Solved: Emergency! Can't study! HDD Virus?

cortneyluv324 · 30-Jun-2012, 01:58 AM #1

I was in the middle of studying for the GMAT which I take TOMORROW on the mba.com practice test website when this happened. It's totally possible that I clicked on something earlier though.

All of a sudden everything shut down, my desktop icons disappeared, firefox closed, and I got the error message "seek error sector not found". I have tried to restore my compure to last known good configuration, and a restore point of a few days ago (failed). I ran malwarebytes, hijackthis, and DDS. Reports for all are below.

I run 64 bit windows 7 Home Premium

I have ran malwarebytes about 5 times. Here is that report:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.29.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
John :: JOHN-PC [administrator]
6/29/2012 10:09:07 PM
mbam-log-2012-06-29 (22-09-07).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 377392
Time elapsed: 34 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

**************Here is the Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:56 PM, on 6/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.30/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [rUXxmYSGwj.exe] C:\ProgramData\rUXxmYSGwj.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://192.168.1.30/DvrOcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A296B9DA-F08B-4CDC-9FE1-1F5592267412}: NameServer = 192.168.1.1,192.168.1.2
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbs_device - - C:\Windows\system32\lxbscoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8987 bytes

************ DDS.txt report
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by John at 22:46:56 on 2012-06-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3879 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbscoms.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://192.168.1.30/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [rUXxmYSGwj.exe] C:\ProgramData\rUXxmYSGwj.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.30/DvrOcx.cab
TCP: Interfaces\{A296B9DA-F08B-4CDC-9FE1-1F5592267412} : NameServer = 192.168.1.1,192.168.1.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
BHO-X64: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ogps40nd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-6-29 66560]
R3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-30 04:52:44 388096 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-30 04:52:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-30 03:08:35 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F62D9A5-52C6-434E-B393-B63758046D11}\mpengine.dll
2012-06-30 01:26:51 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
2012-06-30 00:46:46 -------- d--h--w- C:\Users\John\AppData\Roaming\GMATPrep
2012-06-30 00:46:27 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
2012-06-30 00:46:27 -------- d-----w- C:\Program Files (x86)\GMATPrep2012
2012-06-26 08:45:10 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 08:45:10 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 19:21:18 -------- d--h--w- C:\Users\John\AppData\Local\Macromedia
2012-06-19 02:28:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 02:28:06 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 02:27:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 02:27:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 02:37:00 525312 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-14 02:37:00 505344 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-14 02:35:48 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 02:35:47 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 02:35:29 -------- d-----w- C:\Program Files\iPod
2012-06-14 02:35:28 -------- d-----w- C:\Program Files\iTunes
2012-06-14 02:35:28 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-03 01:36:10 -------- d--h--w- C:\ProgramData\McAfee Security Scan
2012-06-03 01:36:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-06-03 01:36:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 01:36:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 23:42:42 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-02 23:42:25 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-02 23:42:25 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
==================== Find3M ====================
.
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 22:54:38.59 ===============

***************Attach.txt log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2009 3:59:30 PM
System Uptime: 6/29/2012 9:48:33 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 584 GiB total, 503.984 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.175 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP349: 6/2/2012 4:41:48 PM - Installed Java(TM) 7 Update 4
RP350: 6/2/2012 4:42:26 PM - Installed JavaFX 2.1.0
RP351: 6/5/2012 3:00:20 AM - Windows Update
RP352: 6/9/2012 9:47:20 AM - Windows Update
RP353: 6/13/2012 7:35:45 PM - Windows Update
RP354: 6/14/2012 3:00:24 AM - Windows Update
RP355: 6/18/2012 7:27:37 PM - Windows Update
RP356: 6/20/2012 6:25:49 AM - Windows Update
RP357: 6/23/2012 12:22:46 PM - Windows Update
RP358: 6/26/2012 7:15:14 PM - Windows Update
RP359: 6/29/2012 8:07:57 PM - Windows Update
RP360: 6/29/2012 9:38:35 PM - Restore Operation
RP361: 6/29/2012 9:52:10 PM - Installed HiJackThis
RP362: 6/29/2012 10:06:37 PM - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Facebook Plug-In
File Type Assistant
Final Media Player 2011
GMATPrep
HiJackThis
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP RC Mirror Driver
HP Remote Solution
HP Setup
HP Support Information
HP Update
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Media Player
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PFPortChecker 1.0.32
PictureMover
Power2Go
PowerDirector
PowerRecover
PriceGong 2.1.0
QuickTime
Realtek High Definition Audio Driver
Silhouette Studio
WinX Free MOV to MP4 Converter 4.1.10
.
==== Event Viewer Messages From Past Week ========
.
6/29/2012 9:50:56 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
6/29/2012 7:59:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2012 7:10:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2012 7:10:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/29/2012 7:10:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/29/2012 7:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2012 7:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/29/2012 7:10:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
6/29/2012 6:15:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

cortneyluv324 · 30-Jun-2012, 02:06 AM #2

Oh yeah, and when I use IE (since it won't let me use Firefox anymore), it keeps sending me to skeevy websites (not the link I click on)

**dvk01** · 30-Jun-2012, 03:37 AM #3

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.
As you download it rename it to username123.exe

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on renamed combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

cortneyluv324 · 01-Jul-2012, 12:08 AM #4

Here is the log:

ComboFix 12-06-28.03 - John 06/30/2012 18:10:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4637 [GMT -7:00]
Running from: c:\users\John\Desktop\username123.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\40034040
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 01:43 . 2012-07-01 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 01:43 . 2012-07-01 01:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-30 04:52 . 2012-06-30 04:52 388096 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-30 04:52 . 2012-06-30 04:52 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-30 03:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F62D9A5-52C6-434E-B393-B63758046D11}\mpengine.dll
2012-06-30 01:26 . 2012-06-30 01:26 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
2012-06-30 00:46 . 2012-06-30 00:46 -------- d--h--w- c:\users\John\AppData\Roaming\GMATPrep
2012-06-30 00:46 . 2012-06-30 04:47 -------- d-----w- c:\program files (x86)\GMATPrep2012
2012-06-30 00:46 . 2012-04-19 22:34 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2012-06-26 08:45 . 2012-06-26 08:45 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 08:45 . 2012-06-26 08:45 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 19:21 . 2012-06-23 19:21 -------- d--h--w- c:\users\John\AppData\Local\Macromedia
2012-06-19 02:28 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 02:28 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 02:28 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 02:28 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 02:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 02:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 02:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 02:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 02:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 02:37 . 2012-04-20 05:42 505344 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 02:37 . 2012-04-20 04:57 525312 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-14 02:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 02:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 02:35 . 2012-06-14 02:35 -------- d-----w- c:\program files\iPod
2012-06-14 02:35 . 2012-06-14 02:35 -------- d-----w- c:\program files\iTunes
2012-06-14 02:35 . 2012-06-14 02:35 -------- d-----w- c:\program files (x86)\iTunes
2012-06-03 01:36 . 2012-06-30 04:47 -------- d--h--w- c:\programdata\McAfee Security Scan
2012-06-03 01:36 . 2012-06-10 20:13 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-03 01:36 . 2012-06-03 01:36 -------- d--h--w- c:\programdata\McAfee
2012-06-03 01:36 . 2012-06-23 19:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 01:36 . 2012-06-23 19:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-03 01:36 . 2012-06-30 04:47 -------- d-----w- c:\windows\system32\Macromed
2012-06-02 23:46 . 2012-06-02 23:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-02 23:42 . 2012-06-02 23:42 -------- d-----w- c:\program files (x86)\Oracle
2012-06-02 23:42 . 2012-06-02 23:42 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 23:42 . 2012-04-05 01:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 23:42 . 2012-06-02 23:42 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-09 5120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:13]
.
2012-07-01 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-15 23:50]
.
2012-06-09 c:\windows\Tasks\HPCeeScheduleForJohn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-07-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://192.168.1.30/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{A296B9DA-F08B-4CDC-9FE1-1F5592267412}: NameServer = 192.168.1.1,192.168.1.2
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.30/DvrOcx.cab
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ogps40nd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-rUXxmYSGwj.exe - c:\programdata\rUXxmYSGwj.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.ex e,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2012-06-30 19:07:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 02:07
.
Pre-Run: 557,050,580,992 bytes free
Post-Run: 553,985,294,336 bytes free
.
- - End Of File - - E33D45C11E876DFD1DC05997BD83B2B0

**dvk01** · 01-Jul-2012, 05:19 AM #5

Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

cortneyluv324 · 01-Jul-2012, 11:12 AM #6

TDSS Log:

08:01:10.0890 2848 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
08:01:11.0295 2848 ============================================================
08:01:11.0295 2848 Current date / time: 2012/07/01 08:01:11.0295
08:01:11.0295 2848 SystemInfo:
08:01:11.0295 2848
08:01:11.0295 2848 OS Version: 6.1.7601 ServicePack: 1.0
08:01:11.0295 2848 Product type: Workstation
08:01:11.0295 2848 ComputerName: JOHN-PC
08:01:11.0295 2848 UserName: John
08:01:11.0295 2848 Windows directory: C:\Windows
08:01:11.0295 2848 System windows directory: C:\Windows
08:01:11.0295 2848 Running under WOW64
08:01:11.0295 2848 Processor architecture: Intel x64
08:01:11.0295 2848 Number of processors: 4
08:01:11.0295 2848 Page size: 0x1000
08:01:11.0295 2848 Boot type: Normal boot
08:01:11.0295 2848 ============================================================
08:01:12.0122 2848 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:12.0153 2848 ============================================================
08:01:12.0153 2848 \Device\Harddisk0\DR0:
08:01:12.0153 2848 MBR partitions:
08:01:12.0153 2848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:01:12.0153 2848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x49021000
08:01:12.0153 2848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x49053800, BlocksNum 0x17FFAB0
08:01:12.0153 2848 ============================================================
08:01:12.0169 2848 C: <-> \Device\Harddisk0\DR0\Partition1
08:01:12.0216 2848 D: <-> \Device\Harddisk0\DR0\Partition2
08:01:12.0216 2848 ============================================================
08:01:12.0216 2848 Initialize success
08:01:12.0216 2848 ============================================================
08:01:17.0317 0836 ============================================================
08:01:17.0317 0836 Scan started
08:01:17.0317 0836 Mode: Manual;
08:01:17.0317 0836 ============================================================
08:01:18.0814 0836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:01:18.0814 0836 1394ohci - ok
08:01:18.0846 0836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:01:18.0861 0836 ACPI - ok
08:01:18.0892 0836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:01:18.0892 0836 AcpiPmi - ok
08:01:19.0002 0836 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:01:19.0017 0836 AdobeFlashPlayerUpdateSvc - ok
08:01:19.0064 0836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:01:19.0095 0836 adp94xx - ok
08:01:19.0142 0836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:01:19.0158 0836 adpahci - ok
08:01:19.0173 0836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:01:19.0189 0836 adpu320 - ok
08:01:19.0220 0836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:01:19.0220 0836 AeLookupSvc - ok
08:01:19.0282 0836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:01:19.0298 0836 AFD - ok
08:01:19.0329 0836 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
08:01:19.0345 0836 AgereModemAudio - ok
08:01:19.0423 0836 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys
08:01:19.0470 0836 AgereSoftModem - ok
08:01:19.0579 0836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:01:19.0610 0836 agp440 - ok
08:01:19.0626 0836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:01:19.0626 0836 ALG - ok
08:01:19.0641 0836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:01:19.0641 0836 aliide - ok
08:01:19.0657 0836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:01:19.0657 0836 amdide - ok
08:01:19.0672 0836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:01:19.0688 0836 AmdK8 - ok
08:01:19.0704 0836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:01:19.0704 0836 AmdPPM - ok
08:01:19.0735 0836 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
08:01:19.0735 0836 amdsata - ok
08:01:19.0766 0836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:01:19.0782 0836 amdsbs - ok
08:01:19.0797 0836 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
08:01:19.0797 0836 amdxata - ok
08:01:19.0828 0836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:01:19.0828 0836 AppID - ok
08:01:19.0844 0836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:01:19.0844 0836 AppIDSvc - ok
08:01:19.0875 0836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:01:19.0891 0836 Appinfo - ok
08:01:19.0953 0836 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:01:19.0953 0836 Apple Mobile Device - ok
08:01:19.0984 0836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:01:19.0984 0836 arc - ok
08:01:20.0016 0836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:01:20.0016 0836 arcsas - ok
08:01:20.0031 0836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:01:20.0031 0836 AsyncMac - ok
08:01:20.0078 0836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:01:20.0078 0836 atapi - ok
08:01:20.0140 0836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:01:20.0172 0836 AudioEndpointBuilder - ok
08:01:20.0187 0836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:01:20.0187 0836 AudioSrv - ok
08:01:20.0234 0836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:01:20.0234 0836 AxInstSV - ok
08:01:20.0281 0836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:01:20.0296 0836 b06bdrv - ok
08:01:20.0328 0836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:01:20.0343 0836 b57nd60a - ok
08:01:20.0374 0836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:01:20.0374 0836 BDESVC - ok
08:01:20.0390 0836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:01:20.0390 0836 Beep - ok
08:01:20.0468 0836 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:01:20.0484 0836 BFE - ok
08:01:20.0577 0836 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:01:20.0593 0836 BITS - ok
08:01:20.0640 0836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:01:20.0640 0836 blbdrive - ok
08:01:20.0718 0836 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:01:20.0733 0836 Bonjour Service - ok
08:01:20.0764 0836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:01:20.0764 0836 bowser - ok
08:01:20.0796 0836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:01:20.0796 0836 BrFiltLo - ok
08:01:20.0796 0836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:01:20.0796 0836 BrFiltUp - ok
08:01:20.0842 0836 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:01:20.0842 0836 BridgeMP - ok
08:01:20.0874 0836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:01:20.0874 0836 Browser - ok
08:01:20.0905 0836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:01:20.0905 0836 Brserid - ok
08:01:20.0920 0836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:01:20.0920 0836 BrSerWdm - ok
08:01:20.0936 0836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:01:20.0936 0836 BrUsbMdm - ok
08:01:20.0952 0836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:01:20.0952 0836 BrUsbSer - ok
08:01:20.0967 0836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:01:20.0967 0836 BTHMODEM - ok
08:01:20.0998 0836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:01:20.0998 0836 bthserv - ok
08:01:21.0045 0836 catchme - ok
08:01:21.0061 0836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:01:21.0061 0836 cdfs - ok
08:01:21.0092 0836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:01:21.0092 0836 cdrom - ok
08:01:21.0123 0836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:01:21.0123 0836 CertPropSvc - ok
