0672 4620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:15:15.0675 4620 adp94xx - ok
23:15:15.0687 4620 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:15:15.0689 4620 adpahci - ok
23:15:15.0699 4620 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:15:15.0701 4620 adpu320 - ok
23:15:15.0711 4620 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:15:15.0711 4620 AeLookupSvc - ok
23:15:15.0723 4620 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:15:15.0724 4620 AFD - ok
23:15:15.0734 4620 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:15:15.0734 4620 agp440 - ok
23:15:15.0743 4620 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:15:15.0744 4620 aic78xx - ok
23:15:15.0753 4620 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:15:15.0753 4620 ALG - ok
23:15:15.0762 4620 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:15:15.0762 4620 aliide - ok
23:15:15.0771 4620 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:15:15.0772 4620 amdagp - ok
23:15:15.0781 4620 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:15:15.0781 4620 amdide - ok
23:15:15.0790 4620 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:15:15.0791 4620 AmdK8 - ok
23:15:15.0800 4620 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:15:15.0801 4620 AmdPPM - ok
23:15:15.0810 4620 amdsata (04b2587c961c084634054d60d3eb385b) C:\Windows\system32\DRIVERS\amdsata.sys
23:15:15.0810 4620 amdsata - ok
23:15:15.0820 4620 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:15:15.0822 4620 amdsbs - ok
23:15:15.0831 4620 amdxata (c078b06811670b90a52ae51ac3808e1e) C:\Windows\system32\DRIVERS\amdxata.sys
23:15:15.0831 4620 amdxata - ok
23:15:15.0839 4620 AODDriver - ok
23:15:15.0883 4620 AODDriver4.1 (f72ae76124039a9ac37cdf05cfafa9dc) G:\Program Files\AMD\OverDrive\i386\AODDriver2.sys
23:15:15.0883 4620 AODDriver4.1 - ok
23:15:15.0892 4620 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:15:15.0893 4620 AppID - ok
23:15:15.0901 4620 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:15:15.0902 4620 AppIDSvc - ok
23:15:15.0910 4620 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:15:15.0910 4620 Appinfo - ok
23:15:15.0914 4620 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:15:15.0915 4620 Apple Mobile Device - ok
23:15:15.0924 4620 AppleCharger (e592751036c1d0a74ec3e57302a03745) C:\Windows\system32\DRIVERS\AppleCharger.sys
23:15:15.0924 4620 AppleCharger - ok
23:15:15.0932 4620 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
23:15:15.0933 4620 AppleChargerSrv - ok
23:15:15.0943 4620 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
23:15:15.0943 4620 AppMgmt - ok
23:15:15.0953 4620 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:15:15.0954 4620 arc - ok
23:15:15.0963 4620 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:15:15.0964 4620 arcsas - ok
23:15:15.0969 4620 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:15:15.0969 4620 aspnet_state - ok
23:15:15.0978 4620 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:15:15.0979 4620 AsyncMac - ok
23:15:15.0988 4620 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:15:15.0988 4620 atapi - ok
23:15:15.0997 4620 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:15:15.0998 4620 AtiPcie - ok
23:15:16.0011 4620 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:15:16.0013 4620 AudioEndpointBuilder - ok
23:15:16.0018 4620 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:15:16.0020 4620 Audiosrv - ok
23:15:16.0029 4620 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
23:15:16.0030 4620 Avc - ok
23:15:16.0039 4620 AVCSTRM (1983e63a12427f8f26d625ceb5cd01fc) C:\Windows\system32\DRIVERS\avcstrm.sys
23:15:16.0039 4620 AVCSTRM - ok
23:15:16.0048 4620 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:15:16.0049 4620 AxInstSV - ok
23:15:16.0061 4620 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:15:16.0065 4620 b06bdrv - ok
23:15:16.0076 4620 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:15:16.0078 4620 b57nd60x - ok
23:15:16.0088 4620 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:15:16.0088 4620 BDESVC - ok
23:15:16.0097 4620 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:15:16.0097 4620 Beep - ok
23:15:16.0111 4620 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:15:16.0113 4620 BFE - ok
23:15:16.0127 4620 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
23:15:16.0131 4620 BITS - ok
23:15:16.0140 4620 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:15:16.0140 4620 blbdrive - ok
23:15:16.0146 4620 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:15:16.0148 4620 Bonjour Service - ok
23:15:16.0157 4620 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:15:16.0158 4620 bowser - ok
23:15:16.0166 4620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:15:16.0167 4620 BrFiltLo - ok
23:15:16.0176 4620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:15:16.0176 4620 BrFiltUp - ok
23:15:16.0187 4620 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:15:16.0188 4620 BridgeMP - ok
23:15:16.0197 4620 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:15:16.0198 4620 Browser - ok
23:15:16.0209 4620 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:15:16.0211 4620 Brserid - ok
23:15:16.0221 4620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:15:16.0221 4620 BrSerWdm - ok
23:15:16.0230 4620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:15:16.0230 4620 BrUsbMdm - ok
23:15:16.0239 4620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:15:16.0240 4620 BrUsbSer - ok
23:15:16.0249 4620 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:15:16.0250 4620 BTHMODEM - ok
23:15:16.0260 4620 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:15:16.0260 4620 bthserv - ok
23:15:16.0262 4620 catchme - ok
23:15:16.0272 4620 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:15:16.0273 4620 cdfs - ok
23:15:16.0282 4620 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:15:16.0283 4620 cdrom - ok
23:15:16.0292 4620 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:15:16.0293 4620 CertPropSvc - ok
23:15:16.0302 4620 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:15:16.0302 4620 circlass - ok
23:15:16.0313 4620 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:15:16.0314 4620 CLFS - ok
23:15:16.0318 4620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:15:16.0319 4620 clr_optimization_v2.0.50727_32 - ok
23:15:16.0324 4620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:15:16.0324 4620 clr_optimization_v4.0.30319_32 - ok
23:15:16.0333 4620 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:15:16.0333 4620 CmBatt - ok
