Jump to content
Sign in to follow this  
azn1993

Please help! Trojan.Dropper.BCMiner and Rootkit.0Access

Recommended Posts

Hey everyone, I have had these google redirects and my computer is infected by Trojan.Dropper.BCMiner and Rootkit.0Access! I have tried many of the solutions online but they are still here. I have tried to download combofix but it automatically crashed to a blue screen while it hasnt finish downloading. Can anyone expert help with this problem or help me to get rid of these infection off my computer? Thanks alot!

I have done the "perform full scan" using Malwarebytes Anti-Malware. Here's the log

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.03.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Erica :: ERICA-PC [administrator]

8/8/2012 12:19:32 PM

mbam-log-2012-08-08 (12-48-58).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 158312

Time elapsed: 29 minute(s), 6 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@ (Rootkit.0Access) -> No action taken.

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

Thanks alot!!!!!!!!!!!

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Share this post


Link to post
Share on other sites

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Erica [Admin rights]

Mode: Scan -- Date: 08/08/2012 13:28:34

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n.) -> FOUND

[ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\erica\appdata\local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\erica\appdata\local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\erica\appdata\local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] c031903ef0e94caca6428ba2553ec33d

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 2d9f73e8480f01623a080c08240fd05d

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 2d9f73e8480f01623a080c08240fd05d

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

thank you for replying!

Share this post


Link to post
Share on other sites

Here you go......

You have two infections:

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by Erica at 08-08-2012 13:42:23

Running from F:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-08-08 13:28 - 2012-08-08 13:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt

2012-08-08 13:27 - 2012-08-08 13:28 - 00000000 ____D C:\Users\Erica\Desktop\RK_Quarantine

2012-08-08 13:02 - 2012-08-08 13:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar

2012-08-08 13:01 - 2012-08-08 13:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt

2012-08-08 13:01 - 2012-08-08 13:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt

2012-08-08 12:40 - 2012-08-08 12:40 - 00607260 ____R (Swearware) C:\Users\Erica\Desktop\dds.scr

2012-08-08 12:00 - 2012-08-08 12:00 - 00262144 ____A C:\Windows\Minidump\080812-37237-01.dmp

2012-08-08 11:37 - 2012-08-08 11:37 - 00266472 ____A C:\Windows\Minidump\080812-22432-01.dmp

2012-08-06 17:12 - 2009-07-13 18:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-08-06 12:25 - 2005-04-25 05:16 - 00253952 ____N (TODO: <Company name>) C:\Windows\SBCDSL.exe

2012-08-06 12:25 - 2002-02-13 19:53 - 00006345 ___RA C:\Windows\SysWOW64\DevMngr.vxd

2012-08-05 15:59 - 2012-08-05 15:59 - 00000000 ____D C:\Users\Erica\Desktop\textbook fall 2012

2012-08-03 17:35 - 2012-08-08 11:37 - 00003922 ____A C:\Windows\PFRO.log

2012-07-30 18:11 - 2012-07-30 18:11 - 00000981 ____A C:\Windows\WindowsUpdate.log

2012-07-30 18:07 - 2012-08-08 11:59 - 00000000 ___SD C:\32788R22FWJFW

2012-07-30 18:07 - 2012-07-30 18:08 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp

2012-07-30 17:54 - 2012-08-08 12:00 - 638726075 ____A C:\Windows\MEMORY.DMP

2012-07-30 17:54 - 2012-08-08 11:37 - 00001232 ____A C:\Windows\setupact.log

2012-07-30 17:54 - 2012-07-30 17:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp

2012-07-30 17:54 - 2012-07-30 17:54 - 00000000 ____A C:\Windows\setuperr.log

2012-07-30 17:36 - 2012-08-08 12:00 - 00000000 ____D C:\Windows\Minidump

2012-07-26 18:02 - 2012-07-26 18:03 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx

2012-07-21 20:45 - 2012-07-21 20:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv

2012-07-21 20:44 - 2012-07-21 20:45 - 00000000 ____D C:\Users\Erica\AppData\Local\{54948630-CFCE-4700-98F4-11609C1F679E}

2012-07-21 20:44 - 2012-07-21 20:44 - 00000000 ____D C:\Users\Erica\AppData\Local\{6695E5A6-25E0-413C-8EE3-17575F20945D}

2012-07-21 09:41 - 2012-07-27 18:43 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt

2012-07-13 15:15 - 2012-07-13 15:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg

2012-07-13 15:14 - 2012-07-14 17:27 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-13 15:14 - 2012-07-13 15:14 - 00000000 ____D C:\Program Files\CCleaner

2012-07-13 14:58 - 2012-07-22 21:14 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job

2012-07-13 14:58 - 2012-07-13 15:08 - 00000000 ____D C:\Users\All Users\RegAce

2012-07-13 14:57 - 2012-07-13 14:57 - 00000000 ____D C:\ComboFix

2012-07-13 14:54 - 2012-08-03 17:48 - 00000000 ____D C:\Windows\erdnt

2012-07-13 14:54 - 2012-07-13 14:56 - 00000000 ____D C:\Qoobox

2012-07-13 11:47 - 2012-07-13 11:47 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-07-12 19:20 - 2012-07-12 19:21 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB

2012-07-12 19:20 - 2012-05-11 11:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

2012-07-12 19:19 - 2012-07-12 19:19 - 00000000 ____D C:\Users\Erica\AppData\Roaming\TestApp

2012-07-12 19:19 - 2012-07-12 19:19 - 00000000 ____D C:\Users\All Users\PC Tools

2012-07-12 19:16 - 2012-07-12 19:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat

2012-07-12 18:36 - 2012-07-12 19:42 - 00000000 ____D C:\Users\All Users\MFAData

2012-07-10 22:44 - 2012-06-11 20:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-10 22:40 - 2012-06-02 05:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-10 22:40 - 2012-06-02 05:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-10 22:40 - 2012-06-02 05:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-10 22:40 - 2012-06-02 05:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-10 22:40 - 2012-06-02 05:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-10 22:40 - 2012-06-02 05:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-10 22:40 - 2012-06-02 05:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-10 22:40 - 2012-06-02 05:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-10 22:40 - 2012-06-02 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-10 22:40 - 2012-06-02 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-10 22:40 - 2012-06-02 04:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-10 22:40 - 2012-06-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-10 22:40 - 2012-06-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-10 22:40 - 2012-06-02 04:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-10 22:40 - 2012-06-02 02:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-10 22:40 - 2012-06-02 01:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-10 22:40 - 2012-06-02 01:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-10 22:40 - 2012-06-02 01:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-10 22:40 - 2012-06-02 01:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-10 22:40 - 2012-06-02 01:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-10 22:40 - 2012-06-02 01:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-10 22:40 - 2012-06-02 01:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-10 22:40 - 2012-06-02 01:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-10 22:40 - 2012-06-02 01:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-10 22:40 - 2012-06-02 01:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-10 22:40 - 2012-06-02 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-10 22:40 - 2012-06-02 01:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-10 22:40 - 2012-06-02 01:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 19:22 - 2012-07-10 19:24 - 00000000 ____D C:\Users\Erica\AppData\Roaming\GetRightToGo

2012-07-10 18:38 - 2012-07-10 18:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk

2012-07-10 18:31 - 2012-07-10 18:31 - 00000000 ____A C:\Windows\LiveUpdate.INI

2012-07-10 17:49 - 2012-06-08 22:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 17:49 - 2012-06-08 21:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 17:49 - 2012-06-05 23:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 17:49 - 2012-06-05 23:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 17:49 - 2012-06-05 22:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 17:49 - 2012-06-05 22:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 17:49 - 2010-06-25 20:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 17:49 - 2010-06-25 20:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-10 17:48 - 2012-06-01 22:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 17:48 - 2012-06-01 22:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 17:48 - 2012-06-01 22:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 17:48 - 2012-06-01 22:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 17:48 - 2012-06-01 22:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 17:48 - 2012-06-01 21:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 17:48 - 2012-06-01 21:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 17:48 - 2012-06-01 21:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 17:48 - 2012-06-01 21:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 17:38 - 2012-06-05 23:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 17:38 - 2012-06-05 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

