1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Emergency! Can't study! HDD Virus?

Discussion in 'Virus & Other Malware Removal' started by cortneyluv324, Jun 30, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. cortneyluv324

    cortneyluv324 Thread Starter

    Joined:
    Jun 30, 2012
    Messages:
    5
    I was in the middle of studying for the GMAT which I take TOMORROW on the mba.com practice test website when this happened. It's totally possible that I clicked on something earlier though.

    All of a sudden everything shut down, my desktop icons disappeared, firefox closed, and I got the error message "seek error sector not found". I have tried to restore my compure to last known good configuration, and a restore point of a few days ago (failed). I ran malwarebytes, hijackthis, and DDS. Reports for all are below.

    I run 64 bit windows 7 Home Premium

    I have ran malwarebytes about 5 times. Here is that report:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.29.12
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    John :: JOHN-PC [administrator]
    6/29/2012 10:09:07 PM
    mbam-log-2012-06-29 (22-09-07).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 377392
    Time elapsed: 34 minute(s), 18 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    **************Here is the Hijackthis report:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:45:56 PM, on 6/29/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.30/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O4 - HKCU\..\Run: [rUXxmYSGwj.exe] C:\ProgramData\rUXxmYSGwj.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://192.168.1.30/DvrOcx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A296B9DA-F08B-4CDC-9FE1-1F5592267412}: NameServer = 192.168.1.1,192.168.1.2
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
    O23 - Service: HP Software Framework Service (hpqwmiex) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxbs_device - - C:\Windows\system32\lxbscoms.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 8987 bytes

    ************ DDS.txt report
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
    Run by John at 22:46:56 on 2012-06-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3879 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxbscoms.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://192.168.1.30/
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [rUXxmYSGwj.exe] C:\ProgramData\rUXxmYSGwj.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.30/DvrOcx.cab
    TCP: Interfaces\{A296B9DA-F08B-4CDC-9FE1-1F5592267412} : NameServer = 192.168.1.1,192.168.1.2
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    BHO-X64: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO-X64: PriceGong - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO-X64: HelloWorldBHO - No File
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ogps40nd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\John\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-6-29 66560]
    R3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
    S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 250056]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-30 04:52:44 388096 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-06-30 04:52:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-06-30 03:08:35 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F62D9A5-52C6-434E-B393-B63758046D11}\mpengine.dll
    2012-06-30 01:26:51 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
    2012-06-30 00:46:46 -------- d--h--w- C:\Users\John\AppData\Roaming\GMATPrep
    2012-06-30 00:46:27 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2012-06-30 00:46:27 -------- d-----w- C:\Program Files (x86)\GMATPrep2012
    2012-06-26 08:45:10 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-26 08:45:10 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-23 19:21:18 -------- d--h--w- C:\Users\John\AppData\Local\Macromedia
    2012-06-19 02:28:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 02:28:06 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 02:27:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 02:27:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-14 02:37:00 525312 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2012-06-14 02:37:00 505344 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2012-06-14 02:35:48 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-14 02:35:47 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-14 02:35:29 -------- d-----w- C:\Program Files\iPod
    2012-06-14 02:35:28 -------- d-----w- C:\Program Files\iTunes
    2012-06-14 02:35:28 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-06-03 01:36:10 -------- d--h--w- C:\ProgramData\McAfee Security Scan
    2012-06-03 01:36:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2012-06-03 01:36:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-03 01:36:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-02 23:42:42 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-06-02 23:42:25 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-02 23:42:25 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ==================== Find3M ====================
    .
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 22:54:38.59 ===============



    ***************Attach.txt log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/28/2009 3:59:30 PM
    System Uptime: 6/29/2012 9:48:33 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | VIOLET
    Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 584 GiB total, 503.984 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.175 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP349: 6/2/2012 4:41:48 PM - Installed Java(TM) 7 Update 4
    RP350: 6/2/2012 4:42:26 PM - Installed JavaFX 2.1.0
    RP351: 6/5/2012 3:00:20 AM - Windows Update
    RP352: 6/9/2012 9:47:20 AM - Windows Update
    RP353: 6/13/2012 7:35:45 PM - Windows Update
    RP354: 6/14/2012 3:00:24 AM - Windows Update
    RP355: 6/18/2012 7:27:37 PM - Windows Update
    RP356: 6/20/2012 6:25:49 AM - Windows Update
    RP357: 6/23/2012 12:22:46 PM - Windows Update
    RP358: 6/26/2012 7:15:14 PM - Windows Update
    RP359: 6/29/2012 8:07:57 PM - Windows Update
    RP360: 6/29/2012 9:38:35 PM - Restore Operation
    RP361: 6/29/2012 9:52:10 PM - Installed HiJackThis
    RP362: 6/29/2012 10:06:37 PM - Installed Microsoft Fix it 50267
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.2
    Apple Application Support
    Apple Software Update
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    CyberLink DVD Suite Deluxe
    DirectX for Managed Code Update (Summer 2004)
    Facebook Plug-In
    File Type Assistant
    Final Media Player 2011
    GMATPrep
    HiJackThis
    Homepage Protection
    HP Advisor
    HP Customer Experience Enhancements
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP RC Mirror Driver
    HP Remote Solution
    HP Setup
    HP Support Information
    HP Update
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Security Scan Plus
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office XP Standard
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Move Media Player
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PFPortChecker 1.0.32
    PictureMover
    Power2Go
    PowerDirector
    PowerRecover
    PriceGong 2.1.0
    QuickTime
    Realtek High Definition Audio Driver
    Silhouette Studio
    WinX Free MOV to MP4 Converter 4.1.10
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/29/2012 9:50:56 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
    6/29/2012 7:59:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 7:10:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 7:10:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/29/2012 7:10:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/29/2012 7:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/29/2012 7:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/29/2012 7:10:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    6/29/2012 6:15:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
    6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/29/2012 6:14:43 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  2. cortneyluv324

    cortneyluv324 Thread Starter

    Joined:
    Jun 30, 2012
    Messages:
    5
    Oh yeah, and when I use IE (since it won't let me use Firefox anymore), it keeps sending me to skeevy websites (not the link I click on)
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,875
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  4. cortneyluv324

    cortneyluv324 Thread Starter

    Joined:
    Jun 30, 2012
    Messages:
    5
    Here is the log:

    ComboFix 12-06-28.03 - John 06/30/2012 18:10:46.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4637 [GMT -7:00]
    Running from: c:\users\John\Desktop\username123.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\40034040
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-01 01:43 . 2012-07-01 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-01 01:43 . 2012-07-01 01:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-06-30 04:52 . 2012-06-30 04:52 388096 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-06-30 04:52 . 2012-06-30 04:52 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-06-30 03:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F62D9A5-52C6-434E-B393-B63758046D11}\mpengine.dll
    2012-06-30 01:26 . 2012-06-30 01:26 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe
    2012-06-30 00:46 . 2012-06-30 00:46 -------- d--h--w- c:\users\John\AppData\Roaming\GMATPrep
    2012-06-30 00:46 . 2012-06-30 04:47 -------- d-----w- c:\program files (x86)\GMATPrep2012
    2012-06-30 00:46 . 2012-04-19 22:34 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
    2012-06-26 08:45 . 2012-06-26 08:45 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-26 08:45 . 2012-06-26 08:45 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-23 19:21 . 2012-06-23 19:21 -------- d--h--w- c:\users\John\AppData\Local\Macromedia
    2012-06-19 02:28 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 02:28 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 02:28 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 02:28 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 02:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 02:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 02:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 02:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 02:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 02:37 . 2012-04-20 05:42 505344 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-06-14 02:37 . 2012-04-20 04:57 525312 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
    2012-06-14 02:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 02:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 02:35 . 2012-06-14 02:35 -------- d-----w- c:\program files\iPod
    2012-06-14 02:35 . 2012-06-14 02:35 -------- d-----w- c:\program files\iTunes
    2012-06-14 02:35 . 2012-06-14 02:35 -------- d-----w- c:\program files (x86)\iTunes
    2012-06-03 01:36 . 2012-06-30 04:47 -------- d--h--w- c:\programdata\McAfee Security Scan
    2012-06-03 01:36 . 2012-06-10 20:13 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-06-03 01:36 . 2012-06-03 01:36 -------- d--h--w- c:\programdata\McAfee
    2012-06-03 01:36 . 2012-06-23 19:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-03 01:36 . 2012-06-23 19:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-03 01:36 . 2012-06-30 04:47 -------- d-----w- c:\windows\system32\Macromed
    2012-06-02 23:46 . 2012-06-02 23:46 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-02 23:42 . 2012-06-02 23:42 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-02 23:42 . 2012-06-02 23:42 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-02 23:42 . 2012-04-05 01:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-02 23:42 . 2012-06-02 23:42 -------- d-----w- c:\program files (x86)\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
    S3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-09 5120]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:13]
    .
    2012-07-01 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-15 23:50]
    .
    2012-06-09 c:\windows\Tasks\HPCeeScheduleForJohn.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
    .
    2012-07-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://192.168.1.30/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: Interfaces\{A296B9DA-F08B-4CDC-9FE1-1F5592267412}: NameServer = 192.168.1.1,192.168.1.2
    DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.30/DvrOcx.cab
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ogps40nd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-rUXxmYSGwj.exe - c:\programdata\rUXxmYSGwj.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\nlssrv32.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-30 19:07:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-01 02:07
    .
    Pre-Run: 557,050,580,992 bytes free
    Post-Run: 553,985,294,336 bytes free
    .
    - - End Of File - - E33D45C11E876DFD1DC05997BD83B2B0
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,875
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  6. cortneyluv324

    cortneyluv324 Thread Starter

    Joined:
    Jun 30, 2012
    Messages:
    5
    TDSS Log:

    08:01:10.0890 2848 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
    08:01:11.0295 2848 ============================================================
    08:01:11.0295 2848 Current date / time: 2012/07/01 08:01:11.0295
    08:01:11.0295 2848 SystemInfo:
    08:01:11.0295 2848
    08:01:11.0295 2848 OS Version: 6.1.7601 ServicePack: 1.0
    08:01:11.0295 2848 Product type: Workstation
    08:01:11.0295 2848 ComputerName: JOHN-PC
    08:01:11.0295 2848 UserName: John
    08:01:11.0295 2848 Windows directory: C:\Windows
    08:01:11.0295 2848 System windows directory: C:\Windows
    08:01:11.0295 2848 Running under WOW64
    08:01:11.0295 2848 Processor architecture: Intel x64
    08:01:11.0295 2848 Number of processors: 4
    08:01:11.0295 2848 Page size: 0x1000
    08:01:11.0295 2848 Boot type: Normal boot
    08:01:11.0295 2848 ============================================================
    08:01:12.0122 2848 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:01:12.0153 2848 ============================================================
    08:01:12.0153 2848 \Device\Harddisk0\DR0:
    08:01:12.0153 2848 MBR partitions:
    08:01:12.0153 2848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    08:01:12.0153 2848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x49021000
    08:01:12.0153 2848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x49053800, BlocksNum 0x17FFAB0
    08:01:12.0153 2848 ============================================================
    08:01:12.0169 2848 C: <-> \Device\Harddisk0\DR0\Partition1
    08:01:12.0216 2848 D: <-> \Device\Harddisk0\DR0\Partition2
    08:01:12.0216 2848 ============================================================
    08:01:12.0216 2848 Initialize success
    08:01:12.0216 2848 ============================================================
    08:01:17.0317 0836 ============================================================
    08:01:17.0317 0836 Scan started
    08:01:17.0317 0836 Mode: Manual;
    08:01:17.0317 0836 ============================================================
    08:01:18.0814 0836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    08:01:18.0814 0836 1394ohci - ok
    08:01:18.0846 0836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    08:01:18.0861 0836 ACPI - ok
    08:01:18.0892 0836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    08:01:18.0892 0836 AcpiPmi - ok
    08:01:19.0002 0836 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    08:01:19.0017 0836 AdobeFlashPlayerUpdateSvc - ok
    08:01:19.0064 0836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    08:01:19.0095 0836 adp94xx - ok
    08:01:19.0142 0836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    08:01:19.0158 0836 adpahci - ok
    08:01:19.0173 0836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    08:01:19.0189 0836 adpu320 - ok
    08:01:19.0220 0836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    08:01:19.0220 0836 AeLookupSvc - ok
    08:01:19.0282 0836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    08:01:19.0298 0836 AFD - ok
    08:01:19.0329 0836 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
    08:01:19.0345 0836 AgereModemAudio - ok
    08:01:19.0423 0836 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys
    08:01:19.0470 0836 AgereSoftModem - ok
    08:01:19.0579 0836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    08:01:19.0610 0836 agp440 - ok
    08:01:19.0626 0836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    08:01:19.0626 0836 ALG - ok
    08:01:19.0641 0836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    08:01:19.0641 0836 aliide - ok
    08:01:19.0657 0836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    08:01:19.0657 0836 amdide - ok
    08:01:19.0672 0836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    08:01:19.0688 0836 AmdK8 - ok
    08:01:19.0704 0836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    08:01:19.0704 0836 AmdPPM - ok
    08:01:19.0735 0836 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    08:01:19.0735 0836 amdsata - ok
    08:01:19.0766 0836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    08:01:19.0782 0836 amdsbs - ok
    08:01:19.0797 0836 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    08:01:19.0797 0836 amdxata - ok
    08:01:19.0828 0836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    08:01:19.0828 0836 AppID - ok
    08:01:19.0844 0836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    08:01:19.0844 0836 AppIDSvc - ok
    08:01:19.0875 0836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    08:01:19.0891 0836 Appinfo - ok
    08:01:19.0953 0836 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    08:01:19.0953 0836 Apple Mobile Device - ok
    08:01:19.0984 0836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    08:01:19.0984 0836 arc - ok
    08:01:20.0016 0836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    08:01:20.0016 0836 arcsas - ok
    08:01:20.0031 0836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    08:01:20.0031 0836 AsyncMac - ok
    08:01:20.0078 0836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    08:01:20.0078 0836 atapi - ok
    08:01:20.0140 0836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    08:01:20.0172 0836 AudioEndpointBuilder - ok
    08:01:20.0187 0836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    08:01:20.0187 0836 AudioSrv - ok
    08:01:20.0234 0836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    08:01:20.0234 0836 AxInstSV - ok
    08:01:20.0281 0836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    08:01:20.0296 0836 b06bdrv - ok
    08:01:20.0328 0836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    08:01:20.0343 0836 b57nd60a - ok
    08:01:20.0374 0836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    08:01:20.0374 0836 BDESVC - ok
    08:01:20.0390 0836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    08:01:20.0390 0836 Beep - ok
    08:01:20.0468 0836 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    08:01:20.0484 0836 BFE - ok
    08:01:20.0577 0836 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    08:01:20.0593 0836 BITS - ok
    08:01:20.0640 0836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    08:01:20.0640 0836 blbdrive - ok
    08:01:20.0718 0836 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    08:01:20.0733 0836 Bonjour Service - ok
    08:01:20.0764 0836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    08:01:20.0764 0836 bowser - ok
    08:01:20.0796 0836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    08:01:20.0796 0836 BrFiltLo - ok
    08:01:20.0796 0836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    08:01:20.0796 0836 BrFiltUp - ok
    08:01:20.0842 0836 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    08:01:20.0842 0836 BridgeMP - ok
    08:01:20.0874 0836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    08:01:20.0874 0836 Browser - ok
    08:01:20.0905 0836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    08:01:20.0905 0836 Brserid - ok
    08:01:20.0920 0836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    08:01:20.0920 0836 BrSerWdm - ok
    08:01:20.0936 0836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    08:01:20.0936 0836 BrUsbMdm - ok
    08:01:20.0952 0836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    08:01:20.0952 0836 BrUsbSer - ok
    08:01:20.0967 0836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    08:01:20.0967 0836 BTHMODEM - ok
    08:01:20.0998 0836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    08:01:20.0998 0836 bthserv - ok
    08:01:21.0045 0836 catchme - ok
    08:01:21.0061 0836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    08:01:21.0061 0836 cdfs - ok
    08:01:21.0092 0836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    08:01:21.0092 0836 cdrom - ok
    08:01:21.0123 0836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    08:01:21.0123 0836 CertPropSvc - ok