23:15:16.0343 4620 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:15:16.0343 4620 cmdide - ok
23:15:16.0356 4620 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
23:15:16.0357 4620 CNG - ok
23:15:16.0366 4620 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:15:16.0366 4620 Compbatt - ok
23:15:16.0376 4620 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:15:16.0376 4620 CompositeBus - ok
23:15:16.0384 4620 COMSysApp - ok
23:15:16.0394 4620 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:15:16.0394 4620 crcdisk - ok
23:15:16.0405 4620 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
23:15:16.0406 4620 CryptSvc - ok
23:15:16.0442 4620 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
23:15:16.0443 4620 CSC - ok
23:15:16.0461 4620 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
23:15:16.0464 4620 CscService - ok
23:15:16.0485 4620 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:15:16.0488 4620 DcomLaunch - ok
23:15:16.0507 4620 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:15:16.0508 4620 defragsvc - ok
23:15:16.0524 4620 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:15:16.0525 4620 DfsC - ok
23:15:16.0542 4620 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:15:16.0543 4620 Dhcp - ok
23:15:16.0557 4620 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:15:16.0558 4620 discache - ok
23:15:16.0576 4620 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:15:16.0576 4620 Disk - ok
23:15:16.0592 4620 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:15:16.0593 4620 Dnscache - ok
23:15:16.0611 4620 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:15:16.0612 4620 dot3svc - ok
23:15:16.0630 4620 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:15:16.0631 4620 DPS - ok
23:15:16.0647 4620 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:15:16.0647 4620 drmkaud - ok
23:15:16.0659 4620 dsunidrv - ok
23:15:16.0676 4620 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:15:16.0679 4620 DXGKrnl - ok
23:15:16.0688 4620 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:15:16.0689 4620 EapHost - ok
23:15:16.0725 4620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:15:16.0749 4620 ebdrv - ok
23:15:16.0758 4620 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:15:16.0759 4620 EFS - ok
23:15:16.0767 4620 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
23:15:16.0771 4620 ehRecvr - ok
23:15:16.0775 4620 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:15:16.0776 4620 ehSched - ok
23:15:16.0789 4620 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:15:16.0793 4620 elxstor - ok
23:15:16.0801 4620 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:15:16.0802 4620 ErrDev - ok
23:15:16.0817 4620 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:15:16.0818 4620 EventSystem - ok
23:15:16.0829 4620 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:15:16.0830 4620 exfat - ok
23:15:16.0840 4620 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:15:16.0841 4620 fastfat - ok
23:15:16.0854 4620 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:15:16.0856 4620 Fax - ok
23:15:16.0865 4620 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:15:16.0866 4620 fdc - ok
23:15:16.0874 4620 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:15:16.0875 4620 fdPHost - ok
23:15:16.0883 4620 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:15:16.0884 4620 FDResPub - ok
23:15:16.0893 4620 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:15:16.0893 4620 FileInfo - ok
23:15:16.0902 4620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:15:16.0903 4620 Filetrace - ok
23:15:16.0912 4620 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:15:16.0912 4620 flpydisk - ok
23:15:16.0923 4620 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:15:16.0924 4620 FltMgr - ok
23:15:16.0940 4620 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:15:16.0944 4620 FontCache - ok
23:15:16.0948 4620 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:15:16.0949 4620 FontCache3.0.0.0 - ok
23:15:16.0958 4620 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:15:16.0959 4620 FsDepends - ok
23:15:16.0967 4620 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:15:16.0968 4620 Fs_Rec - ok
23:15:16.0979 4620 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:15:16.0980 4620 fvevol - ok
23:15:16.0989 4620 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:15:16.0990 4620 gagp30kx - ok
23:15:16.0992 4620 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
23:15:16.0992 4620 gdrv - ok
23:15:17.0001 4620 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:15:17.0002 4620 GEARAspiWDM - ok
23:15:17.0016 4620 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:15:17.0019 4620 gpsvc - ok
23:15:17.0023 4620 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:15:17.0024 4620 gusvc - ok
23:15:17.0033 4620 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\Windows\system32\Drivers\GVTDrv.sys
23:15:17.0034 4620 GVTDrv - ok
23:15:17.0043 4620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:15:17.0043 4620 hcw85cir - ok
23:15:17.0055 4620 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:15:17.0058 4620 HdAudAddService - ok
23:15:17.0068 4620 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:15:17.0069 4620 HDAudBus - ok
23:15:17.0078 4620 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:15:17.0078 4620 HidBatt - ok
23:15:17.0088 4620 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:15:17.0089 4620 HidBth - ok
23:15:17.0098 4620 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:15:17.0099 4620 HidIr - ok
23:15:17.0107 4620 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:15:17.0108 4620 hidserv - ok
23:15:17.0117 4620 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:15:17.0117 4620 HidUsb - ok
23:15:17.0126 4620 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:15:17.0128 4620 hkmsvc - ok
23:15:17.0137 4620 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:15:17.0139 4620 HomeGroupListener - ok
23:15:17.0149 4620 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:15:17.0151 4620 HomeGroupProvider - ok
23:15:17.0160 4620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:15:17.0161 4620 HpSAMD - ok
23:15:17.0175 4620 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:15:17.0177 4620 HTTP - ok
23:15:17.0186 4620 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:15:17.0186 4620 hwpolicy - ok
23:15:17.0196 4620 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:15:17.0197 4620 i8042prt - ok
23:15:17.0209 4620 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