============ 3 Months Modified Files ========================

2012-08-08 13:28 - 2012-08-08 13:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt

2012-08-08 13:02 - 2012-08-08 13:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar

2012-08-08 13:01 - 2012-08-08 13:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt

2012-08-08 13:01 - 2012-08-08 13:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt

2012-08-08 12:40 - 2012-08-08 12:40 - 00607260 ____R (Swearware) C:\Users\Erica\Desktop\dds.scr

2012-08-08 12:00 - 2012-08-08 12:00 - 00262144 ____A C:\Windows\Minidump\080812-37237-01.dmp

2012-08-08 12:00 - 2012-07-30 17:54 - 638726075 ____A C:\Windows\MEMORY.DMP

2012-08-08 11:45 - 2009-07-13 21:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-08 11:45 - 2009-07-13 21:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-08 11:38 - 2012-06-03 12:56 - 00000380 ____A C:\Users\Erica\AppData\Roaming\sp_data.sys

2012-08-08 11:38 - 2012-04-13 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-08 11:37 - 2012-08-08 11:37 - 00266472 ____A C:\Windows\Minidump\080812-22432-01.dmp

2012-08-08 11:37 - 2012-08-03 17:35 - 00003922 ____A C:\Windows\PFRO.log

2012-08-08 11:37 - 2012-07-30 17:54 - 00001232 ____A C:\Windows\setupact.log

2012-08-08 11:37 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-08 11:32 - 2012-03-26 16:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job

2012-08-06 12:28 - 2011-10-06 16:59 - 00002012 ____A C:\Windows\System32\AutoRunFilter.ini

2012-08-04 00:32 - 2012-03-26 16:21 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job

2012-08-03 17:39 - 2012-04-13 08:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-03 17:39 - 2012-03-05 14:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-30 18:11 - 2012-07-30 18:11 - 00000981 ____A C:\Windows\WindowsUpdate.log

2012-07-30 18:08 - 2012-07-30 18:07 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp

2012-07-30 17:54 - 2012-07-30 17:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp

2012-07-30 17:54 - 2012-07-30 17:54 - 00000000 ____A C:\Windows\setuperr.log

2012-07-29 22:47 - 2009-07-13 22:13 - 00745942 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-27 18:43 - 2012-07-21 09:41 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt

2012-07-26 18:03 - 2012-07-26 18:02 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx

2012-07-22 21:14 - 2012-07-13 14:58 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job

2012-07-21 20:45 - 2012-07-21 20:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv

2012-07-14 17:27 - 2012-07-13 15:14 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-14 10:00 - 2011-10-06 16:59 - 00001396 ____A C:\Windows\System32\ServiceFilter.ini

2012-07-13 15:15 - 2012-07-13 15:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg

2012-07-12 19:21 - 2012-07-12 19:20 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB

2012-07-12 19:16 - 2012-07-12 19:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat

2012-07-11 17:56 - 2009-07-13 21:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-10 22:44 - 2009-07-13 19:34 - 00000478 ____A C:\Windows\win.ini

2012-07-10 22:41 - 2012-02-29 18:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 18:38 - 2012-07-10 18:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk

2012-07-10 18:31 - 2012-07-10 18:31 - 00000000 ____A C:\Windows\LiveUpdate.INI

2012-07-07 17:09 - 2012-07-07 17:09 - 00000312 ____A C:\rkill.log

2012-06-17 20:16 - 2012-05-24 15:12 - 00005632 ____A C:\Users\Erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-12 09:09 - 2009-07-13 22:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-06-11 20:08 - 2012-07-10 22:44 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 22:43 - 2012-07-10 17:49 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 21:41 - 2012-07-10 17:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 18:45 - 2012-06-06 18:45 - 00759334 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-06-05 23:06 - 2012-07-10 17:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 23:06 - 2012-07-10 17:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 23:02 - 2012-07-10 17:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 22:05 - 2012-07-10 17:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 22:05 - 2012-07-10 17:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 22:03 - 2012-07-10 17:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 15:26 - 2012-06-05 15:26 - 00001510 ____A C:\Users\Erica\Desktop\Warcraft III.lnk

2012-06-05 15:26 - 2012-06-05 15:24 - 00015153 ____A C:\Windows\War3Unin.dat

2012-06-05 15:24 - 2012-06-05 15:24 - 00126976 ____A (Blizzard Entertainment) C:\Windows\War3Unin.exe

2012-06-05 15:24 - 2012-06-05 15:24 - 00002829 ____A C:\Windows\War3Unin.pif

2012-06-03 12:59 - 2011-10-06 16:59 - 00000080 ____A C:\Windows\System32\Defrag.ini

2012-06-03 12:58 - 2011-10-06 16:46 - 00000184 ____A C:\setup.log

2012-06-03 12:52 - 2012-02-19 21:57 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2012-06-03 08:45 - 2011-10-06 16:51 - 00002490 ____A C:\RHDSetup.log

2012-06-02 15:19 - 2012-06-21 17:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 15:19 - 2012-06-21 17:03 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 15:19 - 2012-06-21 17:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 15:19 - 2012-06-21 17:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 15:19 - 2012-06-21 17:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 15:19 - 2012-06-21 17:03 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 15:15 - 2012-06-21 17:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 15:15 - 2012-06-21 17:03 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 15:15 - 2012-06-21 17:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 05:49 - 2012-07-10 22:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 05:17 - 2012-07-10 22:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 05:12 - 2012-07-10 22:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 05:05 - 2012-07-10 22:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 05:05 - 2012-07-10 22:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 05:04 - 2012-07-10 22:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 05:04 - 2012-07-10 22:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 05:03 - 2012-07-10 22:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 05:01 - 2012-07-10 22:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 05:00 - 2012-07-10 22:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 04:59 - 2012-07-10 22:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 04:57 - 2012-07-10 22:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 04:57 - 2012-07-10 22:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 04:54 - 2012-07-10 22:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 02:07 - 2012-07-10 22:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 01:43 - 2012-07-10 22:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 01:33 - 2012-07-10 22:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 01:26 - 2012-07-10 22:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 01:25 - 2012-07-10 22:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 01:25 - 2012-07-10 22:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 01:23 - 2012-07-10 22:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 01:21 - 2012-07-10 22:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 01:20 - 2012-07-10 22:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 01:19 - 2012-07-10 22:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 01:19 - 2012-07-10 22:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 01:17 - 2012-07-10 22:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 01:16 - 2012-07-10 22:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 01:14 - 2012-07-10 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 22:50 - 2012-07-10 17:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 22:48 - 2012-07-10 17:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 22:48 - 2012-07-10 17:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 22:45 - 2012-07-10 17:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 22:44 - 2012-07-10 17:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 21:40 - 2012-07-10 17:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 21:40 - 2012-07-10 17:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 21:39 - 2012-07-10 17:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 21:34 - 2012-07-10 17:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-11 11:14 - 2012-07-12 19:20 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

ZeroAccess:

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\1afb2d56

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\201d3dde

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@

ZeroAccess:

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 40%

Total physical RAM: 4000.13 MB

Available physical RAM: 2386.8 MB

Total Pagefile: 7998.45 MB

Available Pagefile: 6527.03 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:134.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.35 GB) NTFS

3 Drive e: (Warcraft III) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

4 Drive f: (ERICA) (Removable) (Total:7.47 GB) (Free:0.43 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB

Disk 1 Online 7663 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 25 GB 1024 KB

Partition 2 Primary 186 GB 25 GB

Partition 0 Extended 254 GB 211 GB

Partition 3 Logical 254 GB 211 GB

==================================================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS NTFS Partition 186 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D DATA NTFS Partition 254 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F ERICA FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 09:58

======================= End Of Log ==========================

Share this post


Link to post
Share on other sites

Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by Erica at 2012-08-08 13:43:26

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 16:19] - [2009-07-13 18:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 16:19] - [2009-07-13 18:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Share this post


Link to post
Share on other sites
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

You didn't run the tool properly > please try it again....MrC

W7-RE02.jpg

66b9e3c2-bb67-47bf-802c-b753b54bcc19_48.jpg

Share this post


Link to post
Share on other sites

I apologized for misreading the instruction

and I have just did the scan from the recovery tool.