    08:01:21.0139 0836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    08:01:21.0139 0836 circlass - ok
    08:01:21.0154 0836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    08:01:21.0170 0836 CLFS - ok
    08:01:21.0217 0836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    08:01:21.0217 0836 clr_optimization_v2.0.50727_32 - ok
    08:01:21.0264 0836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    08:01:21.0264 0836 clr_optimization_v2.0.50727_64 - ok
    08:01:21.0295 0836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    08:01:21.0295 0836 CmBatt - ok
    08:01:21.0326 0836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    08:01:21.0326 0836 cmdide - ok
    08:01:21.0388 0836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    08:01:21.0388 0836 CNG - ok
    08:01:21.0420 0836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    08:01:21.0420 0836 Compbatt - ok
    08:01:21.0451 0836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    08:01:21.0451 0836 CompositeBus - ok
    08:01:21.0451 0836 COMSysApp - ok
    08:01:21.0482 0836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    08:01:21.0498 0836 crcdisk - ok
    08:01:21.0544 0836 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    08:01:21.0544 0836 CryptSvc - ok
    08:01:21.0591 0836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    08:01:21.0607 0836 DcomLaunch - ok
    08:01:21.0654 0836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    08:01:21.0669 0836 defragsvc - ok
    08:01:21.0700 0836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    08:01:21.0700 0836 DfsC - ok
    08:01:21.0747 0836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    08:01:21.0763 0836 Dhcp - ok
    08:01:21.0794 0836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    08:01:21.0794 0836 discache - ok
    08:01:21.0810 0836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    08:01:21.0810 0836 Disk - ok
    08:01:21.0841 0836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    08:01:21.0856 0836 Dnscache - ok
    08:01:21.0903 0836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    08:01:21.0903 0836 dot3svc - ok
    08:01:21.0950 0836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    08:01:21.0966 0836 DPS - ok
    08:01:21.0981 0836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    08:01:21.0981 0836 drmkaud - ok
    08:01:22.0075 0836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    08:01:22.0090 0836 DXGKrnl - ok
    08:01:22.0137 0836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    08:01:22.0137 0836 EapHost - ok
    08:01:22.0340 0836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    08:01:22.0387 0836 ebdrv - ok
    08:01:22.0465 0836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    08:01:22.0480 0836 EFS - ok
    08:01:22.0558 0836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    08:01:22.0590 0836 ehRecvr - ok
    08:01:22.0605 0836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    08:01:22.0636 0836 ehSched - ok
    08:01:22.0699 0836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    08:01:22.0714 0836 elxstor - ok
    08:01:22.0746 0836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    08:01:22.0761 0836 ErrDev - ok
    08:01:22.0808 0836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    08:01:22.0808 0836 EventSystem - ok
    08:01:22.0839 0836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    08:01:22.0839 0836 exfat - ok
    08:01:22.0870 0836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    08:01:22.0870 0836 fastfat - ok
    08:01:22.0948 0836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    08:01:22.0964 0836 Fax - ok
    08:01:22.0995 0836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    08:01:22.0995 0836 fdc - ok
    08:01:23.0011 0836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    08:01:23.0011 0836 fdPHost - ok
    08:01:23.0026 0836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    08:01:23.0026 0836 FDResPub - ok
    08:01:23.0042 0836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    08:01:23.0058 0836 FileInfo - ok
    08:01:23.0058 0836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    08:01:23.0058 0836 Filetrace - ok
    08:01:23.0089 0836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    08:01:23.0089 0836 flpydisk - ok
    08:01:23.0136 0836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    08:01:23.0136 0836 FltMgr - ok
    08:01:23.0245 0836 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
    08:01:23.0276 0836 FontCache - ok
    08:01:23.0323 0836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    08:01:23.0338 0836 FontCache3.0.0.0 - ok
    08:01:23.0370 0836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    08:01:23.0370 0836 FsDepends - ok
    08:01:23.0401 0836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    08:01:23.0401 0836 Fs_Rec - ok
    08:01:23.0448 0836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    08:01:23.0448 0836 fvevol - ok
    08:01:23.0479 0836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    08:01:23.0479 0836 gagp30kx - ok
    08:01:23.0494 0836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    08:01:23.0494 0836 GEARAspiWDM - ok
    08:01:23.0557 0836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    08:01:23.0572 0836 gpsvc - ok
    08:01:23.0604 0836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    08:01:23.0604 0836 hcw85cir - ok
    08:01:23.0635 0836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    08:01:23.0635 0836 HDAudBus - ok
    08:01:23.0650 0836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    08:01:23.0650 0836 HidBatt - ok
    08:01:23.0682 0836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    08:01:23.0682 0836 HidBth - ok
    08:01:23.0697 0836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    08:01:23.0697 0836 HidIr - ok
    08:01:23.0728 0836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    08:01:23.0728 0836 hidserv - ok
    08:01:23.0744 0836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    08:01:23.0744 0836 HidUsb - ok
    08:01:23.0791 0836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    08:01:23.0791 0836 hkmsvc - ok
    08:01:23.0822 0836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    08:01:23.0838 0836 HomeGroupListener - ok
    08:01:23.0869 0836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    08:01:23.0884 0836 HomeGroupProvider - ok
    08:01:23.0947 0836 HP Support Assistant Service - ok
    08:01:23.0978 0836 hpqwmiex - ok
    08:01:23.0994 0836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    08:01:24.0009 0836 HpSAMD - ok
    08:01:24.0072 0836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    08:01:24.0087 0836 HTTP - ok
    08:01:24.0134 0836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    08:01:24.0134 0836 hwpolicy - ok
    08:01:24.0165 0836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    08:01:24.0181 0836 i8042prt - ok
    08:01:24.0228 0836 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    08:01:24.0259 0836 iaStorV - ok
    08:01:24.0368 0836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    08:01:24.0384 0836 idsvc - ok
    08:01:24.0415 0836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    08:01:24.0415 0836 iirsp - ok
    08:01:24.0493 0836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    08:01:24.0508 0836 IKEEXT - ok
    08:01:24.0664 0836 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
    08:01:24.0680 0836 IntcAzAudAddService - ok
    08:01:24.0774 0836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    08:01:24.0774 0836 intelide - ok
    08:01:24.0805 0836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    08:01:24.0805 0836 intelppm - ok
    08:01:24.0852 0836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    08:01:24.0852 0836 IPBusEnum - ok
    08:01:24.0883 0836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    08:01:24.0898 0836 IpFilterDriver - ok