 

[jrod4571]

23:15:17.0211 4620 iaStorV - ok
23:15:17.0215 4620 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:15:17.0216 4620 IDriverT - ok
23:15:17.0228 4620 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:15:17.0236 4620 idsvc - ok
23:15:17.0245 4620 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:15:17.0246 4620 iirsp - ok
23:15:17.0261 4620 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:15:17.0264 4620 IKEEXT - ok
23:15:17.0274 4620 IntcAzAudAddService - ok
23:15:17.0283 4620 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:15:17.0284 4620 intelide - ok
23:15:17.0294 4620 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:15:17.0294 4620 intelppm - ok
23:15:17.0303 4620 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:15:17.0304 4620 IPBusEnum - ok
23:15:17.0313 4620 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:15:17.0314 4620 IpFilterDriver - ok
23:15:17.0327 4620 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:15:17.0330 4620 iphlpsvc - ok
23:15:17.0339 4620 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:15:17.0340 4620 IPMIDRV - ok
23:15:17.0350 4620 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:15:17.0351 4620 IPNAT - ok
23:15:17.0361 4620 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
23:15:17.0365 4620 iPod Service - ok
23:15:17.0373 4620 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:15:17.0374 4620 IRENUM - ok
23:15:17.0383 4620 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:15:17.0384 4620 isapnp - ok
23:15:17.0395 4620 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:15:17.0397 4620 iScsiPrt - ok
23:15:17.0406 4620 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:15:17.0407 4620 kbdclass - ok
23:15:17.0416 4620 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:15:17.0416 4620 kbdhid - ok
23:15:17.0425 4620 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:15:17.0426 4620 KeyIso - ok
23:15:17.0435 4620 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
23:15:17.0436 4620 KSecDD - ok
23:15:17.0446 4620 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
23:15:17.0446 4620 KSecPkg - ok
23:15:17.0457 4620 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:15:17.0460 4620 KtmRm - ok
23:15:17.0469 4620 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
23:15:17.0472 4620 LanmanServer - ok
23:15:17.0481 4620 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:15:17.0483 4620 LanmanWorkstation - ok
23:15:17.0493 4620 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:15:17.0494 4620 lltdio - ok
23:15:17.0504 4620 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:15:17.0506 4620 lltdsvc - ok
23:15:17.0514 4620 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:15:17.0515 4620 lmhosts - ok
23:15:17.0525 4620 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:15:17.0527 4620 LSI_FC - ok
23:15:17.0536 4620 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:15:17.0537 4620 LSI_SAS - ok
23:15:17.0546 4620 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:15:17.0547 4620 LSI_SAS2 - ok
23:15:17.0556 4620 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:15:17.0557 4620 LSI_SCSI - ok
23:15:17.0567 4620 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:15:17.0567 4620 luafv - ok
23:15:17.0577 4620 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
23:15:17.0577 4620 LVPr2Mon - ok
23:15:17.0589 4620 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
23:15:17.0591 4620 LVRS - ok
23:15:17.0637 4620 LVUVC (d286215f0bbbe75f726b49261c63152d) C:\Windows\system32\DRIVERS\lvuvc.sys
23:15:17.0654 4620 LVUVC - ok
23:15:17.0659 4620 Marvell RAID (f8217a55b4b183188f8d5b30c5022b49) C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
23:15:17.0660 4620 Marvell RAID - ok
23:15:17.0669 4620 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
23:15:17.0670 4620 Mcx2Svc - ok
23:15:17.0679 4620 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:15:17.0680 4620 megasas - ok
23:15:17.0691 4620 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:15:17.0693 4620 MegaSR - ok
23:15:17.0701 4620 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:15:17.0703 4620 MMCSS - ok
23:15:17.0712 4620 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:15:17.0712 4620 Modem - ok
23:15:17.0721 4620 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:15:17.0722 4620 monitor - ok
23:15:17.0731 4620 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
23:15:17.0732 4620 mouclass - ok
23:15:17.0741 4620 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:15:17.0741 4620 mouhid - ok
23:15:17.0751 4620 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:15:17.0752 4620 mountmgr - ok
23:15:17.0762 4620 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:15:17.0763 4620 mpio - ok
23:15:17.0772 4620 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:15:17.0773 4620 mpsdrv - ok
23:15:17.0787 4620 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:15:17.0790 4620 MpsSvc - ok
23:15:17.0794 4620 MRUWebService (8881574868e648689b7aa88a88716e17) C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
23:15:17.0794 4620 MRUWebService - ok
23:15:17.0804 4620 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:15:17.0806 4620 MRxDAV - ok
23:15:17.0816 4620 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:15:17.0816 4620 mrxsmb - ok
23:15:17.0827 4620 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:15:17.0828 4620 mrxsmb10 - ok
23:15:17.0838 4620 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:15:17.0839 4620 mrxsmb20 - ok
23:15:17.0847 4620 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:15:17.0848 4620 msahci - ok
23:15:17.0858 4620 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:15:17.0859 4620 msdsm - ok
23:15:17.0869 4620 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:15:17.0871 4620 MSDTC - ok
23:15:17.0882 4620 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
23:15:17.0883 4620 MSDV - ok
23:15:17.0892 4620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:15:17.0892 4620 Msfs - ok
23:15:17.0901 4620 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:15:17.0901 4620 mshidkmdf - ok
23:15:17.0911 4620 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:15:17.0911 4620 msisadrv - ok
23:15:17.0921 4620 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:15:17.0922 4620 MSiSCSI - ok
23:15:17.0930 4620 msiserver - ok
23:15:17.0939 4620 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:15:17.0940 4620 MSKSSRV - ok
23:15:17.0949 4620 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:15:17.0950 4620 MSPCLOCK - ok
23:15:17.0959 4620 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:15:17.0959 4620 MSPQM - ok
23:15:17.0970 4620 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:15:17.0971 4620 MsRPC - ok
23:15:17.0982 4620 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:15:17.0982 4620 mssmbios - ok
23:15:17.0992 4620 MSTAPE (dccc7dfe06ac127529d8c86b06df4a37) C:\Windows\system32\DRIVERS\mstape.sys
23:15:17.0992 4620 MSTAPE - ok
23:15:18.0001 4620 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:15:18.0001 4620 MSTEE - ok
23:15:18.0011 4620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:15:18.0011 4620 MTConfig - ok
23:15:18.0021 4620 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:15:18.0021 4620 Mup - ok
23:15:18.0030 4620 mv91cons (f1d1311c55333727a604d40be95881cd) C:\Windows\system32\DRIVERS\mv91cons.sys
23:15:18.0031 4620 mv91cons - ok
23:15:18.0042 4620 mv91xx (a66cd14e2bc2a2208e58b9b7b05a1f8a) C:\Windows\system32\DRIVERS\mv91xx.sys
23:15:18.0043 4620 mv91xx - ok
23:15:18.0055 4620 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:15:18.0058 4620 napagent - ok
23:15:18.0069 4620 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:15:18.0072 4620 NativeWifiP - ok
23:15:18.0081 4620 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe
23:15:18.0083 4620 NAUpdate - ok
23:15:18.0093 4620 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
23:15:18.0093 4620 NBVol - ok
23:15:18.0102 4620 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
23:15:18.0102 4620 NBVolUp - ok
23:15:18.0119 4620 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:15:18.0122 4620 NDIS - ok
23:15:18.0131 4620 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:15:18.0132 4620 NdisCap - ok
23:15:18.0141 4620 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:15:18.0141 4620 NdisTapi - ok
23:15:18.0151 4620 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:15:18.0152 4620 Ndisuio - ok
23:15:18.0161 4620 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:15:18.0162 4620 NdisWan - ok
23:15:18.0171 4620 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:15:18.0172 4620 NDProxy - ok
23:15:18.0181 4620 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:15:18.0181 4620 NetBIOS - ok
23:15:18.0192 4620 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:15:18.0193 4620 NetBT - ok
23:15:18.0202 4620 NETGEARUHOST (00fd381143c937b8cdf639c0de5189e2) C:\Windows\system32\DRIVERS\NETGEARUHOST.sys
23:15:18.0202 4620 NETGEARUHOST - ok
23:15:18.0212 4620 NETGEARUHUB (6f57a54419e6186975fc00dc405fe4b0) C:\Windows\system32\DRIVERS\NETGEARUHUB.sys
23:15:18.0212 4620 NETGEARUHUB - ok
23:15:18.0221 4620 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:15:18.0222 4620 Netlogon - ok
23:15:18.0233 4620 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:15:18.0235 4620 Netman - ok