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 08-08-2012 14:16:24

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-06-01] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391960 2011-06-01] (Intel Corporation)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2277480 2011-08-16] (Realtek Semiconductor)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-06] ()

HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)

HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-02-21] (RealNetworks, Inc.)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)

HKU\Erica\...\Run: [Facebook Update] "C:\Users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)

HKU\Erica\...\Run: [Google Update] "C:\Users\Erica\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-26] (Google Inc.)

HKU\Erica\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)

HKU\Erica\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n. ATTENTION! ====> ZeroAccess

Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS)

2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)

3 SonicStage Back-End Service; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe" [112184 2007-02-05] (Sony Corporation)

3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)

3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)

1 ATKWMIACPIIO_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)

3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )

2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)

2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)

2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)

1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-08 12:42 - 2012-08-08 12:42 - 00000000 ____D C:\FRST

2012-08-08 12:28 - 2012-08-08 12:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt

2012-08-08 12:27 - 2012-08-08 12:28 - 00000000 ____D C:\Users\Erica\Desktop\RK_Quarantine

2012-08-08 12:02 - 2012-08-08 12:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar

2012-08-08 12:01 - 2012-08-08 12:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt

2012-08-08 12:01 - 2012-08-08 12:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt

2012-08-05 14:59 - 2012-08-05 14:59 - 00000000 ____D C:\Users\Erica\Desktop\textbook fall 2012

2012-08-03 16:35 - 2012-08-03 16:35 - 00002202 ____A C:\Windows\PFRO.log

2012-07-30 17:11 - 2012-07-30 17:11 - 00000981 ____A C:\Windows\WindowsUpdate.log

2012-07-30 17:07 - 2012-08-08 14:14 - 00000000 ___SD C:\32788R22FWJFW

2012-07-30 17:07 - 2012-07-30 17:08 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp

2012-07-30 16:54 - 2012-08-06 10:39 - 00000616 ____A C:\Windows\setupact.log

2012-07-30 16:54 - 2012-07-30 17:07 - 484876219 ____A C:\Windows\MEMORY.DMP

2012-07-30 16:54 - 2012-07-30 16:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp

2012-07-30 16:54 - 2012-07-30 16:54 - 00000000 ____A C:\Windows\setuperr.log

2012-07-30 16:36 - 2012-07-30 17:14 - 00000000 ____D C:\Windows\Minidump

2012-07-26 17:02 - 2012-07-26 17:03 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx

2012-07-25 22:16 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-07-21 19:45 - 2012-07-21 19:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv

2012-07-21 19:44 - 2012-07-21 19:45 - 00000000 ____D C:\Users\Erica\AppData\Local\{54948630-CFCE-4700-98F4-11609C1F679E}

2012-07-21 19:44 - 2012-07-21 19:44 - 00000000 ____D C:\Users\Erica\AppData\Local\{6695E5A6-25E0-413C-8EE3-17575F20945D}

2012-07-21 08:41 - 2012-07-27 17:43 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt

2012-07-13 14:15 - 2012-07-13 14:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg

2012-07-13 14:14 - 2012-07-14 16:27 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-13 14:14 - 2012-07-13 14:14 - 00000000 ____D C:\Program Files\CCleaner

2012-07-13 13:58 - 2012-07-22 20:14 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job

2012-07-13 13:58 - 2012-07-13 14:08 - 00000000 ____D C:\Users\All Users\RegAce

2012-07-13 13:57 - 2012-07-13 13:57 - 00000000 ____D C:\ComboFix

2012-07-13 13:54 - 2012-08-08 14:14 - 00000000 ____D C:\Windows\erdnt

2012-07-13 13:54 - 2012-07-13 13:56 - 00000000 ____D C:\Qoobox

2012-07-13 10:47 - 2012-07-13 10:47 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-07-12 18:20 - 2012-07-12 18:21 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB

2012-07-12 18:20 - 2012-05-11 10:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

2012-07-12 18:19 - 2012-07-12 18:19 - 00000000 ____D C:\Users\Erica\AppData\Roaming\TestApp

2012-07-12 18:19 - 2012-07-12 18:19 - 00000000 ____D C:\Users\All Users\PC Tools

2012-07-12 18:16 - 2012-07-12 18:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat

2012-07-12 17:36 - 2012-07-12 18:42 - 00000000 ____D C:\Users\All Users\MFAData

2012-07-10 21:44 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-10 21:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-10 21:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-10 21:40 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-10 21:40 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-10 21:40 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-10 21:40 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-10 21:40 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-10 21:40 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-10 21:40 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-10 21:40 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-10 21:40 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-10 21:40 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-10 21:40 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-10 21:40 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-10 21:40 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-10 21:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-10 21:40 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-10 21:40 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-10 21:40 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-10 21:40 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-10 21:40 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-10 21:40 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-10 21:40 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-10 21:40 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-10 21:40 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-10 21:40 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-10 21:40 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-10 21:40 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 18:22 - 2012-07-10 18:24 - 00000000 ____D C:\Users\Erica\AppData\Roaming\GetRightToGo

2012-07-10 17:38 - 2012-07-10 17:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk

2012-07-10 17:31 - 2012-07-10 17:31 - 00000000 ____A C:\Windows\LiveUpdate.INI

2012-07-10 16:49 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 16:49 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 16:49 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 16:49 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 16:49 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 16:49 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 16:49 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 16:49 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-10 16:48 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 16:48 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 16:48 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 16:48 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 16:48 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 16:48 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 16:48 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 16:48 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 16:48 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 16:38 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 16:38 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

============ 3 Months Modified Files ========================

2012-08-08 12:28 - 2012-08-08 12:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt

2012-08-08 12:02 - 2012-08-08 12:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar

2012-08-08 12:01 - 2012-08-08 12:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt

2012-08-08 12:01 - 2012-08-08 12:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt

2012-08-06 10:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-06 10:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-06 10:40 - 2012-06-03 11:56 - 00000380 ____A C:\Users\Erica\AppData\Roaming\sp_data.sys

2012-08-06 10:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-06 10:39 - 2012-07-30 16:54 - 00000616 ____A C:\Windows\setupact.log

2012-08-05 22:38 - 2012-04-13 07:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-05 22:35 - 2012-03-09 23:25 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job

2012-08-05 22:32 - 2012-03-26 15:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job

2012-08-03 23:32 - 2012-03-26 15:21 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job

2012-08-03 16:39 - 2012-04-13 07:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-03 16:39 - 2012-03-05 13:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-03 16:35 - 2012-08-03 16:35 - 00002202 ____A C:\Windows\PFRO.log

2012-07-30 17:11 - 2012-07-30 17:11 - 00000981 ____A C:\Windows\WindowsUpdate.log

2012-07-30 17:08 - 2012-07-30 17:07 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp

2012-07-30 17:07 - 2012-07-30 16:54 - 484876219 ____A C:\Windows\MEMORY.DMP

2012-07-30 16:54 - 2012-07-30 16:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp

2012-07-30 16:54 - 2012-07-30 16:54 - 00000000 ____A C:\Windows\setuperr.log

2012-07-29 21:47 - 2009-07-13 21:13 - 00745942 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-29 19:35 - 2012-03-09 23:25 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job

2012-07-27 17:43 - 2012-07-21 08:41 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt

2012-07-26 17:03 - 2012-07-26 17:02 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx

2012-07-22 20:14 - 2012-07-13 13:58 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job

2012-07-21 19:45 - 2012-07-21 19:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv

2012-07-14 16:27 - 2012-07-13 14:14 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-14 09:00 - 2011-10-06 15:59 - 00001976 ____A C:\Windows\System32\AutoRunFilter.ini

2012-07-14 09:00 - 2011-10-06 15:59 - 00001396 ____A C:\Windows\System32\ServiceFilter.ini

2012-07-13 14:15 - 2012-07-13 14:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg

2012-07-12 18:21 - 2012-07-12 18:20 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB

2012-07-12 18:16 - 2012-07-12 18:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat

2012-07-11 16:56 - 2009-07-13 20:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-10 21:44 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-07-10 21:41 - 2012-02-29 17:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 17:38 - 2012-07-10 17:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk

2012-07-10 17:31 - 2012-07-10 17:31 - 00000000 ____A C:\Windows\LiveUpdate.INI

2012-07-07 16:09 - 2012-07-07 16:09 - 00000312 ____A C:\rkill.log

2012-06-17 19:16 - 2012-05-24 14:12 - 00005632 ____A C:\Users\Erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-12 08:09 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-06-11 19:08 - 2012-07-10 21:44 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-10 16:49 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 16:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 17:45 - 2012-06-06 17:45 - 00759334 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-06-05 22:06 - 2012-07-10 16:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 16:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 16:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 16:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 16:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 16:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 14:26 - 2012-06-05 14:26 - 00001510 ____A C:\Users\Erica\Desktop\Warcraft III.lnk

2012-06-05 14:26 - 2012-06-05 14:24 - 00015153 ____A C:\Windows\War3Unin.dat

2012-06-05 14:24 - 2012-06-05 14:24 - 00126976 ____A (Blizzard Entertainment) C:\Windows\War3Unin.exe

2012-06-05 14:24 - 2012-06-05 14:24 - 00002829 ____A C:\Windows\War3Unin.pif

2012-06-03 11:59 - 2011-10-06 15:59 - 00000080 ____A C:\Windows\System32\Defrag.ini

2012-06-03 11:58 - 2011-10-06 15:46 - 00000184 ____A C:\setup.log

2012-06-03 11:52 - 2012-02-19 20:57 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2012-06-03 07:45 - 2011-10-06 15:51 - 00002490 ____A C:\RHDSetup.log

2012-06-02 14:19 - 2012-06-21 16:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 16:03 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 16:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:19 - 2012-06-21 16:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 16:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 16:03 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 16:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 16:03 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-21 16:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-10 21:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-10 21:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-10 21:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-10 21:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-10 21:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-10 21:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-10 21:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-10 21:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-10 21:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-10 21:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-10 21:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-10 21:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-10 21:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-10 21:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-10 21:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-10 21:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-10 21:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-10 21:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-10 21:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-10 21:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-10 21:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-10 21:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-10 21:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-10 21:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-10 21:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-10 21:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-10 21:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-10 21:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-10 16:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 16:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 16:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 16:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 16:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 16:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 16:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 16:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 16:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-11 10:14 - 2012-07-12 18:20 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

ZeroAccess:

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\1afb2d56

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\201d3dde

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@

ZeroAccess:

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 4000.13 MB

Available physical RAM: 3427.27 MB

Total Pagefile: 3998.28 MB

Available Pagefile: 3416.66 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:134.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.35 GB) NTFS

3 Drive e: (Warcraft III) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

4 Drive f: (ERICA) (Removable) (Total:7.47 GB) (Free:0.43 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB

Disk 1 Online 7663 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 25 GB 1024 KB

Partition 2 Primary 186 GB 25 GB

Partition 0 Extended 254 GB 211 GB

Partition 3 Logical 254 GB 211 GB

==================================================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS NTFS Partition 186 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D DATA NTFS Partition 254 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F ERICA FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 08:58

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-08 14:18:00

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Share this post


Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

MBR infection also!!!!

Share this post


Link to post
Share on other sites

okay I have followed the instruction and heres the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-08 14:35:04 Run:1

Running from F:\

==============================================

C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54} moved successfully.

C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

thanks.

Share this post


Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

Okay, that's what I got.

14:52:56.0349 3724 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:52:58.0352 3724 ============================================================

14:52:58.0352 3724 Current date / time: 2012/08/08 14:52:58.0352

14:52:58.0352 3724 SystemInfo:

14:52:58.0352 3724

14:52:58.0352 3724 OS Version: 6.1.7601 ServicePack: 1.0

14:52:58.0352 3724 Product type: Workstation

14:52:58.0352 3724 ComputerName: ERICA-PC

14:52:58.0352 3724 UserName: Erica

14:52:58.0352 3724 Windows directory: C:\Windows

14:52:58.0352 3724 System windows directory: C:\Windows

14:52:58.0352 3724 Running under WOW64

14:52:58.0352 3724 Processor architecture: Intel x64

14:52:58.0352 3724 Number of processors: 4

14:52:58.0352 3724 Page size: 0x1000

14:52:58.0352 3724 Boot type: Normal boot

14:52:58.0352 3724 ============================================================

14:52:58.0789 3724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:52:58.0794 3724 Drive \Device\Harddisk1\DR1 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:52:58.0795 3724 ============================================================

14:52:58.0795 3724 \Device\Harddisk0\DR0:

14:52:58.0796 3724 MBR partitions:

14:52:58.0796 3724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000

14:52:58.0816 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800

14:52:58.0816 3724 \Device\Harddisk1\DR1:

14:52:58.0816 3724 MBR partitions:

14:52:58.0816 3724 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4

14:52:58.0816 3724 ============================================================

14:52:58.0864 3724 C: <-> \Device\Harddisk0\DR0\Partition0

14:52:58.0899 3724 D: <-> \Device\Harddisk0\DR0\Partition1

14:52:58.0899 3724 ============================================================

14:52:58.0899 3724 Initialize success

14:52:58.0899 3724 ============================================================

14:53:00.0285 4544 ============================================================

14:53:00.0285 4544 Scan started

14:53:00.0285 4544 Mode: Manual;

14:53:00.0285 4544 ============================================================

14:53:01.0055 4544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:53:01.0072 4544 1394ohci - ok

14:53:01.0120 4544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:53:01.0125 4544 ACPI - ok

14:53:01.0158 4544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:53:01.0159 4544 AcpiPmi - ok

14:53:01.0352 4544 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:53:01.0367 4544 AdobeFlashPlayerUpdateSvc - ok

14:53:01.0468 4544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:53:01.0490 4544 adp94xx - ok

14:53:01.0543 4544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:53:01.0547 4544 adpahci - ok

14:53:01.0576 4544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:53:01.0581 4544 adpu320 - ok

14:53:01.0620 4544 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:53:01.0621 4544 AeLookupSvc - ok

14:53:01.0754 4544 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe

14:53:01.0761 4544 AFBAgent - ok

14:53:01.0888 4544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:53:01.0913 4544 AFD - ok

14:53:01.0952 4544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:53:01.0954 4544 agp440 - ok

14:53:01.0977 4544 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:53:01.0979 4544 ALG - ok

14:53:02.0001 4544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:53:02.0002 4544 aliide - ok

14:53:02.0009 4544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:53:02.0010 4544 amdide - ok