    08:01:24.0961 0836 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    08:01:24.0976 0836 iphlpsvc - ok
    08:01:25.0008 0836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    08:01:25.0008 0836 IPMIDRV - ok
    08:01:25.0039 0836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    08:01:25.0039 0836 IPNAT - ok
    08:01:25.0148 0836 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    08:01:25.0179 0836 iPod Service - ok
    08:01:25.0179 0836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    08:01:25.0179 0836 IRENUM - ok
    08:01:25.0195 0836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    08:01:25.0195 0836 isapnp - ok
    08:01:25.0226 0836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    08:01:25.0242 0836 iScsiPrt - ok
    08:01:25.0257 0836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    08:01:25.0257 0836 kbdclass - ok
    08:01:25.0304 0836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    08:01:25.0304 0836 kbdhid - ok
    08:01:25.0335 0836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    08:01:25.0335 0836 KeyIso - ok
    08:01:25.0351 0836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    08:01:25.0351 0836 KSecDD - ok
    08:01:25.0382 0836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    08:01:25.0382 0836 KSecPkg - ok
    08:01:25.0398 0836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    08:01:25.0398 0836 ksthunk - ok
    08:01:25.0429 0836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    08:01:25.0444 0836 KtmRm - ok
    08:01:25.0491 0836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    08:01:25.0491 0836 LanmanServer - ok
    08:01:25.0538 0836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    08:01:25.0538 0836 LanmanWorkstation - ok
    08:01:25.0616 0836 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    08:01:25.0616 0836 LightScribeService - ok
    08:01:25.0632 0836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    08:01:25.0632 0836 lltdio - ok
    08:01:25.0663 0836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    08:01:25.0678 0836 lltdsvc - ok
    08:01:25.0694 0836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    08:01:25.0694 0836 lmhosts - ok
    08:01:25.0725 0836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    08:01:25.0725 0836 LSI_FC - ok
    08:01:25.0772 0836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    08:01:25.0772 0836 LSI_SAS - ok
    08:01:25.0803 0836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    08:01:25.0803 0836 LSI_SAS2 - ok
    08:01:25.0834 0836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    08:01:25.0834 0836 LSI_SCSI - ok
    08:01:25.0866 0836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    08:01:25.0866 0836 luafv - ok
    08:01:25.0866 0836 lxbs_device - ok
    08:01:25.0944 0836 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    08:01:25.0944 0836 McComponentHostService - ok
    08:01:25.0975 0836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    08:01:25.0990 0836 Mcx2Svc - ok
    08:01:26.0022 0836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    08:01:26.0022 0836 megasas - ok
    08:01:26.0053 0836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    08:01:26.0068 0836 MegaSR - ok
    08:01:26.0100 0836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    08:01:26.0100 0836 MMCSS - ok
    08:01:26.0115 0836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    08:01:26.0115 0836 Modem - ok
    08:01:26.0115 0836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    08:01:26.0115 0836 monitor - ok
    08:01:26.0146 0836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    08:01:26.0146 0836 mouclass - ok
    08:01:26.0162 0836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    08:01:26.0162 0836 mouhid - ok
    08:01:26.0209 0836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    08:01:26.0209 0836 mountmgr - ok
    08:01:26.0240 0836 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    08:01:26.0240 0836 MozillaMaintenance - ok
    08:01:26.0287 0836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    08:01:26.0302 0836 mpio - ok
    08:01:26.0318 0836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    08:01:26.0334 0836 mpsdrv - ok
    08:01:26.0412 0836 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    08:01:26.0443 0836 MpsSvc - ok
    08:01:26.0490 0836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    08:01:26.0490 0836 MRxDAV - ok
    08:01:26.0521 0836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    08:01:26.0521 0836 mrxsmb - ok
    08:01:26.0583 0836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    08:01:26.0583 0836 mrxsmb10 - ok
    08:01:26.0599 0836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    08:01:26.0599 0836 mrxsmb20 - ok
    08:01:26.0614 0836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    08:01:26.0630 0836 msahci - ok
    08:01:26.0661 0836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    08:01:26.0661 0836 msdsm - ok
    08:01:26.0692 0836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    08:01:26.0708 0836 MSDTC - ok
    08:01:26.0724 0836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    08:01:26.0724 0836 Msfs - ok
    08:01:26.0739 0836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    08:01:26.0739 0836 mshidkmdf - ok
    08:01:26.0755 0836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    08:01:26.0755 0836 msisadrv - ok
    08:01:26.0770 0836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    08:01:26.0786 0836 MSiSCSI - ok
    08:01:26.0786 0836 msiserver - ok
    08:01:26.0802 0836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    08:01:26.0802 0836 MSKSSRV - ok
    08:01:26.0817 0836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    08:01:26.0817 0836 MSPCLOCK - ok
    08:01:26.0817 0836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    08:01:26.0817 0836 MSPQM - ok
    08:01:26.0864 0836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    08:01:26.0864 0836 MsRPC - ok
    08:01:26.0880 0836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    08:01:26.0880 0836 mssmbios - ok
    08:01:26.0880 0836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    08:01:26.0880 0836 MSTEE - ok
    08:01:26.0911 0836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    08:01:26.0911 0836 MTConfig - ok
    08:01:26.0926 0836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    08:01:26.0926 0836 Mup - ok
    08:01:26.0973 0836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    08:01:26.0989 0836 napagent - ok
    08:01:27.0036 0836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    08:01:27.0036 0836 NativeWifiP - ok
    08:01:27.0114 0836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    08:01:27.0129 0836 NDIS - ok
    08:01:27.0145 0836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    08:01:27.0145 0836 NdisCap - ok
    08:01:27.0160 0836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    08:01:27.0160 0836 NdisTapi - ok
    08:01:27.0192 0836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    08:01:27.0192 0836 Ndisuio - ok
    08:01:27.0223 0836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    08:01:27.0238 0836 NdisWan - ok
    08:01:27.0270 0836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    08:01:27.0270 0836 NDProxy - ok
    08:01:27.0285 0836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    08:01:27.0285 0836 NetBIOS - ok
    08:01:27.0332 0836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    08:01:27.0348 0836 NetBT - ok
    08:01:27.0379 0836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    08:01:27.0379 0836 Netlogon - ok
    08:01:27.0410 0836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    08:01:27.0426 0836 Netman - ok
    08:01:27.0457 0836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    08:01:27.0472 0836 netprofm - ok