08:01:21.0139 0836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:01:21.0139 0836 circlass - ok
08:01:21.0154 0836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:01:21.0170 0836 CLFS - ok
08:01:21.0217 0836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:21.0217 0836 clr_optimization_v2.0.50727_32 - ok
08:01:21.0264 0836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:01:21.0264 0836 clr_optimization_v2.0.50727_64 - ok
08:01:21.0295 0836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:01:21.0295 0836 CmBatt - ok
08:01:21.0326 0836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:01:21.0326 0836 cmdide - ok
08:01:21.0388 0836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:01:21.0388 0836 CNG - ok
08:01:21.0420 0836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:01:21.0420 0836 Compbatt - ok
08:01:21.0451 0836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:01:21.0451 0836 CompositeBus - ok
08:01:21.0451 0836 COMSysApp - ok
08:01:21.0482 0836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:01:21.0498 0836 crcdisk - ok
08:01:21.0544 0836 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:01:21.0544 0836 CryptSvc - ok
08:01:21.0591 0836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:01:21.0607 0836 DcomLaunch - ok
08:01:21.0654 0836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:01:21.0669 0836 defragsvc - ok
08:01:21.0700 0836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:01:21.0700 0836 DfsC - ok
08:01:21.0747 0836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:01:21.0763 0836 Dhcp - ok
08:01:21.0794 0836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:01:21.0794 0836 discache - ok
08:01:21.0810 0836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:01:21.0810 0836 Disk - ok
08:01:21.0841 0836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:01:21.0856 0836 Dnscache - ok
08:01:21.0903 0836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:01:21.0903 0836 dot3svc - ok
08:01:21.0950 0836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:01:21.0966 0836 DPS - ok
08:01:21.0981 0836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:01:21.0981 0836 drmkaud - ok
08:01:22.0075 0836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:01:22.0090 0836 DXGKrnl - ok
08:01:22.0137 0836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:01:22.0137 0836 EapHost - ok
08:01:22.0340 0836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:01:22.0387 0836 ebdrv - ok
08:01:22.0465 0836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:01:22.0480 0836 EFS - ok
08:01:22.0558 0836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:01:22.0590 0836 ehRecvr - ok
08:01:22.0605 0836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:01:22.0636 0836 ehSched - ok
08:01:22.0699 0836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:01:22.0714 0836 elxstor - ok
08:01:22.0746 0836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:01:22.0761 0836 ErrDev - ok
08:01:22.0808 0836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:01:22.0808 0836 EventSystem - ok
08:01:22.0839 0836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:01:22.0839 0836 exfat - ok
08:01:22.0870 0836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:01:22.0870 0836 fastfat - ok
08:01:22.0948 0836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:01:22.0964 0836 Fax - ok
08:01:22.0995 0836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:01:22.0995 0836 fdc - ok
08:01:23.0011 0836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:01:23.0011 0836 fdPHost - ok
08:01:23.0026 0836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:01:23.0026 0836 FDResPub - ok
08:01:23.0042 0836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:01:23.0058 0836 FileInfo - ok
08:01:23.0058 0836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:01:23.0058 0836 Filetrace - ok
08:01:23.0089 0836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:01:23.0089 0836 flpydisk - ok
08:01:23.0136 0836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:01:23.0136 0836 FltMgr - ok
08:01:23.0245 0836 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
08:01:23.0276 0836 FontCache - ok
08:01:23.0323 0836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:01:23.0338 0836 FontCache3.0.0.0 - ok
08:01:23.0370 0836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:01:23.0370 0836 FsDepends - ok
08:01:23.0401 0836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:01:23.0401 0836 Fs_Rec - ok
08:01:23.0448 0836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:01:23.0448 0836 fvevol - ok
08:01:23.0479 0836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:01:23.0479 0836 gagp30kx - ok
08:01:23.0494 0836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:01:23.0494 0836 GEARAspiWDM - ok
08:01:23.0557 0836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:01:23.0572 0836 gpsvc - ok
08:01:23.0604 0836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:01:23.0604 0836 hcw85cir - ok
08:01:23.0635 0836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:01:23.0635 0836 HDAudBus - ok
08:01:23.0650 0836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:01:23.0650 0836 HidBatt - ok
08:01:23.0682 0836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:01:23.0682 0836 HidBth - ok
08:01:23.0697 0836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:01:23.0697 0836 HidIr - ok
08:01:23.0728 0836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:01:23.0728 0836 hidserv - ok
08:01:23.0744 0836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:01:23.0744 0836 HidUsb - ok
08:01:23.0791 0836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:01:23.0791 0836 hkmsvc - ok
08:01:23.0822 0836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:01:23.0838 0836 HomeGroupListener - ok
08:01:23.0869 0836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:01:23.0884 0836 HomeGroupProvider - ok
08:01:23.0947 0836 HP Support Assistant Service - ok
08:01:23.0978 0836 hpqwmiex - ok
08:01:23.0994 0836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:01:24.0009 0836 HpSAMD - ok
08:01:24.0072 0836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:01:24.0087 0836 HTTP - ok
08:01:24.0134 0836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:01:24.0134 0836 hwpolicy - ok
08:01:24.0165 0836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:01:24.0181 0836 i8042prt - ok
08:01:24.0228 0836 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
08:01:24.0259 0836 iaStorV - ok
08:01:24.0368 0836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:01:24.0384 0836 idsvc - ok
08:01:24.0415 0836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:01:24.0415 0836 iirsp - ok
08:01:24.0493 0836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:01:24.0508 0836 IKEEXT - ok
08:01:24.0664 0836 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
08:01:24.0680 0836 IntcAzAudAddService - ok
08:01:24.0774 0836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:01:24.0774 0836 intelide - ok
08:01:24.0805 0836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:01:24.0805 0836 intelppm - ok
08:01:24.0852 0836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:01:24.0852 0836 IPBusEnum - ok
08:01:24.0883 0836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:01:24.0898 0836 IpFilterDriver - ok