14:53:02.0033 4544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:53:02.0034 4544 AmdK8 - ok

14:53:02.0043 4544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

14:53:02.0044 4544 AmdPPM - ok

14:53:02.0116 4544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:53:02.0118 4544 amdsata - ok

14:53:02.0199 4544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:53:02.0214 4544 amdsbs - ok

14:53:02.0234 4544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:53:02.0235 4544 amdxata - ok

14:53:02.0375 4544 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

14:53:02.0411 4544 Amsp - ok

14:53:02.0452 4544 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

14:53:02.0453 4544 androidusb - ok

14:53:02.0498 4544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:53:02.0499 4544 AppID - ok

14:53:02.0528 4544 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:53:02.0529 4544 AppIDSvc - ok

14:53:02.0571 4544 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:53:02.0573 4544 Appinfo - ok

14:53:02.0677 4544 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:53:02.0679 4544 Apple Mobile Device - ok

14:53:02.0758 4544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:53:02.0759 4544 arc - ok

14:53:02.0772 4544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:53:02.0775 4544 arcsas - ok

14:53:02.0856 4544 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

14:53:02.0857 4544 ASLDRService - ok

14:53:02.0897 4544 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

14:53:02.0897 4544 ASMMAP64 - ok

14:53:02.0945 4544 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys

14:53:02.0947 4544 asmthub3 - ok

14:53:03.0047 4544 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys

14:53:03.0049 4544 asmtxhci - ok

14:53:03.0106 4544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:53:03.0107 4544 AsyncMac - ok

14:53:03.0148 4544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:53:03.0149 4544 atapi - ok

14:53:03.0411 4544 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys

14:53:03.0463 4544 athr - ok

14:53:03.0575 4544 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

14:53:03.0576 4544 ATKGFNEXSrv - ok

14:53:03.0641 4544 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

14:53:03.0641 4544 ATKWMIACPIIO_ - ok

14:53:03.0814 4544 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:53:03.0823 4544 AudioEndpointBuilder - ok

14:53:03.0830 4544 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:53:03.0834 4544 AudioSrv - ok

14:53:03.0862 4544 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:53:03.0864 4544 AxInstSV - ok

14:53:03.0946 4544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:53:03.0958 4544 b06bdrv - ok

14:53:04.0013 4544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:53:04.0028 4544 b57nd60a - ok

14:53:04.0126 4544 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

14:53:04.0133 4544 BBSvc - ok

14:53:04.0189 4544 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:53:04.0191 4544 BDESVC - ok

14:53:04.0238 4544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:53:04.0240 4544 Beep - ok

14:53:04.0280 4544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:53:04.0281 4544 blbdrive - ok

14:53:04.0413 4544 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:53:04.0480 4544 Bonjour Service - ok

14:53:04.0527 4544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:53:04.0529 4544 bowser - ok

14:53:04.0544 4544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:53:04.0545 4544 BrFiltLo - ok

14:53:04.0549 4544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:53:04.0550 4544 BrFiltUp - ok

14:53:04.0584 4544 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

14:53:04.0585 4544 BridgeMP - ok

14:53:04.0618 4544 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:53:04.0620 4544 Browser - ok

14:53:04.0644 4544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:53:04.0648 4544 Brserid - ok

14:53:04.0665 4544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:53:04.0708 4544 BrSerWdm - ok

14:53:04.0712 4544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:53:04.0713 4544 BrUsbMdm - ok

14:53:04.0719 4544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:53:04.0720 4544 BrUsbSer - ok

14:53:04.0764 4544 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

14:53:04.0765 4544 BthEnum - ok

14:53:04.0773 4544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:53:04.0774 4544 BTHMODEM - ok

14:53:04.0786 4544 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

14:53:04.0788 4544 BthPan - ok

14:53:04.0842 4544 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

14:53:04.0852 4544 BTHPORT - ok

14:53:04.0875 4544 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:53:04.0876 4544 bthserv - ok

14:53:04.0910 4544 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

14:53:04.0911 4544 BTHUSB - ok

14:53:04.0936 4544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:53:04.0949 4544 cdfs - ok

14:53:04.0992 4544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:53:05.0002 4544 cdrom - ok

14:53:05.0041 4544 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:53:05.0042 4544 CertPropSvc - ok

14:53:05.0079 4544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:53:05.0081 4544 circlass - ok

14:53:05.0127 4544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:53:05.0131 4544 CLFS - ok

14:53:05.0254 4544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:53:05.0284 4544 clr_optimization_v2.0.50727_32 - ok

14:53:05.0373 4544 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:53:05.0377 4544 clr_optimization_v2.0.50727_64 - ok

14:53:05.0464 4544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:53:05.0492 4544 clr_optimization_v4.0.30319_32 - ok

14:53:05.0556 4544 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:53:05.0559 4544 clr_optimization_v4.0.30319_64 - ok

14:53:05.0616 4544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:53:05.0617 4544 CmBatt - ok

14:53:05.0636 4544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:53:05.0637 4544 cmdide - ok

14:53:05.0703 4544 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

14:53:05.0709 4544 CNG - ok

14:53:05.0726 4544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:53:05.0727 4544 Compbatt - ok

14:53:05.0756 4544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:53:05.0757 4544 CompositeBus - ok

14:53:05.0769 4544 COMSysApp - ok

14:53:05.0783 4544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:53:05.0785 4544 crcdisk - ok

14:53:05.0825 4544 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

14:53:05.0833 4544 CryptSvc - ok

14:53:05.0908 4544 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:53:05.0914 4544 DcomLaunch - ok

14:53:05.0966 4544 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:53:05.0973 4544 defragsvc - ok

14:53:05.0995 4544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:53:05.0997 4544 DfsC - ok

14:53:06.0047 4544 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:53:06.0057 4544 Dhcp - ok

14:53:06.0080 4544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:53:06.0082 4544 discache - ok

14:53:06.0119 4544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:53:06.0120 4544 Disk - ok

14:53:06.0175 4544 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:53:06.0182 4544 Dnscache - ok

14:53:06.0216 4544 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:53:06.0228 4544 dot3svc - ok

14:53:06.0282 4544 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:53:06.0292 4544 DPS - ok

14:53:06.0310 4544 Scan interrupted by user!

14:53:06.0310 4544 Scan interrupted by user!

14:53:06.0310 4544 Scan interrupted by user!

14:53:06.0310 4544 ============================================================

14:53:06.0310 4544 Scan finished

14:53:06.0310 4544 ============================================================

14:53:06.0318 4148 Detected object count: 0

14:53:06.0318 4148 Actual detected object count: 0

14:53:22.0865 4884 ============================================================

14:53:22.0865 4884 Scan started

14:53:22.0865 4884 Mode: Manual; SigCheck; TDLFS;

14:53:22.0865 4884 ============================================================

14:53:23.0508 4884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:53:23.0592 4884 1394ohci - ok

14:53:23.0643 4884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:53:23.0662 4884 ACPI - ok

14:53:23.0665 4884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:53:23.0748 4884 AcpiPmi - ok

14:53:23.0909 4884 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:53:23.0922 4884 AdobeFlashPlayerUpdateSvc - ok

14:53:24.0034 4884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:53:24.0050 4884 adp94xx - ok

14:53:24.0091 4884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:53:24.0105 4884 adpahci - ok

14:53:24.0128 4884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:53:24.0139 4884 adpu320 - ok

14:53:24.0186 4884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:53:24.0327 4884 AeLookupSvc - ok

14:53:24.0402 4884 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe

14:53:24.0420 4884 AFBAgent - ok

14:53:24.0496 4884 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:53:24.0562 4884 AFD - ok

14:53:24.0595 4884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:53:24.0605 4884 agp440 - ok