23:15:18.0246 4620 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:15:18.0249 4620 netprofm - ok
23:15:18.0254 4620 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:15:18.0256 4620 NetTcpPortSharing - ok
23:15:18.0265 4620 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:15:18.0265 4620 nfrd960 - ok
23:15:18.0276 4620 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:15:18.0278 4620 NlaSvc - ok
23:15:18.0287 4620 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:15:18.0288 4620 Npfs - ok
23:15:18.0296 4620 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:15:18.0298 4620 nsi - ok
23:15:18.0306 4620 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:15:18.0307 4620 nsiproxy - ok
23:15:18.0329 4620 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:15:18.0338 4620 Ntfs - ok
23:15:18.0400 4620 nTuneService - ok
23:15:18.0415 4620 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:15:18.0415 4620 Null - ok
23:15:18.0425 4620 nusb3hub (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:15:18.0426 4620 nusb3hub - ok
23:15:18.0436 4620 nusb3xhc (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:15:18.0437 4620 nusb3xhc - ok
23:15:18.0538 4620 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:15:18.0612 4620 nvlddmkm - ok
23:15:18.0623 4620 nvoclock (96c5900331bd17344f338d006888bae5) C:\Windows\system32\DRIVERS\nvoclock.sys
23:15:18.0623 4620 nvoclock - ok
23:15:18.0633 4620 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:15:18.0635 4620 nvraid - ok
23:15:18.0645 4620 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:15:18.0646 4620 nvstor - ok
23:15:18.0661 4620 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
23:15:18.0668 4620 nvsvc - ok
23:15:18.0692 4620 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:15:18.0711 4620 nvUpdatusService - ok
23:15:18.0721 4620 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:15:18.0722 4620 nv_agp - ok
23:15:18.0732 4620 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:15:18.0732 4620 ohci1394 - ok
23:15:18.0736 4620 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:15:18.0737 4620 ose - ok
23:15:18.0781 4620 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:15:18.0799 4620 osppsvc - ok
23:15:18.0813 4620 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:15:18.0816 4620 p2pimsvc - ok
23:15:18.0827 4620 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:15:18.0829 4620 p2psvc - ok
23:15:18.0839 4620 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:15:18.0840 4620 Parport - ok
23:15:18.0849 4620 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:15:18.0850 4620 partmgr - ok
23:15:18.0859 4620 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:15:18.0859 4620 Parvdm - ok
23:15:18.0869 4620 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:15:18.0871 4620 PcaSvc - ok
23:15:18.0882 4620 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:15:18.0883 4620 pci - ok
23:15:18.0891 4620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:15:18.0892 4620 pciide - ok
23:15:18.0903 4620 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:15:18.0905 4620 pcmcia - ok
23:15:18.0914 4620 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:15:18.0915 4620 pcw - ok
23:15:18.0930 4620 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:15:18.0934 4620 PEAUTH - ok
23:15:18.0952 4620 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
23:15:18.0958 4620 PeerDistSvc - ok
23:15:18.0985 4620 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:15:18.0993 4620 pla - ok
23:15:19.0004 4620 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:15:19.0007 4620 PlugPlay - ok
23:15:19.0016 4620 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:15:19.0017 4620 PNRPAutoReg - ok
23:15:19.0028 4620 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:15:19.0030 4620 PNRPsvc - ok
23:15:19.0042 4620 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:15:19.0044 4620 PolicyAgent - ok
23:15:19.0055 4620 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:15:19.0057 4620 Power - ok
23:15:19.0066 4620 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:15:19.0067 4620 PptpMiniport - ok
23:15:19.0076 4620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:15:19.0077 4620 Processor - ok
23:15:19.0086 4620 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
23:15:19.0089 4620 ProfSvc - ok
23:15:19.0097 4620 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:15:19.0098 4620 ProtectedStorage - ok
23:15:19.0108 4620 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:15:19.0108 4620 Psched - ok
23:15:19.0112 4620 QBCFMonitorService (0f1f42c39ab2b16db957a7a1756feffb) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
23:15:19.0112 4620 QBCFMonitorService - ok
23:15:19.0116 4620 QBFCService (92aa40e2b692e8637d45fb2d01137d17) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
23:15:19.0117 4620 QBFCService - ok
23:15:19.0139 4620 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:15:19.0150 4620 ql2300 - ok
23:15:19.0160 4620 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:15:19.0161 4620 ql40xx - ok
23:15:19.0172 4620 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:15:19.0174 4620 QWAVE - ok
23:15:19.0183 4620 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:15:19.0183 4620 QWAVEdrv - ok
23:15:19.0193 4620 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:15:19.0193 4620 RasAcd - ok
23:15:19.0203 4620 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:15:19.0203 4620 RasAgileVpn - ok
23:15:19.0212 4620 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:15:19.0214 4620 RasAuto - ok
23:15:19.0224 4620 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:15:19.0225 4620 Rasl2tp - ok
23:15:19.0235 4620 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:15:19.0238 4620 RasMan - ok
23:15:19.0248 4620 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:15:19.0248 4620 RasPppoe - ok
23:15:19.0258 4620 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:15:19.0258 4620 RasSstp - ok
23:15:19.0270 4620 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:15:19.0271 4620 rdbss - ok
23:15:19.0280 4620 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:15:19.0280 4620 rdpbus - ok
23:15:19.0290 4620 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:15:19.0290 4620 RDPCDD - ok
23:15:19.0302 4620 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
23:15:19.0303 4620 RDPDR - ok
23:15:19.0312 4620 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:15:19.0312 4620 RDPENCDD - ok
23:15:19.0323 4620 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:15:19.0324 4620 RDPREFMP - ok
23:15:19.0334 4620 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
23:15:19.0335 4620 RdpVideoMiniport - ok
23:15:19.0346 4620 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
23:15:19.0348 4620 RDPWD - ok
23:15:19.0359 4620 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:15:19.0359 4620 rdyboost - ok
23:15:19.0368 4620 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:15:19.0370 4620 RemoteAccess - ok
23:15:19.0379 4620 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:15:19.0381 4620 RemoteRegistry - ok
23:15:19.0390 4620 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:15:19.0392 4620 RpcEptMapper - ok
23:15:19.0400 4620 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:15:19.0401 4620 RpcLocator - ok
23:15:19.0414 4620 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:15:19.0417 4620 RpcSs - ok
23:15:19.0426 4620 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:15:19.0427 4620 rspndr - ok
23:15:19.0439 4620 RTL8167 (6ebdca4806dfead818d0bd1d1ee4a069) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:15:19.0443 4620 RTL8167 - ok
23:15:19.0452 4620 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
23:15:19.0452 4620 s3cap - ok
23:15:19.0461 4620 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:15:19.0462 4620 SamSs - ok
23:15:19.0505 4620 SASDIFSV (39763504067962108505bff25f024345) G:\Program Files\SUPERantispyware\SASDIFSV.SYS
23:15:19.0505 4620 SASDIFSV - ok
23:15:19.0515 4620 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) G:\Program Files\SUPERantispyware\SASKUTIL.SYS
23:15:19.0516 4620 SASKUTIL - ok
23:15:19.0525 4620 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:15:19.0526 4620 sbp2port - ok
23:15:19.0537 4620 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:15:19.0539 4620 SCardSvr - ok
23:15:19.0548 4620 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:15:19.0549 4620 scfilter - ok
23:15:19.0565 4620 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:15:19.0569 4620 Schedule - ok
23:15:19.0578 4620 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:15:19.0578 4620 SCPolicySvc - ok
23:15:19.0588 4620 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:15:19.0590 4620 SDRSVC - ok
23:15:19.0599 4620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:15:19.0599 4620 secdrv - ok
23:15:19.0608 4620 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:15:19.0610 4620 seclogon - ok
23:15:19.0618 4620 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:15:19.0620 4620 SENS - ok
23:15:19.0629 4620 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:15:19.0630 4620 SensrSvc - ok
23:15:19.0639 4620 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:15:19.0640 4620 Serenum - ok
23:15:19.0650 4620 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