    08:01:27.0535 0836 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    08:01:27.0550 0836 NetTcpPortSharing - ok
    08:01:27.0566 0836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    08:01:27.0582 0836 nfrd960 - ok
    08:01:27.0628 0836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    08:01:27.0644 0836 NlaSvc - ok
    08:01:27.0738 0836 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
    08:01:27.0738 0836 nlsX86cc - ok
    08:01:27.0753 0836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    08:01:27.0753 0836 Npfs - ok
    08:01:27.0769 0836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    08:01:27.0784 0836 nsi - ok
    08:01:27.0800 0836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    08:01:27.0800 0836 nsiproxy - ok
    08:01:27.0925 0836 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    08:01:27.0940 0836 Ntfs - ok
    08:01:28.0018 0836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    08:01:28.0034 0836 Null - ok
    08:01:28.0658 0836 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    08:01:28.0720 0836 nvlddmkm - ok
    08:01:28.0830 0836 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
    08:01:28.0845 0836 NVNET - ok
    08:01:28.0876 0836 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    08:01:28.0892 0836 nvraid - ok
    08:01:28.0923 0836 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
    08:01:28.0923 0836 nvsmu - ok
    08:01:28.0970 0836 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    08:01:28.0970 0836 nvstor - ok
    08:01:29.0017 0836 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
    08:01:29.0017 0836 nvstor64 - ok
    08:01:29.0064 0836 nvsvc (e71cfa7ae5e7518e29073d7c20a8fca1) C:\Windows\system32\nvvsvc.exe
    08:01:29.0079 0836 nvsvc - ok
    08:01:29.0095 0836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    08:01:29.0110 0836 nv_agp - ok
    08:01:29.0142 0836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    08:01:29.0142 0836 ohci1394 - ok
    08:01:29.0188 0836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    08:01:29.0204 0836 p2pimsvc - ok
    08:01:29.0235 0836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    08:01:29.0266 0836 p2psvc - ok
    08:01:29.0298 0836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    08:01:29.0298 0836 Parport - ok
    08:01:29.0344 0836 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    08:01:29.0344 0836 partmgr - ok
    08:01:29.0360 0836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    08:01:29.0376 0836 PcaSvc - ok
    08:01:29.0391 0836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    08:01:29.0407 0836 pci - ok
    08:01:29.0422 0836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    08:01:29.0422 0836 pciide - ok
    08:01:29.0454 0836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    08:01:29.0454 0836 pcmcia - ok
    08:01:29.0485 0836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    08:01:29.0485 0836 pcw - ok
    08:01:29.0532 0836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    08:01:29.0532 0836 PEAUTH - ok
    08:01:29.0594 0836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    08:01:29.0594 0836 PerfHost - ok
    08:01:29.0719 0836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    08:01:29.0750 0836 pla - ok
    08:01:29.0797 0836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    08:01:29.0797 0836 PlugPlay - ok
    08:01:29.0828 0836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    08:01:29.0828 0836 PNRPAutoReg - ok
    08:01:29.0859 0836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    08:01:29.0859 0836 PNRPsvc - ok
    08:01:29.0906 0836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    08:01:29.0906 0836 PolicyAgent - ok
    08:01:29.0937 0836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    08:01:29.0953 0836 Power - ok
    08:01:30.0015 0836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    08:01:30.0031 0836 PptpMiniport - ok
    08:01:30.0062 0836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    08:01:30.0062 0836 Processor - ok
    08:01:30.0093 0836 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    08:01:30.0156 0836 ProfSvc - ok
    08:01:30.0187 0836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    08:01:30.0187 0836 ProtectedStorage - ok
    08:01:30.0234 0836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    08:01:30.0234 0836 Psched - ok
    08:01:30.0343 0836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    08:01:30.0374 0836 ql2300 - ok
    08:01:30.0452 0836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    08:01:30.0452 0836 ql40xx - ok
    08:01:30.0499 0836 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    08:01:30.0514 0836 QWAVE - ok
    08:01:30.0546 0836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    08:01:30.0546 0836 QWAVEdrv - ok
    08:01:30.0561 0836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    08:01:30.0561 0836 RasAcd - ok
    08:01:30.0577 0836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    08:01:30.0592 0836 RasAgileVpn - ok
    08:01:30.0592 0836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    08:01:30.0608 0836 RasAuto - ok
    08:01:30.0639 0836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    08:01:30.0639 0836 Rasl2tp - ok
    08:01:30.0702 0836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    08:01:30.0702 0836 RasMan - ok
    08:01:30.0733 0836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    08:01:30.0733 0836 RasPppoe - ok
    08:01:30.0748 0836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    08:01:30.0764 0836 RasSstp - ok
    08:01:30.0795 0836 rcmirror (1254bd851e51e0e771b0fa2cf926e75e) C:\Windows\system32\DRIVERS\rcmirror.sys
    08:01:30.0795 0836 rcmirror - ok
    08:01:30.0842 0836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    08:01:30.0842 0836 rdbss - ok
    08:01:30.0873 0836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    08:01:30.0873 0836 rdpbus - ok
    08:01:30.0889 0836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    08:01:30.0889 0836 RDPCDD - ok
    08:01:30.0904 0836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    08:01:30.0904 0836 RDPENCDD - ok
    08:01:30.0920 0836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    08:01:30.0936 0836 RDPREFMP - ok
    08:01:30.0967 0836 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    08:01:30.0967 0836 RDPWD - ok
    08:01:30.0998 0836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    08:01:30.0998 0836 rdyboost - ok
    08:01:31.0045 0836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    08:01:31.0045 0836 RemoteAccess - ok
    08:01:31.0076 0836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    08:01:31.0092 0836 RemoteRegistry - ok
    08:01:31.0107 0836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    08:01:31.0107 0836 RpcEptMapper - ok
    08:01:31.0138 0836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    08:01:31.0138 0836 RpcLocator - ok
    08:01:31.0185 0836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    08:01:31.0201 0836 RpcSs - ok
    08:01:31.0216 0836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    08:01:31.0216 0836 rspndr - ok
    08:01:31.0248 0836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    08:01:31.0248 0836 SamSs - ok
    08:01:31.0294 0836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    08:01:31.0294 0836 sbp2port - ok
    08:01:31.0326 0836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    08:01:31.0326 0836 SCardSvr - ok
    08:01:31.0357 0836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    08:01:31.0357 0836 scfilter - ok
    08:01:31.0466 0836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    08:01:31.0482 0836 Schedule - ok
    08:01:31.0513 0836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    08:01:31.0513 0836 SCPolicySvc - ok
    08:01:31.0544 0836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    08:01:31.0560 0836 SDRSVC - ok