14:53:24.0632 4884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:53:24.0697 4884 ALG - ok

14:53:24.0700 4884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:53:24.0710 4884 aliide - ok

14:53:24.0717 4884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:53:24.0728 4884 amdide - ok

14:53:24.0740 4884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:53:24.0797 4884 AmdK8 - ok

14:53:24.0804 4884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

14:53:24.0857 4884 AmdPPM - ok

14:53:24.0893 4884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:53:24.0905 4884 amdsata - ok

14:53:24.0929 4884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:53:24.0941 4884 amdsbs - ok

14:53:24.0967 4884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:53:24.0976 4884 amdxata - ok

14:53:25.0065 4884 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

14:53:25.0076 4884 Amsp - ok

14:53:25.0107 4884 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

14:53:25.0147 4884 androidusb - ok

14:53:25.0154 4884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:53:25.0374 4884 AppID - ok

14:53:25.0438 4884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:53:25.0499 4884 AppIDSvc - ok

14:53:25.0549 4884 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:53:25.0597 4884 Appinfo - ok

14:53:25.0687 4884 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:53:25.0696 4884 Apple Mobile Device - ok

14:53:25.0734 4884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:53:25.0744 4884 arc - ok

14:53:25.0754 4884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:53:25.0764 4884 arcsas - ok

14:53:25.0832 4884 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

14:53:25.0843 4884 ASLDRService - ok

14:53:25.0885 4884 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

14:53:25.0896 4884 ASMMAP64 - ok

14:53:25.0936 4884 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys

14:53:25.0985 4884 asmthub3 - ok

14:53:26.0044 4884 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys

14:53:26.0091 4884 asmtxhci - ok

14:53:26.0129 4884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:53:26.0192 4884 AsyncMac - ok

14:53:26.0215 4884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:53:26.0224 4884 atapi - ok

14:53:26.0421 4884 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys

14:53:26.0503 4884 athr - ok

14:53:26.0609 4884 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

14:53:26.0621 4884 ATKGFNEXSrv - ok

14:53:26.0641 4884 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

14:53:26.0648 4884 ATKWMIACPIIO_ - ok

14:53:26.0804 4884 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:53:26.0862 4884 AudioEndpointBuilder - ok

14:53:26.0875 4884 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:53:26.0919 4884 AudioSrv - ok

14:53:26.0949 4884 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:53:27.0031 4884 AxInstSV - ok

14:53:27.0108 4884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:53:27.0151 4884 b06bdrv - ok

14:53:27.0188 4884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:53:27.0222 4884 b57nd60a - ok

14:53:27.0324 4884 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

14:53:27.0336 4884 BBSvc - ok

14:53:27.0379 4884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:53:27.0422 4884 BDESVC - ok

14:53:27.0437 4884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:53:27.0502 4884 Beep - ok

14:53:27.0536 4884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:53:27.0571 4884 blbdrive - ok

14:53:27.0687 4884 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:53:27.0702 4884 Bonjour Service - ok

14:53:27.0738 4884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:53:27.0776 4884 bowser - ok

14:53:27.0788 4884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:53:27.0837 4884 BrFiltLo - ok

14:53:27.0840 4884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:53:27.0858 4884 BrFiltUp - ok

14:53:27.0870 4884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

14:53:27.0922 4884 BridgeMP - ok

14:53:27.0974 4884 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:53:28.0035 4884 Browser - ok

14:53:28.0073 4884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:53:28.0117 4884 Brserid - ok

14:53:28.0124 4884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:53:28.0158 4884 BrSerWdm - ok

14:53:28.0161 4884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:53:28.0181 4884 BrUsbMdm - ok

14:53:28.0185 4884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:53:28.0203 4884 BrUsbSer - ok

14:53:28.0240 4884 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

14:53:28.0268 4884 BthEnum - ok

14:53:28.0280 4884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:53:28.0324 4884 BTHMODEM - ok

14:53:28.0340 4884 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

14:53:28.0366 4884 BthPan - ok

14:53:28.0415 4884 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

14:53:28.0463 4884 BTHPORT - ok

14:53:28.0505 4884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:53:28.0557 4884 bthserv - ok

14:53:28.0583 4884 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

14:53:28.0625 4884 BTHUSB - ok

14:53:28.0670 4884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:53:28.0721 4884 cdfs - ok

14:53:28.0747 4884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:53:28.0772 4884 cdrom - ok

14:53:28.0802 4884 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:53:28.0860 4884 CertPropSvc - ok

14:53:28.0880 4884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:53:28.0904 4884 circlass - ok

14:53:28.0980 4884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:53:28.0994 4884 CLFS - ok

14:53:29.0087 4884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:53:29.0098 4884 clr_optimization_v2.0.50727_32 - ok

14:53:29.0150 4884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:53:29.0159 4884 clr_optimization_v2.0.50727_64 - ok

14:53:29.0218 4884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:53:29.0227 4884 clr_optimization_v4.0.30319_32 - ok

14:53:29.0305 4884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:53:29.0321 4884 clr_optimization_v4.0.30319_64 - ok

14:53:29.0341 4884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:53:29.0366 4884 CmBatt - ok

14:53:29.0391 4884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:53:29.0400 4884 cmdide - ok

14:53:29.0471 4884 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

14:53:29.0510 4884 CNG - ok

14:53:29.0523 4884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:53:29.0533 4884 Compbatt - ok

14:53:29.0544 4884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:53:29.0578 4884 CompositeBus - ok

14:53:29.0581 4884 COMSysApp - ok

14:53:29.0588 4884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:53:29.0598 4884 crcdisk - ok

14:53:29.0645 4884 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

14:53:29.0691 4884 CryptSvc - ok

14:53:29.0755 4884 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:53:29.0808 4884 DcomLaunch - ok

14:53:29.0861 4884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:53:29.0916 4884 defragsvc - ok

14:53:29.0949 4884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:53:30.0001 4884 DfsC - ok

14:53:30.0046 4884 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:53:30.0109 4884 Dhcp - ok

14:53:30.0148 4884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:53:30.0200 4884 discache - ok

14:53:30.0228 4884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:53:30.0238 4884 Disk - ok

14:53:30.0275 4884 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:53:30.0325 4884 Dnscache - ok

14:53:30.0369 4884 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:53:30.0413 4884 dot3svc - ok

14:53:30.0448 4884 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:53:30.0506 4884 DPS - ok

14:53:30.0532 4884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:53:30.0568 4884 drmkaud - ok

14:53:30.0646 4884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:53:30.0670 4884 DXGKrnl - ok

14:53:30.0705 4884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:53:30.0756 4884 EapHost - ok

14:53:30.0943 4884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:53:31.0031 4884 ebdrv - ok

14:53:31.0177 4884 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:53:31.0234 4884 EFS - ok

14:53:31.0361 4884 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:53:31.0463 4884 ehRecvr - ok

14:53:31.0495 4884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:53:31.0548 4884 ehSched - ok

14:53:31.0649 4884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:53:31.0674 4884 elxstor - ok

14:53:31.0677 4884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:53:31.0703 4884 ErrDev - ok

14:53:31.0757 4884 ETD (4c120d2b2ea269eae7a5744794eb6db1) C:\Windows\system32\DRIVERS\ETD.sys

14:53:31.0767 4884 ETD - ok

14:53:31.0826 4884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:53:31.0896 4884 EventSystem - ok

14:53:31.0925 4884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:53:31.0976 4884 exfat - ok

14:53:32.0013 4884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:53:32.0081 4884 fastfat - ok

14:53:32.0156 4884 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:53:32.0213 4884 Fax - ok

14:53:32.0220 4884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

14:53:32.0249 4884 fdc - ok

14:53:32.0278 4884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:53:32.0340 4884 fdPHost - ok