 

[jrod4571]

23:15:19.0650 4620 Serial - ok
23:15:19.0659 4620 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:15:19.0660 4620 sermouse - ok
23:15:19.0673 4620 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:15:19.0675 4620 SessionEnv - ok
23:15:19.0684 4620 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:15:19.0685 4620 sffdisk - ok
23:15:19.0694 4620 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:15:19.0694 4620 sffp_mmc - ok
23:15:19.0704 4620 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:15:19.0704 4620 sffp_sd - ok
23:15:19.0714 4620 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:15:19.0714 4620 sfloppy - ok
23:15:19.0727 4620 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:15:19.0729 4620 SharedAccess - ok
23:15:19.0742 4620 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:15:19.0745 4620 ShellHWDetection - ok
23:15:19.0755 4620 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:15:19.0756 4620 sisagp - ok
23:15:19.0765 4620 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:15:19.0765 4620 SiSRaid2 - ok
23:15:19.0775 4620 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:15:19.0776 4620 SiSRaid4 - ok
23:15:19.0786 4620 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:15:19.0786 4620 Smb - ok
23:15:19.0797 4620 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:15:19.0799 4620 SNMPTRAP - ok
23:15:19.0808 4620 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:15:19.0808 4620 spldr - ok
23:15:19.0820 4620 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:15:19.0823 4620 Spooler - ok
23:15:19.0859 4620 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:15:19.0873 4620 sppsvc - ok
23:15:19.0883 4620 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:15:19.0885 4620 sppuinotify - ok
23:15:19.0897 4620 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:15:19.0898 4620 srv - ok
23:15:19.0910 4620 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:15:19.0911 4620 srv2 - ok
23:15:19.0922 4620 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:15:19.0922 4620 srvnet - ok
23:15:19.0932 4620 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:15:19.0934 4620 SSDPSRV - ok
23:15:19.0943 4620 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:15:19.0945 4620 SstpSvc - ok
23:15:19.0952 4620 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:15:19.0955 4620 Stereo Service - ok
23:15:19.0964 4620 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:15:19.0965 4620 stexstor - ok
23:15:19.0978 4620 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:15:19.0982 4620 StiSvc - ok
23:15:19.0993 4620 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
23:15:19.0994 4620 StkAMini - ok
23:15:20.0003 4620 StkASSrv (5ccfe3b03f97005d221ba897c9a20b38) C:\Windows\System32\StkASv2K.exe
23:15:20.0005 4620 StkASSrv - ok
23:15:20.0014 4620 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
23:15:20.0014 4620 StkScan - ok
23:15:20.0024 4620 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
23:15:20.0025 4620 storflt - ok
23:15:20.0034 4620 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
23:15:20.0034 4620 storvsc - ok
23:15:20.0043 4620 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:15:20.0044 4620 swenum - ok
23:15:20.0056 4620 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:15:20.0059 4620 swprv - ok
23:15:20.0067 4620 Synth3dVsc - ok
23:15:20.0087 4620 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:15:20.0093 4620 SysMain - ok
23:15:20.0102 4620 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:15:20.0104 4620 TabletInputService - ok
23:15:20.0115 4620 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:15:20.0118 4620 TapiSrv - ok
23:15:20.0126 4620 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:15:20.0128 4620 TBS - ok
23:15:20.0150 4620 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:15:20.0159 4620 Tcpip - ok
23:15:20.0180 4620 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:15:20.0185 4620 TCPIP6 - ok
23:15:20.0196 4620 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:15:20.0197 4620 tcpipreg - ok
23:15:20.0208 4620 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:15:20.0208 4620 TDPIPE - ok
23:15:20.0218 4620 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:15:20.0218 4620 TDTCP - ok
23:15:20.0228 4620 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:15:20.0229 4620 tdx - ok
23:15:20.0238 4620 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:15:20.0238 4620 TermDD - ok
23:15:20.0252 4620 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:15:20.0256 4620 TermService - ok
23:15:20.0264 4620 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:15:20.0266 4620 Themes - ok
23:15:20.0275 4620 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:15:20.0276 4620 THREADORDER - ok
23:15:20.0285 4620 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:15:20.0287 4620 TrkWks - ok
23:15:20.0291 4620 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:15:20.0293 4620 TrustedInstaller - ok
23:15:20.0303 4620 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:15:20.0304 4620 tssecsrv - ok
23:15:20.0314 4620 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:15:20.0314 4620 TsUsbFlt - ok
23:15:20.0323 4620 tsusbhub - ok
23:15:20.0334 4620 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:15:20.0335 4620 tunnel - ok
23:15:20.0344 4620 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:15:20.0345 4620 uagp35 - ok
23:15:20.0356 4620 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:15:20.0358 4620 udfs - ok
23:15:20.0369 4620 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:15:20.0371 4620 UI0Detect - ok
23:15:20.0375 4620 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:15:20.0376 4620 UleadBurningHelper - ok
23:15:20.0385 4620 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:15:20.0386 4620 uliagpkx - ok
23:15:20.0395 4620 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
23:15:20.0396 4620 umbus - ok
23:15:20.0405 4620 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:15:20.0405 4620 UmPass - ok
23:15:20.0422 4620 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
23:15:20.0425 4620 UmRdpService - ok
23:15:20.0432 4620 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:15:20.0436 4620 UMVPFSrv - ok
23:15:20.0447 4620 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:15:20.0450 4620 upnphost - ok
23:15:20.0460 4620 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:15:20.0461 4620 USBAAPL - ok
23:15:20.0470 4620 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
23:15:20.0471 4620 usbaudio - ok
23:15:20.0481 4620 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:15:20.0481 4620 usbccgp - ok
23:15:20.0491 4620 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:15:20.0492 4620 usbcir - ok
23:15:20.0501 4620 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:15:20.0502 4620 usbehci - ok
23:15:20.0511 4620 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\Windows\system32\DRIVERS\usbfilter.sys
23:15:20.0512 4620 usbfilter - ok
23:15:20.0524 4620 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:15:20.0525 4620 usbhub - ok
23:15:20.0534 4620 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
23:15:20.0534 4620 usbohci - ok
23:15:20.0544 4620 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:15:20.0544 4620 usbprint - ok
23:15:20.0554 4620 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:15:20.0554 4620 usbscan - ok
23:15:20.0564 4620 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:15:20.0565 4620 USBSTOR - ok
23:15:20.0574 4620 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:15:20.0574 4620 usbuhci - ok
23:15:20.0585 4620 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
23:15:20.0586 4620 usbvideo - ok