08:01:24.0961 0836 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:01:24.0976 0836 iphlpsvc - ok
08:01:25.0008 0836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:01:25.0008 0836 IPMIDRV - ok
08:01:25.0039 0836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:01:25.0039 0836 IPNAT - ok
08:01:25.0148 0836 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
08:01:25.0179 0836 iPod Service - ok
08:01:25.0179 0836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:01:25.0179 0836 IRENUM - ok
08:01:25.0195 0836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:01:25.0195 0836 isapnp - ok
08:01:25.0226 0836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:01:25.0242 0836 iScsiPrt - ok
08:01:25.0257 0836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:01:25.0257 0836 kbdclass - ok
08:01:25.0304 0836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:01:25.0304 0836 kbdhid - ok
08:01:25.0335 0836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:25.0335 0836 KeyIso - ok
08:01:25.0351 0836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:01:25.0351 0836 KSecDD - ok
08:01:25.0382 0836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:01:25.0382 0836 KSecPkg - ok
08:01:25.0398 0836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:01:25.0398 0836 ksthunk - ok
08:01:25.0429 0836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:01:25.0444 0836 KtmRm - ok
08:01:25.0491 0836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:01:25.0491 0836 LanmanServer - ok
08:01:25.0538 0836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:01:25.0538 0836 LanmanWorkstation - ok
08:01:25.0616 0836 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:01:25.0616 0836 LightScribeService - ok
08:01:25.0632 0836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:01:25.0632 0836 lltdio - ok
08:01:25.0663 0836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:01:25.0678 0836 lltdsvc - ok
08:01:25.0694 0836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:01:25.0694 0836 lmhosts - ok
08:01:25.0725 0836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:01:25.0725 0836 LSI_FC - ok
08:01:25.0772 0836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:01:25.0772 0836 LSI_SAS - ok
08:01:25.0803 0836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:01:25.0803 0836 LSI_SAS2 - ok
08:01:25.0834 0836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:01:25.0834 0836 LSI_SCSI - ok
08:01:25.0866 0836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:01:25.0866 0836 luafv - ok
08:01:25.0866 0836 lxbs_device - ok
08:01:25.0944 0836 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
08:01:25.0944 0836 McComponentHostService - ok
08:01:25.0975 0836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:01:25.0990 0836 Mcx2Svc - ok
08:01:26.0022 0836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:01:26.0022 0836 megasas - ok
08:01:26.0053 0836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:01:26.0068 0836 MegaSR - ok
08:01:26.0100 0836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:01:26.0100 0836 MMCSS - ok
08:01:26.0115 0836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:01:26.0115 0836 Modem - ok
08:01:26.0115 0836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:01:26.0115 0836 monitor - ok
08:01:26.0146 0836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:01:26.0146 0836 mouclass - ok
08:01:26.0162 0836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:01:26.0162 0836 mouhid - ok
08:01:26.0209 0836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:01:26.0209 0836 mountmgr - ok
08:01:26.0240 0836 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:01:26.0240 0836 MozillaMaintenance - ok
08:01:26.0287 0836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:01:26.0302 0836 mpio - ok
08:01:26.0318 0836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:01:26.0334 0836 mpsdrv - ok
08:01:26.0412 0836 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:01:26.0443 0836 MpsSvc - ok
08:01:26.0490 0836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:01:26.0490 0836 MRxDAV - ok
08:01:26.0521 0836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:01:26.0521 0836 mrxsmb - ok
08:01:26.0583 0836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:01:26.0583 0836 mrxsmb10 - ok
08:01:26.0599 0836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:01:26.0599 0836 mrxsmb20 - ok
08:01:26.0614 0836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:01:26.0630 0836 msahci - ok
08:01:26.0661 0836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:01:26.0661 0836 msdsm - ok
08:01:26.0692 0836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:01:26.0708 0836 MSDTC - ok
08:01:26.0724 0836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:01:26.0724 0836 Msfs - ok
08:01:26.0739 0836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:01:26.0739 0836 mshidkmdf - ok
08:01:26.0755 0836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:01:26.0755 0836 msisadrv - ok
08:01:26.0770 0836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:01:26.0786 0836 MSiSCSI - ok
08:01:26.0786 0836 msiserver - ok
08:01:26.0802 0836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:01:26.0802 0836 MSKSSRV - ok
08:01:26.0817 0836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:01:26.0817 0836 MSPCLOCK - ok
08:01:26.0817 0836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:01:26.0817 0836 MSPQM - ok
08:01:26.0864 0836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:01:26.0864 0836 MsRPC - ok
08:01:26.0880 0836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:01:26.0880 0836 mssmbios - ok
08:01:26.0880 0836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:01:26.0880 0836 MSTEE - ok
08:01:26.0911 0836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:01:26.0911 0836 MTConfig - ok
08:01:26.0926 0836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:01:26.0926 0836 Mup - ok
08:01:26.0973 0836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:01:26.0989 0836 napagent - ok
08:01:27.0036 0836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:01:27.0036 0836 NativeWifiP - ok
08:01:27.0114 0836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:01:27.0129 0836 NDIS - ok
08:01:27.0145 0836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:01:27.0145 0836 NdisCap - ok
08:01:27.0160 0836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:01:27.0160 0836 NdisTapi - ok
08:01:27.0192 0836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:01:27.0192 0836 Ndisuio - ok
08:01:27.0223 0836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:01:27.0238 0836 NdisWan - ok
08:01:27.0270 0836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:01:27.0270 0836 NDProxy - ok
08:01:27.0285 0836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:01:27.0285 0836 NetBIOS - ok
08:01:27.0332 0836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:01:27.0348 0836 NetBT - ok
08:01:27.0379 0836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:27.0379 0836 Netlogon - ok
08:01:27.0410 0836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:01:27.0426 0836 Netman - ok
08:01:27.0457 0836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:01:27.0472 0836 netprofm - ok
08:01:27.0535 0836 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:01:27.0550 0836 NetTcpPortSharing - ok