14:53:32.0373 4884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:53:32.0420 4884 FDResPub - ok

14:53:32.0456 4884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:53:32.0466 4884 FileInfo - ok

14:53:32.0487 4884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:53:32.0574 4884 Filetrace - ok

14:53:32.0587 4884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

14:53:32.0608 4884 flpydisk - ok

14:53:32.0646 4884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:53:32.0665 4884 FltMgr - ok

14:53:32.0750 4884 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:53:32.0829 4884 FontCache - ok

14:53:32.0901 4884 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:53:32.0909 4884 FontCache3.0.0.0 - ok

14:53:32.0973 4884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:53:32.0983 4884 FsDepends - ok

14:53:33.0023 4884 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

14:53:33.0031 4884 fssfltr - ok

14:53:33.0261 4884 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

14:53:33.0319 4884 fsssvc - ok

14:53:33.0470 4884 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

14:53:33.0481 4884 Fs_Rec - ok

14:53:33.0549 4884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:53:33.0564 4884 fvevol - ok

14:53:33.0599 4884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:53:33.0609 4884 gagp30kx - ok

14:53:33.0658 4884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:53:33.0665 4884 GEARAspiWDM - ok

14:53:33.0741 4884 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:53:33.0796 4884 gpsvc - ok

14:53:33.0912 4884 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

14:53:33.0927 4884 gusvc - ok

14:53:33.0958 4884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:53:33.0992 4884 hcw85cir - ok

14:53:34.0051 4884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:53:34.0089 4884 HdAudAddService - ok

14:53:34.0133 4884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:53:34.0169 4884 HDAudBus - ok

14:53:34.0175 4884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:53:34.0227 4884 HidBatt - ok

14:53:34.0237 4884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

14:53:34.0301 4884 HidBth - ok

14:53:34.0307 4884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:53:34.0321 4884 HidIr - ok

14:53:34.0354 4884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

14:53:34.0399 4884 hidserv - ok

14:53:34.0432 4884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:53:34.0460 4884 HidUsb - ok

14:53:34.0499 4884 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:53:34.0552 4884 hkmsvc - ok

14:53:34.0593 4884 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:53:34.0645 4884 HomeGroupListener - ok

14:53:34.0685 4884 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:53:34.0734 4884 HomeGroupProvider - ok

14:53:34.0757 4884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:53:34.0768 4884 HpSAMD - ok

14:53:34.0838 4884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:53:34.0903 4884 HTTP - ok

14:53:34.0921 4884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:53:34.0931 4884 hwpolicy - ok

14:53:34.0967 4884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:53:34.0981 4884 i8042prt - ok

14:53:35.0089 4884 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys

14:53:35.0107 4884 iaStor - ok

14:53:35.0173 4884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:53:35.0193 4884 iaStorV - ok

14:53:35.0315 4884 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:53:35.0347 4884 idsvc - ok

14:53:36.0047 4884 igfx (e15a809273ea164a7479d2fa64d18988) C:\Windows\system32\DRIVERS\igdkmd64.sys

14:53:36.0372 4884 igfx - ok

14:53:36.0508 4884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:53:36.0518 4884 iirsp - ok

14:53:36.0610 4884 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:53:36.0677 4884 IKEEXT - ok

14:53:36.0882 4884 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys

14:53:36.0937 4884 IntcAzAudAddService - ok

14:53:37.0149 4884 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

14:53:37.0189 4884 IntcDAud - ok

14:53:37.0218 4884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:53:37.0227 4884 intelide - ok

14:53:37.0261 4884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:53:37.0288 4884 intelppm - ok

14:53:37.0335 4884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:53:37.0385 4884 IPBusEnum - ok

14:53:37.0397 4884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:53:37.0445 4884 IpFilterDriver - ok

14:53:37.0456 4884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:53:37.0473 4884 IPMIDRV - ok

14:53:37.0523 4884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:53:37.0574 4884 IPNAT - ok

14:53:37.0726 4884 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

14:53:37.0751 4884 iPod Service - ok

14:53:37.0774 4884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:53:37.0790 4884 IRENUM - ok

14:53:37.0794 4884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:53:37.0804 4884 isapnp - ok

14:53:37.0838 4884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:53:37.0864 4884 iScsiPrt - ok

14:53:37.0882 4884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:53:37.0894 4884 kbdclass - ok

14:53:37.0910 4884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

14:53:37.0936 4884 kbdhid - ok

14:53:37.0984 4884 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

14:53:37.0991 4884 kbfiltr - ok

14:53:38.0010 4884 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:53:38.0021 4884 KeyIso - ok

14:53:38.0049 4884 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

14:53:38.0059 4884 KSecDD - ok

14:53:38.0098 4884 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

14:53:38.0111 4884 KSecPkg - ok

14:53:38.0137 4884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:53:38.0175 4884 ksthunk - ok

14:53:38.0242 4884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:53:38.0318 4884 KtmRm - ok

14:53:38.0354 4884 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys

14:53:38.0374 4884 L1C - ok

14:53:38.0443 4884 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

14:53:38.0491 4884 LanmanServer - ok

14:53:38.0528 4884 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:53:38.0577 4884 LanmanWorkstation - ok

14:53:38.0643 4884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:53:38.0721 4884 lltdio - ok

14:53:38.0782 4884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:53:38.0844 4884 lltdsvc - ok

14:53:38.0858 4884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:53:38.0902 4884 lmhosts - ok

14:53:39.0043 4884 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:53:39.0068 4884 LMS - ok

14:53:39.0130 4884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:53:39.0143 4884 LSI_FC - ok

14:53:39.0156 4884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:53:39.0168 4884 LSI_SAS - ok

14:53:39.0180 4884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:53:39.0191 4884 LSI_SAS2 - ok

14:53:39.0207 4884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:53:39.0219 4884 LSI_SCSI - ok

14:53:39.0256 4884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:53:39.0304 4884 luafv - ok

14:53:39.0360 4884 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:53:39.0389 4884 Mcx2Svc - ok

14:53:39.0397 4884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:53:39.0408 4884 megasas - ok

14:53:39.0448 4884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:53:39.0462 4884 MegaSR - ok

14:53:39.0501 4884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

14:53:39.0508 4884 MEIx64 - ok

14:53:39.0624 4884 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

14:53:39.0633 4884 Microsoft Office Groove Audit Service - ok

14:53:39.0664 4884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:53:39.0717 4884 MMCSS - ok

14:53:39.0750 4884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:53:39.0816 4884 Modem - ok

14:53:39.0839 4884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:53:39.0867 4884 monitor - ok

14:53:39.0898 4884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:53:39.0909 4884 mouclass - ok

14:53:39.0938 4884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:53:39.0967 4884 mouhid - ok

14:53:39.0993 4884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:53:40.0004 4884 mountmgr - ok

14:53:40.0017 4884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:53:40.0030 4884 mpio - ok

14:53:40.0044 4884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:53:40.0080 4884 mpsdrv - ok

14:53:40.0109 4884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:53:40.0162 4884 MRxDAV - ok

14:53:40.0206 4884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:53:40.0245 4884 mrxsmb - ok

14:53:40.0285 4884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:53:40.0325 4884 mrxsmb10 - ok

14:53:40.0368 4884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:53:40.0414 4884 mrxsmb20 - ok

14:53:40.0448 4884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:53:40.0458 4884 msahci - ok

14:53:40.0482 4884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:53:40.0501 4884 msdsm - ok

14:53:40.0540 4884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:53:40.0581 4884 MSDTC - ok

14:53:40.0602 4884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:53:40.0658 4884 Msfs - ok

14:53:40.0677 4884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:53:40.0723 4884 mshidkmdf - ok

14:53:40.0745 4884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:53:40.0755 4884 msisadrv - ok