23:15:20.0595 4620 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:15:20.0597 4620 UxSms - ok
23:15:20.0605 4620 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:15:20.0606 4620 VaultSvc - ok
23:15:20.0616 4620 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:15:20.0616 4620 vdrvroot - ok
23:15:20.0629 4620 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:15:20.0632 4620 vds - ok
23:15:20.0642 4620 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:15:20.0642 4620 vga - ok
23:15:20.0652 4620 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:15:20.0652 4620 VgaSave - ok
23:15:20.0661 4620 VGPU - ok
23:15:20.0672 4620 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:15:20.0674 4620 vhdmp - ok
23:15:20.0683 4620 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:15:20.0684 4620 viaagp - ok
23:15:20.0694 4620 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:15:20.0694 4620 ViaC7 - ok
23:15:20.0704 4620 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:15:20.0704 4620 viaide - ok
23:15:20.0715 4620 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
23:15:20.0717 4620 vmbus - ok
23:15:20.0726 4620 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
23:15:20.0726 4620 VMBusHID - ok
23:15:20.0736 4620 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:15:20.0737 4620 volmgr - ok
23:15:20.0749 4620 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:15:20.0750 4620 volmgrx - ok
23:15:20.0761 4620 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:15:20.0763 4620 volsnap - ok
23:15:20.0773 4620 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
23:15:20.0775 4620 vpcbus - ok
23:15:20.0785 4620 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:15:20.0785 4620 vpcnfltr - ok
23:15:20.0795 4620 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
23:15:20.0796 4620 vpcusb - ok
23:15:20.0808 4620 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
23:15:20.0809 4620 vpcvmm - ok
23:15:20.0820 4620 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:15:20.0821 4620 vsmraid - ok
23:15:20.0840 4620 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:15:20.0846 4620 VSS - ok
23:15:20.0855 4620 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:15:20.0856 4620 vwifibus - ok
23:15:20.0867 4620 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:15:20.0870 4620 W32Time - ok
23:15:20.0881 4620 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:15:20.0881 4620 WacomPen - ok
23:15:20.0891 4620 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:15:20.0892 4620 WANARP - ok
23:15:20.0894 4620 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:15:20.0894 4620 Wanarpv6 - ok
23:15:20.0915 4620 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:15:20.0926 4620 WatAdminSvc - ok
23:15:20.0946 4620 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:15:20.0953 4620 wbengine - ok
23:15:20.0963 4620 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:15:20.0965 4620 WbioSrvc - ok
23:15:20.0976 4620 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:15:20.0979 4620 wcncsvc - ok
23:15:20.0988 4620 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:15:20.0990 4620 WcsPlugInService - ok
23:15:20.0999 4620 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:15:20.0999 4620 Wd - ok
23:15:21.0009 4620 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
23:15:21.0009 4620 WDC_SAM - ok
23:15:21.0018 4620 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:15:21.0021 4620 WdiServiceHost - ok
23:15:21.0023 4620 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:15:21.0025 4620 WdiSystemHost - ok
23:15:21.0035 4620 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:15:21.0038 4620 WebClient - ok
23:15:21.0048 4620 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:15:21.0050 4620 Wecsvc - ok
23:15:21.0059 4620 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:15:21.0061 4620 wercplsupport - ok
23:15:21.0070 4620 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:15:21.0072 4620 WerSvc - ok
23:15:21.0081 4620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:15:21.0081 4620 WfpLwf - ok
23:15:21.0091 4620 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:15:21.0092 4620 WIMMount - ok
23:15:21.0102 4620 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:15:21.0107 4620 WinDefend - ok
23:15:21.0110 4620 WinHttpAutoProxySvc - ok
23:15:21.0122 4620 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:15:21.0123 4620 Winmgmt - ok
23:15:21.0143 4620 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:15:21.0149 4620 WinRM - ok
23:15:21.0162 4620 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:15:21.0163 4620 WinUsb - ok
23:15:21.0180 4620 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:15:21.0185 4620 Wlansvc - ok
23:15:21.0194 4620 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:15:21.0194 4620 WmiAcpi - ok
23:15:21.0207 4620 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:15:21.0208 4620 wmiApSrv - ok
23:15:21.0221 4620 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:15:21.0230 4620 WMPNetworkSvc - ok
23:15:21.0239 4620 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:15:21.0241 4620 WPCSvc - ok
23:15:21.0250 4620 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:15:21.0252 4620 WPDBusEnum - ok
23:15:21.0262 4620 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:15:21.0262 4620 ws2ifsl - ok
23:15:21.0272 4620 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
23:15:21.0274 4620 wscsvc - ok
23:15:21.0282 4620 WSearch - ok
23:15:21.0310 4620 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
23:15:21.0319 4620 wuauserv - ok
23:15:21.0330 4620 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:15:21.0330 4620 WudfPf - ok
23:15:21.0341 4620 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:15:21.0342 4620 WUDFRd - ok
23:15:21.0351 4620 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:15:21.0353 4620 wudfsvc - ok
23:15:21.0365 4620 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:15:21.0367 4620 WwanSvc - ok
23:15:21.0393 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
23:15:21.0574 4620 \Device\Harddisk3\DR3 - ok
23:15:21.0576 4620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:15:21.0578 4620 \Device\Harddisk0\DR0 - ok
23:15:21.0593 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:15:21.0662 4620 \Device\Harddisk1\DR1 - ok
23:15:21.0664 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
23:15:21.0705 4620 \Device\Harddisk2\DR2 - ok
23:15:21.0726 4620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
23:15:21.0740 4620 \Device\Harddisk4\DR4 - ok
23:15:21.0749 4620 Boot (0x1200) (5dfbc33f58ff7ca1c59729d3b3346a75) \Device\Harddisk3\DR3\Partition0
23:15:21.0750 4620 \Device\Harddisk3\DR3\Partition0 - ok
23:15:21.0752 4620 Boot (0x1200) (2752bde6e507854ceb94b8479f977f4f) \Device\Harddisk0\DR0\Partition0
23:15:21.0752 4620 \Device\Harddisk0\DR0\Partition0 - ok
23:15:21.0754 4620 Boot (0x1200) (51961d4800dc782fcb07ee9f61699b66) \Device\Harddisk0\DR0\Partition1
23:15:21.0755 4620 \Device\Harddisk0\DR0\Partition1 - ok
23:15:21.0757 4620 Boot (0x1200) (98b67da43d56a50ea98eb1e88cea2955) \Device\Harddisk1\DR1\Partition0
23:15:21.0758 4620 \Device\Harddisk1\DR1\Partition0 - ok
23:15:21.0760 4620 Boot (0x1200) (3613f36894733b2dae182c65c7aa7e47) \Device\Harddisk2\DR2\Partition0
23:15:21.0761 4620 \Device\Harddisk2\DR2\Partition0 - ok
23:15:21.0762 4620 Boot (0x1200) (dab7c98557b72b8ad979f7fb9ce56597) \Device\Harddisk4\DR4\Partition0
23:15:21.0763 4620 \Device\Harddisk4\DR4\Partition0 - ok
23:15:21.0764 4620 ============================================================
23:15:21.0764 4620 Scan finished
23:15:21.0764 4620 ============================================================
23:15:21.0774 3264 Detected object count: 0
23:15:21.0774 3264 Actual detected object count: 0