    08:01:31.0591 0836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    08:01:31.0591 0836 secdrv - ok
    08:01:31.0622 0836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    08:01:31.0622 0836 seclogon - ok
    08:01:31.0653 0836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    08:01:31.0653 0836 SENS - ok
    08:01:31.0653 0836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    08:01:31.0653 0836 SensrSvc - ok
    08:01:31.0684 0836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    08:01:31.0684 0836 Serenum - ok
    08:01:31.0716 0836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    08:01:31.0716 0836 Serial - ok
    08:01:31.0747 0836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    08:01:31.0747 0836 sermouse - ok
    08:01:31.0778 0836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    08:01:31.0794 0836 SessionEnv - ok
    08:01:31.0840 0836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    08:01:31.0840 0836 sffdisk - ok
    08:01:31.0840 0836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    08:01:31.0840 0836 sffp_mmc - ok
    08:01:31.0872 0836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    08:01:31.0872 0836 sffp_sd - ok
    08:01:31.0872 0836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    08:01:31.0872 0836 sfloppy - ok
    08:01:31.0934 0836 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    08:01:31.0934 0836 SharedAccess - ok
    08:01:31.0981 0836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    08:01:31.0996 0836 ShellHWDetection - ok
    08:01:32.0028 0836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    08:01:32.0028 0836 SiSRaid2 - ok
    08:01:32.0059 0836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    08:01:32.0059 0836 SiSRaid4 - ok
    08:01:32.0090 0836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    08:01:32.0090 0836 Smb - ok
    08:01:32.0121 0836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    08:01:32.0137 0836 SNMPTRAP - ok
    08:01:32.0137 0836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    08:01:32.0152 0836 spldr - ok
    08:01:32.0184 0836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    08:01:32.0184 0836 Spooler - ok
    08:01:32.0402 0836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    08:01:32.0464 0836 sppsvc - ok
    08:01:32.0542 0836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    08:01:32.0558 0836 sppuinotify - ok
    08:01:32.0620 0836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    08:01:32.0636 0836 srv - ok
    08:01:32.0683 0836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    08:01:32.0683 0836 srv2 - ok
    08:01:32.0714 0836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    08:01:32.0714 0836 srvnet - ok
    08:01:32.0745 0836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    08:01:32.0745 0836 SSDPSRV - ok
    08:01:32.0761 0836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    08:01:32.0761 0836 SstpSvc - ok
    08:01:32.0776 0836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    08:01:32.0776 0836 stexstor - ok
    08:01:32.0839 0836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    08:01:32.0854 0836 stisvc - ok
    08:01:32.0901 0836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    08:01:32.0901 0836 swenum - ok
    08:01:32.0932 0836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    08:01:32.0948 0836 swprv - ok
    08:01:33.0088 0836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    08:01:33.0104 0836 SysMain - ok
    08:01:33.0213 0836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    08:01:33.0229 0836 TabletInputService - ok
    08:01:33.0260 0836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    08:01:33.0276 0836 TapiSrv - ok
    08:01:33.0291 0836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    08:01:33.0307 0836 TBS - ok
    08:01:33.0447 0836 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    08:01:33.0463 0836 Tcpip - ok
    08:01:33.0588 0836 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    08:01:33.0603 0836 TCPIP6 - ok
    08:01:33.0666 0836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    08:01:33.0666 0836 tcpipreg - ok
    08:01:33.0697 0836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    08:01:33.0697 0836 TDPIPE - ok
    08:01:33.0744 0836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    08:01:33.0744 0836 TDTCP - ok
    08:01:33.0775 0836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    08:01:33.0775 0836 tdx - ok
    08:01:33.0806 0836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    08:01:33.0806 0836 TermDD - ok
    08:01:33.0868 0836 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    08:01:33.0868 0836 TermService - ok
    08:01:33.0900 0836 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    08:01:33.0900 0836 Themes - ok
    08:01:33.0931 0836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    08:01:33.0931 0836 THREADORDER - ok
    08:01:33.0946 0836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    08:01:33.0962 0836 TrkWks - ok
    08:01:34.0009 0836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    08:01:34.0024 0836 TrustedInstaller - ok
    08:01:34.0056 0836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    08:01:34.0071 0836 tssecsrv - ok
    08:01:34.0118 0836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    08:01:34.0118 0836 TsUsbFlt - ok
    08:01:34.0149 0836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    08:01:34.0149 0836 tunnel - ok
    08:01:34.0180 0836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    08:01:34.0196 0836 uagp35 - ok
    08:01:34.0243 0836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    08:01:34.0258 0836 udfs - ok
    08:01:34.0274 0836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    08:01:34.0290 0836 UI0Detect - ok
    08:01:34.0321 0836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    08:01:34.0321 0836 uliagpkx - ok
    08:01:34.0352 0836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    08:01:34.0352 0836 umbus - ok
    08:01:34.0368 0836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    08:01:34.0368 0836 UmPass - ok
    08:01:34.0399 0836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    08:01:34.0414 0836 upnphost - ok
    08:01:34.0446 0836 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    08:01:34.0446 0836 USBAAPL64 - ok
    08:01:34.0477 0836 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
    08:01:34.0477 0836 usbccgp - ok
    08:01:34.0508 0836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    08:01:34.0508 0836 usbcir - ok
    08:01:34.0539 0836 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
    08:01:34.0539 0836 usbehci - ok
    08:01:34.0555 0836 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    08:01:34.0570 0836 usbhub - ok
    08:01:34.0570 0836 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
    08:01:34.0586 0836 usbohci - ok
    08:01:34.0602 0836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    08:01:34.0602 0836 usbprint - ok
    08:01:34.0633 0836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    08:01:34.0633 0836 usbscan - ok
    08:01:34.0648 0836 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    08:01:34.0664 0836 USBSTOR - ok
    08:01:34.0680 0836 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    08:01:34.0680 0836 usbuhci - ok
    08:01:34.0695 0836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    08:01:34.0695 0836 UxSms - ok
    08:01:34.0726 0836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    08:01:34.0726 0836 VaultSvc - ok
    08:01:34.0758 0836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    08:01:34.0758 0836 vdrvroot - ok
    08:01:34.0804 0836 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    08:01:34.0820 0836 vds - ok
    08:01:34.0836 0836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    08:01:34.0836 0836 vga - ok
    08:01:34.0851 0836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    08:01:34.0851 0836 VgaSave - ok