08:01:27.0566 0836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:01:27.0582 0836 nfrd960 - ok
08:01:27.0628 0836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:01:27.0644 0836 NlaSvc - ok
08:01:27.0738 0836 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
08:01:27.0738 0836 nlsX86cc - ok
08:01:27.0753 0836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:01:27.0753 0836 Npfs - ok
08:01:27.0769 0836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:01:27.0784 0836 nsi - ok
08:01:27.0800 0836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:01:27.0800 0836 nsiproxy - ok
08:01:27.0925 0836 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
08:01:27.0940 0836 Ntfs - ok
08:01:28.0018 0836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:01:28.0034 0836 Null - ok
08:01:28.0658 0836 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:01:28.0720 0836 nvlddmkm - ok
08:01:28.0830 0836 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
08:01:28.0845 0836 NVNET - ok
08:01:28.0876 0836 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
08:01:28.0892 0836 nvraid - ok
08:01:28.0923 0836 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
08:01:28.0923 0836 nvsmu - ok
08:01:28.0970 0836 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
08:01:28.0970 0836 nvstor - ok
08:01:29.0017 0836 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
08:01:29.0017 0836 nvstor64 - ok
08:01:29.0064 0836 nvsvc (e71cfa7ae5e7518e29073d7c20a8fca1) C:\Windows\system32\nvvsvc.exe
08:01:29.0079 0836 nvsvc - ok
08:01:29.0095 0836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:01:29.0110 0836 nv_agp - ok
08:01:29.0142 0836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:01:29.0142 0836 ohci1394 - ok
08:01:29.0188 0836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:01:29.0204 0836 p2pimsvc - ok
08:01:29.0235 0836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:01:29.0266 0836 p2psvc - ok
08:01:29.0298 0836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:01:29.0298 0836 Parport - ok
08:01:29.0344 0836 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:01:29.0344 0836 partmgr - ok
08:01:29.0360 0836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:01:29.0376 0836 PcaSvc - ok
08:01:29.0391 0836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:01:29.0407 0836 pci - ok
08:01:29.0422 0836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:01:29.0422 0836 pciide - ok
08:01:29.0454 0836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:01:29.0454 0836 pcmcia - ok
08:01:29.0485 0836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:01:29.0485 0836 pcw - ok
08:01:29.0532 0836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:01:29.0532 0836 PEAUTH - ok
08:01:29.0594 0836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:01:29.0594 0836 PerfHost - ok
08:01:29.0719 0836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:01:29.0750 0836 pla - ok
08:01:29.0797 0836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:01:29.0797 0836 PlugPlay - ok
08:01:29.0828 0836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:01:29.0828 0836 PNRPAutoReg - ok
08:01:29.0859 0836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:01:29.0859 0836 PNRPsvc - ok
08:01:29.0906 0836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:01:29.0906 0836 PolicyAgent - ok
08:01:29.0937 0836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:01:29.0953 0836 Power - ok
08:01:30.0015 0836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:01:30.0031 0836 PptpMiniport - ok
08:01:30.0062 0836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:01:30.0062 0836 Processor - ok
08:01:30.0093 0836 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:01:30.0156 0836 ProfSvc - ok
08:01:30.0187 0836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:30.0187 0836 ProtectedStorage - ok
08:01:30.0234 0836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:01:30.0234 0836 Psched - ok
08:01:30.0343 0836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:01:30.0374 0836 ql2300 - ok
08:01:30.0452 0836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:01:30.0452 0836 ql40xx - ok
08:01:30.0499 0836 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:01:30.0514 0836 QWAVE - ok
08:01:30.0546 0836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:01:30.0546 0836 QWAVEdrv - ok
08:01:30.0561 0836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:01:30.0561 0836 RasAcd - ok
08:01:30.0577 0836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:01:30.0592 0836 RasAgileVpn - ok
08:01:30.0592 0836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:01:30.0608 0836 RasAuto - ok
08:01:30.0639 0836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:01:30.0639 0836 Rasl2tp - ok
08:01:30.0702 0836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:01:30.0702 0836 RasMan - ok
08:01:30.0733 0836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:01:30.0733 0836 RasPppoe - ok
08:01:30.0748 0836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:01:30.0764 0836 RasSstp - ok
08:01:30.0795 0836 rcmirror (1254bd851e51e0e771b0fa2cf926e75e) C:\Windows\system32\DRIVERS\rcmirror.sys
08:01:30.0795 0836 rcmirror - ok
08:01:30.0842 0836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:01:30.0842 0836 rdbss - ok
08:01:30.0873 0836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:01:30.0873 0836 rdpbus - ok
08:01:30.0889 0836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:01:30.0889 0836 RDPCDD - ok
08:01:30.0904 0836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:01:30.0904 0836 RDPENCDD - ok
08:01:30.0920 0836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:01:30.0936 0836 RDPREFMP - ok
08:01:30.0967 0836 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:01:30.0967 0836 RDPWD - ok
08:01:30.0998 0836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:01:30.0998 0836 rdyboost - ok
08:01:31.0045 0836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:01:31.0045 0836 RemoteAccess - ok
08:01:31.0076 0836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:01:31.0092 0836 RemoteRegistry - ok
08:01:31.0107 0836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:01:31.0107 0836 RpcEptMapper - ok
08:01:31.0138 0836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:01:31.0138 0836 RpcLocator - ok
08:01:31.0185 0836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:01:31.0201 0836 RpcSs - ok
08:01:31.0216 0836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:01:31.0216 0836 rspndr - ok
08:01:31.0248 0836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:31.0248 0836 SamSs - ok
08:01:31.0294 0836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:01:31.0294 0836 sbp2port - ok
08:01:31.0326 0836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:01:31.0326 0836 SCardSvr - ok
08:01:31.0357 0836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:01:31.0357 0836 scfilter - ok
08:01:31.0466 0836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:01:31.0482 0836 Schedule - ok
08:01:31.0513 0836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:01:31.0513 0836 SCPolicySvc - ok
08:01:31.0544 0836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:01:31.0560 0836 SDRSVC - ok
08:01:31.0591 0836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:01:31.0591 0836 secdrv - ok