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[jrod4571]

ComboFix 12-03-28.02 - Johnny Rod 03/30/2012 0:16.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3325.2290 [GMT -4:00]
Running from: c:\users\Johnny Rod\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 04:20 . 2012-03-30 04:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-28 23:24 . 2012-03-28 23:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 18:32 . 2012-03-27 19:50 -------- d-----w- c:\users\Johnny Rod\DoctorWeb
2012-03-14 18:13 . 2012-03-14 18:13 -------- d-----w- c:\program files\iPod
2012-03-13 18:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 18:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-11 15:04 . 2012-03-11 15:04 -------- d-----w- c:\users\Johnny Rod\AppData\Local\WBFSManager
2012-03-11 14:17 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-07 19:14 . 2012-03-07 19:14 -------- d-----w- c:\users\Johnny Rod\AppData\Roaming\dvdcss
2012-03-04 18:50 . 2012-03-04 18:50 -------- d-----w- c:\users\Johnny Rod\AppData\Roaming\Catalina Marketing Corp
2012-03-04 18:50 . 2012-03-04 18:51 485576 ----a-w- c:\users\Johnny Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-03-04 00:20 . 2012-03-07 19:11 -------- d-----w- c:\users\Johnny Rod\AppData\Roaming\vlc
2012-03-03 23:35 . 2012-03-03 23:35 -------- d-----w- c:\program files\VideoLAN
2012-02-29 17:26 . 2012-02-29 17:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 04:28 . 2012-02-04 22:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 23:26 . 2011-12-27 16:34 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-03-25 18:16 . 2011-12-20 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-12 21:50 . 2012-01-30 22:43 17488 ----a-w- c:\windows\gdrv.sys
2012-02-29 23:59 . 2011-12-21 02:05 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2011-12-21 02:05 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2011-12-21 02:05 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2011-05-21 11:01 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 20:56 . 2011-12-20 05:22 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-12-20 05:22 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-12-20 05:22 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-12-20 05:22 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-12-20 05:22 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-22 22:58 . 2012-01-30 03:25 71072 ----a-w- c:\windows\CouponPrinter.ocx
2012-02-15 21:23 . 2012-02-15 21:23 53248 ----a-r- c:\users\Johnny Rod\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-31 22:06 . 2011-12-19 22:56 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-01-31 12:44 . 2011-12-19 23:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 22:00 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-18 10:44 . 2012-01-18 10:44 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys
2012-01-18 10:44 . 2012-01-18 10:44 196896 ----a-w- c:\windows\system32\lvci13311044.dll
2012-01-18 10:44 . 2012-01-18 10:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 10:44 . 2012-01-18 10:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 10:44 . 2012-01-18 10:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-04 08:58 . 2012-02-15 01:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-01 03:42 . 2012-01-01 03:36 249856 ------w- c:\windows\Setup1.exe
2012-01-01 03:42 . 2012-01-01 03:36 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon Media Manager"="c:\program files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" [2011-10-14 1499136]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"SUPERAntiSpyware"="g:\program files\SUPERantispyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"PPort11reminder"="g:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2000-01-01 113288]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2007-05-18 699104]
"MRUTray"="c:\program files\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"UVS10 Preload"="g:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Garmin Lifetime Updater"="g:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Johnny Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung SSD Magician.lnk - c:\program files\Samsung SSD Magician\Samsung SSD Magician.exe [2012-1-16 2056192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "g:\program files\SUPERantispyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- g:\program files\SUPERantispyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AODDriver;AODDriver; [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2012-01-31 24944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 393320]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-13 20008]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-11-05 255016]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 SASDIFSV;SASDIFSV;g:\program files\SUPERantispyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;g:\program files\SUPERantispyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;g:\program files\SUPERantispyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AODDriver4.1;AODDriver4.1;g:\program files\AMD\OverDrive\i386\AODDriver2.sys [2011-10-14 39936]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\raid\svc\mvraidsvc.exe [2009-10-14 151552]
S2 MRUWebService;MRU Web Service;c:\program files\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 13824]
S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 35840]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2000-01-01 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2000-01-01 146568]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 34103675
*NewlyCreated* - AXDDYUOB
*Deregistered* - 34103675
*Deregistered* - aswMBR
*Deregistered* - axddyuob
*Deregistered* - hswd00000C10
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dsunidrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2011-12-06 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_ rev.CXM0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 125045422 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\01\05\06\06\05\0f?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-30 00:21:35
ComboFix-quarantined-files.txt 2012-03-30 04:21
ComboFix2.txt 2012-03-29 03:22
.
Pre-Run: 20,666,458,112 bytes free
Post-Run: 20,365,889,536 bytes free
.
- - End Of File - - DA0F516F464169149FE6E8164068FE03

 

[Broni]

All looks clean so far.

What are the current issues?

 

[jrod4571]

this is what I ended up with

please see image I cant paste the picture of device manager

 

[Broni]

I need to know what actually doesn't work.

 

[jrod4571]

cant connect to the internet
both cd/dvd drives dont work "code 3" error
all other devices with exclamations point say corrupt or low resources
thanks

 

[jrod4571]

trying to avoid reformatting!!

 

[jrod4571]

usb port still work so I copied gigabyte cd to external drive and tried to reistall ethernet driver but got code 31
will not let me install any drivers to problem devices

 

[Broni]

Let's start with internet...

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[jrod4571]

Farbar Service Scanner Version: 01-03-2012
Ran by Johnny Rod (administrator) on 30-03-2012 at 12:07:59
Running from "C:\Users\Johnny Rod\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

That looks fine.