    08:01:34.0882 0836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    08:01:34.0882 0836 vhdmp - ok
    08:01:34.0898 0836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    08:01:34.0898 0836 viaide - ok
    08:01:34.0945 0836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    08:01:34.0945 0836 volmgr - ok
    08:01:34.0992 0836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    08:01:34.0992 0836 volmgrx - ok
    08:01:35.0023 0836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    08:01:35.0038 0836 volsnap - ok
    08:01:35.0070 0836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    08:01:35.0085 0836 vsmraid - ok
    08:01:35.0210 0836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    08:01:35.0226 0836 VSS - ok
    08:01:35.0319 0836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    08:01:35.0319 0836 vwifibus - ok
    08:01:35.0350 0836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    08:01:35.0366 0836 W32Time - ok
    08:01:35.0397 0836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    08:01:35.0397 0836 WacomPen - ok
    08:01:35.0413 0836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    08:01:35.0428 0836 WANARP - ok
    08:01:35.0428 0836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    08:01:35.0428 0836 Wanarpv6 - ok
    08:01:35.0538 0836 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    08:01:35.0569 0836 WatAdminSvc - ok
    08:01:35.0694 0836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    08:01:35.0725 0836 wbengine - ok
    08:01:35.0787 0836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    08:01:35.0803 0836 WbioSrvc - ok
    08:01:35.0865 0836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    08:01:35.0881 0836 wcncsvc - ok
    08:01:35.0896 0836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    08:01:35.0896 0836 WcsPlugInService - ok
    08:01:35.0943 0836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    08:01:35.0943 0836 Wd - ok
    08:01:36.0006 0836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    08:01:36.0006 0836 Wdf01000 - ok
    08:01:36.0037 0836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    08:01:36.0052 0836 WdiServiceHost - ok
    08:01:36.0068 0836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    08:01:36.0068 0836 WdiSystemHost - ok
    08:01:36.0115 0836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    08:01:36.0130 0836 WebClient - ok
    08:01:36.0146 0836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    08:01:36.0162 0836 Wecsvc - ok
    08:01:36.0177 0836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    08:01:36.0193 0836 wercplsupport - ok
    08:01:36.0193 0836 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    08:01:36.0208 0836 WerSvc - ok
    08:01:36.0224 0836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    08:01:36.0224 0836 WfpLwf - ok
    08:01:36.0240 0836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    08:01:36.0240 0836 WIMMount - ok
    08:01:36.0255 0836 WinDefend - ok
    08:01:36.0271 0836 WinHttpAutoProxySvc - ok
    08:01:36.0349 0836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    08:01:36.0349 0836 Winmgmt - ok
    08:01:36.0505 0836 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    08:01:36.0552 0836 WinRM - ok
    08:01:36.0661 0836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    08:01:36.0661 0836 WinUsb - ok
    08:01:36.0739 0836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    08:01:36.0770 0836 Wlansvc - ok
    08:01:36.0770 0836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    08:01:36.0770 0836 WmiAcpi - ok
    08:01:36.0832 0836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    08:01:36.0848 0836 wmiApSrv - ok
    08:01:36.0879 0836 WMPNetworkSvc - ok
    08:01:36.0895 0836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    08:01:36.0895 0836 WPCSvc - ok
    08:01:36.0926 0836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    08:01:36.0942 0836 WPDBusEnum - ok
    08:01:36.0957 0836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    08:01:36.0957 0836 ws2ifsl - ok
    08:01:36.0973 0836 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    08:01:36.0988 0836 wscsvc - ok
    08:01:36.0988 0836 WSearch - ok
    08:01:37.0160 0836 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    08:01:37.0191 0836 wuauserv - ok
    08:01:37.0300 0836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    08:01:37.0316 0836 WudfPf - ok
    08:01:37.0347 0836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    08:01:37.0347 0836 WUDFRd - ok
    08:01:37.0394 0836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    08:01:37.0394 0836 wudfsvc - ok
    08:01:37.0425 0836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    08:01:37.0441 0836 WwanSvc - ok
    08:01:37.0456 0836 MBR (0x1B8) (5778997d3e073c6583c14e80b2e5db74) \Device\Harddisk0\DR0
    08:01:37.0503 0836 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    08:01:37.0503 0836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    08:01:37.0534 0836 Boot (0x1200) (d65ab95d09a71f8309ed638a241789f6) \Device\Harddisk0\DR0\Partition0
    08:01:37.0534 0836 \Device\Harddisk0\DR0\Partition0 - ok
    08:01:37.0550 0836 Boot (0x1200) (11661803d7d3128fb56a03ae762674f2) \Device\Harddisk0\DR0\Partition1
    08:01:37.0550 0836 \Device\Harddisk0\DR0\Partition1 - ok
    08:01:37.0581 0836 Boot (0x1200) (82df1a9c8372b9b60c4b12e206cd9d37) \Device\Harddisk0\DR0\Partition2
    08:01:37.0581 0836 \Device\Harddisk0\DR0\Partition2 - ok
    08:01:37.0597 0836 ============================================================
    08:01:37.0597 0836 Scan finished
    08:01:37.0597 0836 ============================================================
    08:01:37.0612 3332 Detected object count: 1
    08:01:37.0612 3332 Actual detected object count: 1
    08:02:14.0323 3332 \Device\Harddisk0\DR0\# - copied to quarantine
    08:02:14.0323 3332 \Device\Harddisk0\DR0 - copied to quarantine
    08:02:14.0354 3332 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    08:02:14.0354 3332 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    08:02:14.0369 3332 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    08:02:14.0385 3332 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    08:02:14.0416 3332 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    08:02:14.0416 3332 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    08:02:14.0416 3332 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    08:02:14.0432 3332 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    08:02:14.0463 3332 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
    08:02:14.0479 3332 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    08:02:14.0494 3332 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    08:02:14.0557 3332 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
    08:02:14.0588 3332 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
    08:02:14.0588 3332 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    08:02:14.0775 3332 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
    08:02:14.0775 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    08:02:14.0775 3332 \Device\Harddisk0\DR0 - ok
    08:02:15.0196 3332 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    08:02:21.0857 2316 Deinitialize success
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,875
    how is it now
     
  8. cortneyluv324

    cortneyluv324 Thread Starter

    Joined:
    Jun 30, 2012
    Messages:
    5
    It's slowly starting to look better. Thank you!

    Some of my files seem to have returned. I've gone through and manually unhid most of my files. I unchecked the read only and hidden boxes under properties. Is this correct?

    Should I keep everything I downloaded for the logs?
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,875
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059112