08:01:31.0622 0836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:01:31.0622 0836 seclogon - ok
08:01:31.0653 0836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:01:31.0653 0836 SENS - ok
08:01:31.0653 0836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:01:31.0653 0836 SensrSvc - ok
08:01:31.0684 0836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:01:31.0684 0836 Serenum - ok
08:01:31.0716 0836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:01:31.0716 0836 Serial - ok
08:01:31.0747 0836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:01:31.0747 0836 sermouse - ok
08:01:31.0778 0836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:01:31.0794 0836 SessionEnv - ok
08:01:31.0840 0836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:01:31.0840 0836 sffdisk - ok
08:01:31.0840 0836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:01:31.0840 0836 sffp_mmc - ok
08:01:31.0872 0836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:01:31.0872 0836 sffp_sd - ok
08:01:31.0872 0836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:01:31.0872 0836 sfloppy - ok
08:01:31.0934 0836 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:01:31.0934 0836 SharedAccess - ok
08:01:31.0981 0836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:01:31.0996 0836 ShellHWDetection - ok
08:01:32.0028 0836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:01:32.0028 0836 SiSRaid2 - ok
08:01:32.0059 0836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:01:32.0059 0836 SiSRaid4 - ok
08:01:32.0090 0836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:01:32.0090 0836 Smb - ok
08:01:32.0121 0836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:01:32.0137 0836 SNMPTRAP - ok
08:01:32.0137 0836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:01:32.0152 0836 spldr - ok
08:01:32.0184 0836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:01:32.0184 0836 Spooler - ok
08:01:32.0402 0836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:01:32.0464 0836 sppsvc - ok
08:01:32.0542 0836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:01:32.0558 0836 sppuinotify - ok
08:01:32.0620 0836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:01:32.0636 0836 srv - ok
08:01:32.0683 0836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:01:32.0683 0836 srv2 - ok
08:01:32.0714 0836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:01:32.0714 0836 srvnet - ok
08:01:32.0745 0836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:01:32.0745 0836 SSDPSRV - ok
08:01:32.0761 0836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:01:32.0761 0836 SstpSvc - ok
08:01:32.0776 0836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:01:32.0776 0836 stexstor - ok
08:01:32.0839 0836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:01:32.0854 0836 stisvc - ok
08:01:32.0901 0836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:01:32.0901 0836 swenum - ok
08:01:32.0932 0836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:01:32.0948 0836 swprv - ok
08:01:33.0088 0836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:01:33.0104 0836 SysMain - ok
08:01:33.0213 0836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:01:33.0229 0836 TabletInputService - ok
08:01:33.0260 0836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:01:33.0276 0836 TapiSrv - ok
08:01:33.0291 0836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:01:33.0307 0836 TBS - ok
08:01:33.0447 0836 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:01:33.0463 0836 Tcpip - ok
08:01:33.0588 0836 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:01:33.0603 0836 TCPIP6 - ok
08:01:33.0666 0836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:01:33.0666 0836 tcpipreg - ok
08:01:33.0697 0836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:01:33.0697 0836 TDPIPE - ok
08:01:33.0744 0836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:01:33.0744 0836 TDTCP - ok
08:01:33.0775 0836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:01:33.0775 0836 tdx - ok
08:01:33.0806 0836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:01:33.0806 0836 TermDD - ok
08:01:33.0868 0836 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:01:33.0868 0836 TermService - ok
08:01:33.0900 0836 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:01:33.0900 0836 Themes - ok
08:01:33.0931 0836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:01:33.0931 0836 THREADORDER - ok
08:01:33.0946 0836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:01:33.0962 0836 TrkWks - ok
08:01:34.0009 0836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:01:34.0024 0836 TrustedInstaller - ok
08:01:34.0056 0836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:01:34.0071 0836 tssecsrv - ok
08:01:34.0118 0836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:01:34.0118 0836 TsUsbFlt - ok
08:01:34.0149 0836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:01:34.0149 0836 tunnel - ok
08:01:34.0180 0836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:01:34.0196 0836 uagp35 - ok
08:01:34.0243 0836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:01:34.0258 0836 udfs - ok
08:01:34.0274 0836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:01:34.0290 0836 UI0Detect - ok
08:01:34.0321 0836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:01:34.0321 0836 uliagpkx - ok
08:01:34.0352 0836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:01:34.0352 0836 umbus - ok
08:01:34.0368 0836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:01:34.0368 0836 UmPass - ok
08:01:34.0399 0836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:01:34.0414 0836 upnphost - ok
08:01:34.0446 0836 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:01:34.0446 0836 USBAAPL64 - ok
08:01:34.0477 0836 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
08:01:34.0477 0836 usbccgp - ok
08:01:34.0508 0836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:01:34.0508 0836 usbcir - ok
08:01:34.0539 0836 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
08:01:34.0539 0836 usbehci - ok
08:01:34.0555 0836 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
08:01:34.0570 0836 usbhub - ok
08:01:34.0570 0836 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
08:01:34.0586 0836 usbohci - ok
08:01:34.0602 0836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:01:34.0602 0836 usbprint - ok
08:01:34.0633 0836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:01:34.0633 0836 usbscan - ok
08:01:34.0648 0836 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:01:34.0664 0836 USBSTOR - ok
08:01:34.0680 0836 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
08:01:34.0680 0836 usbuhci - ok
08:01:34.0695 0836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:01:34.0695 0836 UxSms - ok
08:01:34.0726 0836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:01:34.0726 0836 VaultSvc - ok
08:01:34.0758 0836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:01:34.0758 0836 vdrvroot - ok
08:01:34.0804 0836 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:01:34.0820 0836 vds - ok
08:01:34.0836 0836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:01:34.0836 0836 vga - ok
08:01:34.0851 0836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:01:34.0851 0836 VgaSave - ok
08:01:34.0882 0836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:01:34.0882 0836 vhdmp - ok