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Devices (do NOT change any settings)
• List Users, Partitions and Memory size

Click Go and post the result.

 

[jrod4571]

MiniToolBox by Farbar Version: 18-01-2012
Ran by Johnny Rod (administrator) on 30-03-2012 at 13:01:15
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JohnnyRod-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/30/2012 11:33:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

Error: (03/30/2012 11:31:40 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

Error: (03/30/2012 02:31:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/30/2012 00:48:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6698c4d1-41b9-4821-ab47-9638cc655d98}

Error: (03/29/2012 11:03:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/29/2012 00:44:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.0.0.1146, time stamp: 0x4ef36d2f
Faulting module name: SHELL32.dll, version: 6.1.7601.17755, time stamp: 0x4f0412de
Exception code: 0xc0000005
Fault offset: 0x0004b223
Faulting process id: 0x1228
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3

Error: (03/29/2012 00:26:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: jre-6u31-windows-i586.exe, version: 6.0.310.5, time stamp: 0x4f2ce2fa
Faulting module name: SHELL32.dll, version: 6.1.7601.17755, time stamp: 0x4f0412de
Exception code: 0xc0000005
Fault offset: 0x0004b223
Faulting process id: 0xe7c
Faulting application start time: 0xjre-6u31-windows-i586.exe0
Faulting application path: jre-6u31-windows-i586.exe1
Faulting module path: jre-6u31-windows-i586.exe2
Report Id: jre-6u31-windows-i586.exe3

Error: (03/28/2012 10:35:11 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (03/28/2012 10:35:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (03/28/2012 10:35:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server


System errors:
=============
Error: (03/30/2012 11:56:08 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver service failed to start due to the following error:
%%2

Error: (03/30/2012 11:55:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
msisadrv
storflt
vdrvroot
vmbus

Error: (03/30/2012 11:55:52 AM) (Source: Service Control Manager) (User: )
Description: The PEAUTH service failed to start due to the following error:
%%1450

Error: (03/30/2012 11:55:52 AM) (Source: Service Control Manager) (User: )
Description: The Apache2 service terminated with the following error:
%%126

Error: (03/30/2012 11:40:30 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver service failed to start due to the following error:
%%2

Error: (03/30/2012 11:40:20 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
msisadrv
storflt
vdrvroot
vmbus

Error: (03/30/2012 11:40:13 AM) (Source: Service Control Manager) (User: )
Description: The PEAUTH service failed to start due to the following error:
%%1450

Error: (03/30/2012 11:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Apache2 service terminated with the following error:
%%126

Error: (03/30/2012 11:37:53 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver service failed to start due to the following error:
%%2

Error: (03/30/2012 11:37:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
msisadrv
storflt
vdrvroot
vmbus


Microsoft Office Sessions:
=========================
Error: (03/30/2012 11:33:44 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

Error: (03/30/2012 11:31:40 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd806b8e-e431-47e5-9926-939d9fdd645a}

Error: (03/30/2012 02:31:20 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 11\nero backitup\NBVSSTool_x64.exe

Error: (03/30/2012 00:48:09 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6698c4d1-41b9-4821-ab47-9638cc655d98}

Error: (03/29/2012 11:03:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 11\nero backitup\NBVSSTool_x64.exe

Error: (03/29/2012 00:44:21 AM) (Source: Application Error)(User: )
Description: SUPERAntiSpyware.exe5.0.0.11464ef36d2fSHELL32.dll6.1.7601.177554f0412dec00000050004b223122801cd0d667c1d1bc1C:\Users\Johnny Rod\Desktop\SUPERAntiSpyware.exeC:\Windows\system32\SHELL32.dlld9694494-7959-11e1-9163-f3c81959c6de

Error: (03/29/2012 00:26:58 AM) (Source: Application Error)(User: )
Description: jre-6u31-windows-i586.exe6.0.310.54f2ce2faSHELL32.dll6.1.7601.177554f0412dec00000050004b223e7c01cd0d641262b5c5C:\Users\Johnny Rod\Desktop\jre-6u31-windows-i586.exeC:\Windows\system32\SHELL32.dll6bbb4e78-7957-11e1-9c96-827c4b9f5ddf

Error: (03/28/2012 10:35:11 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (03/28/2012 10:35:11 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (03/28/2012 10:35:11 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server


========================= Devices: ================================

Name: CD-ROM Drive
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Disk Virtual Machine Bus Acceleration Filter Driver
Description: Disk Virtual Machine Bus Acceleration Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: storflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AOC V22
Description: AOC V22
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: AOC International (Europe) GmbH
Service: monitor
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Texas Instruments 1394 OHCI Compliant Host Controller
Description: Texas Instruments 1394 OHCI Compliant Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: Texas Instruments
Service: 1394ohci
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AMD Phenom(tm) II X4 955 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Machine Bus
Description: Virtual Machine Bus
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vmbus
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AMD Phenom(tm) II X4 955 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB Virtualization Connector Driver
Description: USB Virtualization Connector Driver
Class Guid: {aed279d9-7dd0-49ab-8024-4f65418531fb}
Manufacturer: (Standard system devices)
Service: vpcusb
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AMD Phenom(tm) II X4 955 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual PC Host Bus Driver
Description: Virtual PC Host Bus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vpcbus
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: CD-ROM Drive
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AMD Phenom(tm) II X4 955 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TSSTcorp CDDVDW SH-S223C SATA CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : The driver for this device might be corrupted, or your system may be running low on memory or other resources. (Code3)
Resolution: If the driver is corrupted, uninstall the driver and scan for new hardware to install the driver again. To scan for new hardware, click on the "Action" menu in Device Manager, and then select "Scan for hardware changes".
If your computer does not have enough memory to run the device, you can close some applications to make memory available. To check memory and system resources, right-click "My Computer", click "Properties", click the "Advanced" tab, and then click "Settings" under "Performance".
You may need to install additional random access memory (RAM).
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AODDriver
Description: AODDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3324.51 MB
Available physical RAM: 2000.39 MB
Total Pagefile: 6647.31 MB
Available Pagefile: 4477 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:59.53 GB) (Free:19.23 GB) NTFS
2 Drive d: () (Removable) (Total:0.95 GB) (Free:0.36 GB) FAT
3 Drive f: () (Fixed) (Total:232.88 GB) (Free:204.56 GB) NTFS
4 Drive g: () (Fixed) (Total:149.05 GB) (Free:116.66 GB) NTFS
5 Drive h: () (Fixed) (Total:465.76 GB) (Free:41.48 GB) NTFS
6 Drive i: () (Fixed) (Total:189.92 GB) (Free:182.54 GB) NTFS

========================= Users: ========================================

User accounts for \\JOHNNYROD-PC

Administrator ASPNET Guest
Johnny Rod UpdatusUser


**** End of log ****