08:01:34.0898 0836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:01:34.0898 0836 viaide - ok
08:01:34.0945 0836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:01:34.0945 0836 volmgr - ok
08:01:34.0992 0836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:01:34.0992 0836 volmgrx - ok
08:01:35.0023 0836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:01:35.0038 0836 volsnap - ok
08:01:35.0070 0836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:01:35.0085 0836 vsmraid - ok
08:01:35.0210 0836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:01:35.0226 0836 VSS - ok
08:01:35.0319 0836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:01:35.0319 0836 vwifibus - ok
08:01:35.0350 0836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:01:35.0366 0836 W32Time - ok
08:01:35.0397 0836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:01:35.0397 0836 WacomPen - ok
08:01:35.0413 0836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:01:35.0428 0836 WANARP - ok
08:01:35.0428 0836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:01:35.0428 0836 Wanarpv6 - ok
08:01:35.0538 0836 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:01:35.0569 0836 WatAdminSvc - ok
08:01:35.0694 0836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:01:35.0725 0836 wbengine - ok
08:01:35.0787 0836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:01:35.0803 0836 WbioSrvc - ok
08:01:35.0865 0836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:01:35.0881 0836 wcncsvc - ok
08:01:35.0896 0836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:01:35.0896 0836 WcsPlugInService - ok
08:01:35.0943 0836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:01:35.0943 0836 Wd - ok
08:01:36.0006 0836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:01:36.0006 0836 Wdf01000 - ok
08:01:36.0037 0836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:01:36.0052 0836 WdiServiceHost - ok
08:01:36.0068 0836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:01:36.0068 0836 WdiSystemHost - ok
08:01:36.0115 0836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:01:36.0130 0836 WebClient - ok
08:01:36.0146 0836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:01:36.0162 0836 Wecsvc - ok
08:01:36.0177 0836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:01:36.0193 0836 wercplsupport - ok
08:01:36.0193 0836 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:01:36.0208 0836 WerSvc - ok
08:01:36.0224 0836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:01:36.0224 0836 WfpLwf - ok
08:01:36.0240 0836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:01:36.0240 0836 WIMMount - ok
08:01:36.0255 0836 WinDefend - ok
08:01:36.0271 0836 WinHttpAutoProxySvc - ok
08:01:36.0349 0836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:01:36.0349 0836 Winmgmt - ok
08:01:36.0505 0836 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:01:36.0552 0836 WinRM - ok
08:01:36.0661 0836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:01:36.0661 0836 WinUsb - ok
08:01:36.0739 0836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:01:36.0770 0836 Wlansvc - ok
08:01:36.0770 0836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:01:36.0770 0836 WmiAcpi - ok
08:01:36.0832 0836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:01:36.0848 0836 wmiApSrv - ok
08:01:36.0879 0836 WMPNetworkSvc - ok
08:01:36.0895 0836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:01:36.0895 0836 WPCSvc - ok
08:01:36.0926 0836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:01:36.0942 0836 WPDBusEnum - ok
08:01:36.0957 0836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:01:36.0957 0836 ws2ifsl - ok
08:01:36.0973 0836 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:01:36.0988 0836 wscsvc - ok
08:01:36.0988 0836 WSearch - ok
08:01:37.0160 0836 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:01:37.0191 0836 wuauserv - ok
08:01:37.0300 0836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:01:37.0316 0836 WudfPf - ok
08:01:37.0347 0836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:01:37.0347 0836 WUDFRd - ok
08:01:37.0394 0836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:01:37.0394 0836 wudfsvc - ok
08:01:37.0425 0836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:01:37.0441 0836 WwanSvc - ok
08:01:37.0456 0836 MBR (0x1B8) (5778997d3e073c6583c14e80b2e5db74) \Device\Harddisk0\DR0
08:01:37.0503 0836 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
08:01:37.0503 0836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
08:01:37.0534 0836 Boot (0x1200) (d65ab95d09a71f8309ed638a241789f6) \Device\Harddisk0\DR0\Partition0
08:01:37.0534 0836 \Device\Harddisk0\DR0\Partition0 - ok
08:01:37.0550 0836 Boot (0x1200) (11661803d7d3128fb56a03ae762674f2) \Device\Harddisk0\DR0\Partition1
08:01:37.0550 0836 \Device\Harddisk0\DR0\Partition1 - ok
08:01:37.0581 0836 Boot (0x1200) (82df1a9c8372b9b60c4b12e206cd9d37) \Device\Harddisk0\DR0\Partition2
08:01:37.0581 0836 \Device\Harddisk0\DR0\Partition2 - ok
08:01:37.0597 0836 ============================================================
08:01:37.0597 0836 Scan finished
08:01:37.0597 0836 ============================================================
08:01:37.0612 3332 Detected object count: 1
08:01:37.0612 3332 Actual detected object count: 1
08:02:14.0323 3332 \Device\Harddisk0\DR0\# - copied to quarantine
08:02:14.0323 3332 \Device\Harddisk0\DR0 - copied to quarantine
08:02:14.0354 3332 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
08:02:14.0354 3332 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
08:02:14.0385 3332 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
08:02:14.0416 3332 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
08:02:14.0416 3332 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:02:14.0416 3332 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
08:02:14.0463 3332 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
08:02:14.0479 3332 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
08:02:14.0494 3332 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
08:02:14.0557 3332 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
08:02:14.0588 3332 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
08:02:14.0588 3332 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
08:02:14.0775 3332 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
08:02:14.0775 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
08:02:14.0775 3332 \Device\Harddisk0\DR0 - ok
08:02:15.0196 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
08:02:21.0857 2316 Deinitialize success

**dvk01** · 01-Jul-2012, 11:43 AM #7

how is it now

cortneyluv324 · 01-Jul-2012, 09:05 PM #8

It's slowly starting to look better. Thank you!

Some of my files seem to have returned. I've gone through and manually unhid most of my files. I unchecked the read only and hidden boxes under properties. Is this correct?

Should I keep everything I downloaded for the logs?

**dvk01** · 02-Jul-2012, 06:25 AM #9

try this to get the rest oif your missing files back

http://download.bleepingcomputer.com/grinler/unhide.exe

let us know if you still have any problems after that

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Emergency! Can't study! HDD Virus?

Find the solution to your computer problem!

Find the solution to your
computer problem!