14:53:40.0806 4884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:53:40.0872 4884 MSiSCSI - ok

14:53:40.0877 4884 msiserver - ok

14:53:40.0910 4884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:53:40.0962 4884 MSKSSRV - ok

14:53:41.0000 4884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:53:41.0045 4884 MSPCLOCK - ok

14:53:41.0050 4884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:53:41.0102 4884 MSPQM - ok

14:53:41.0183 4884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:53:41.0202 4884 MsRPC - ok

14:53:41.0224 4884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:53:41.0233 4884 mssmbios - ok

14:53:41.0246 4884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:53:41.0293 4884 MSTEE - ok

14:53:41.0309 4884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:53:41.0330 4884 MTConfig - ok

14:53:41.0353 4884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:53:41.0370 4884 Mup - ok

14:53:41.0428 4884 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:53:41.0495 4884 napagent - ok

14:53:41.0548 4884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:53:41.0589 4884 NativeWifiP - ok

14:53:41.0681 4884 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

14:53:41.0715 4884 NDIS - ok

14:53:41.0742 4884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:53:41.0801 4884 NdisCap - ok

14:53:41.0827 4884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:53:41.0872 4884 NdisTapi - ok

14:53:41.0907 4884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:53:41.0972 4884 Ndisuio - ok

14:53:42.0005 4884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:53:42.0072 4884 NdisWan - ok

14:53:42.0096 4884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:53:42.0150 4884 NDProxy - ok

14:53:42.0166 4884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:53:42.0224 4884 NetBIOS - ok

14:53:42.0256 4884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:53:42.0320 4884 NetBT - ok

14:53:42.0343 4884 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:53:42.0357 4884 Netlogon - ok

14:53:42.0407 4884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:53:42.0474 4884 Netman - ok

14:53:42.0526 4884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:53:42.0612 4884 netprofm - ok

14:53:42.0698 4884 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:53:42.0732 4884 NetTcpPortSharing - ok

14:53:42.0766 4884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:53:42.0777 4884 nfrd960 - ok

14:53:42.0821 4884 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:53:42.0887 4884 NlaSvc - ok

14:53:42.0905 4884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:53:42.0939 4884 Npfs - ok

14:53:42.0973 4884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:53:43.0030 4884 nsi - ok

14:53:43.0057 4884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:53:43.0108 4884 nsiproxy - ok

14:53:43.0265 4884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:53:43.0322 4884 Ntfs - ok

14:53:43.0448 4884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:53:43.0500 4884 Null - ok

14:53:43.0531 4884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:53:43.0545 4884 nvraid - ok

14:53:43.0587 4884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:53:43.0612 4884 nvstor - ok

14:53:43.0651 4884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:53:43.0666 4884 nv_agp - ok

14:53:43.0812 4884 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:53:43.0852 4884 odserv - ok

14:53:43.0861 4884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:53:43.0892 4884 ohci1394 - ok

14:53:43.0932 4884 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:53:43.0943 4884 ose - ok

14:53:43.0996 4884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:53:44.0037 4884 p2pimsvc - ok

14:53:44.0086 4884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:53:44.0127 4884 p2psvc - ok

14:53:44.0172 4884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:53:44.0200 4884 Parport - ok

14:53:44.0226 4884 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

14:53:44.0236 4884 partmgr - ok

14:53:44.0296 4884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:53:44.0336 4884 PcaSvc - ok

14:53:44.0373 4884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:53:44.0389 4884 pci - ok

14:53:44.0399 4884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:53:44.0408 4884 pciide - ok

14:53:44.0424 4884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:53:44.0437 4884 pcmcia - ok

14:53:44.0452 4884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:53:44.0462 4884 pcw - ok

14:53:44.0502 4884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:53:44.0561 4884 PEAUTH - ok

14:53:44.0655 4884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:53:44.0680 4884 PerfHost - ok

14:53:44.0850 4884 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:53:44.0948 4884 pla - ok

14:53:45.0051 4884 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:53:45.0137 4884 PlugPlay - ok

14:53:45.0243 4884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:53:45.0300 4884 PNRPAutoReg - ok

14:53:45.0347 4884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:53:45.0362 4884 PNRPsvc - ok

14:53:45.0436 4884 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:53:45.0522 4884 PolicyAgent - ok

14:53:45.0565 4884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:53:45.0610 4884 Power - ok

14:53:45.0695 4884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:53:45.0740 4884 PptpMiniport - ok

14:53:45.0762 4884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:53:45.0793 4884 Processor - ok

14:53:45.0845 4884 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

14:53:45.0907 4884 ProfSvc - ok

14:53:45.0931 4884 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:53:45.0943 4884 ProtectedStorage - ok

14:53:45.0975 4884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:53:46.0025 4884 Psched - ok

14:53:46.0064 4884 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers\PxHlpa64.sys

14:53:46.0074 4884 PxHlpa64 - ok

14:53:46.0204 4884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:53:46.0266 4884 ql2300 - ok

14:53:46.0400 4884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:53:46.0424 4884 ql40xx - ok

14:53:46.0471 4884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:53:46.0504 4884 QWAVE - ok

14:53:46.0520 4884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:53:46.0550 4884 QWAVEdrv - ok

14:53:46.0553 4884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:53:46.0615 4884 RasAcd - ok

14:53:46.0661 4884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:53:46.0705 4884 RasAgileVpn - ok

14:53:46.0732 4884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:53:46.0785 4884 RasAuto - ok

14:53:46.0823 4884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:53:46.0895 4884 Rasl2tp - ok

14:53:46.0940 4884 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:53:46.0983 4884 RasMan - ok

14:53:46.0998 4884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:53:47.0035 4884 RasPppoe - ok

14:53:47.0067 4884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:53:47.0116 4884 RasSstp - ok

14:53:47.0151 4884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:53:47.0212 4884 rdbss - ok

14:53:47.0232 4884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

14:53:47.0246 4884 rdpbus - ok

14:53:47.0259 4884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:53:47.0303 4884 RDPCDD - ok

14:53:47.0334 4884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:53:47.0386 4884 RDPENCDD - ok

14:53:47.0400 4884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:53:47.0447 4884 RDPREFMP - ok

14:53:47.0486 4884 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

14:53:47.0540 4884 RDPWD - ok

14:53:47.0585 4884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:53:47.0597 4884 rdyboost - ok

14:53:47.0647 4884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:53:47.0698 4884 RemoteAccess - ok

14:53:47.0745 4884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:53:47.0794 4884 RemoteRegistry - ok

14:53:47.0842 4884 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

14:53:47.0875 4884 RFCOMM - ok

14:53:47.0904 4884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:53:47.0965 4884 RpcEptMapper - ok

14:53:47.0991 4884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:53:48.0014 4884 RpcLocator - ok

14:53:48.0069 4884 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:53:48.0110 4884 RpcSs - ok

14:53:48.0145 4884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:53:48.0180 4884 rspndr - ok

14:53:48.0252 4884 RSUSBVSTOR (ce0a1d8a59410e698140821e4e69da0d) C:\Windows\system32\Drivers\RtsUVStor.sys

14:53:48.0264 4884 RSUSBVSTOR - ok

14:53:48.0339 4884 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:53:48.0353 4884 RTL8167 - ok

14:53:48.0377 4884 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:53:48.0388 4884 SamSs - ok

14:53:48.0409 4884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:53:48.0421 4884 sbp2port - ok

14:53:48.0456 4884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:53:48.0509 4884 SCardSvr - ok

14:53:48.0531 4884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:53:48.0566 4884 scfilter - ok

14:53:48.0645 4884 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:53:48.0711 4884 Schedule - ok

14:53:48.0777 4884 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:53:48.0816 4884 SCPolicySvc - ok

14:53:48.0848 4884 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:53:48.0899 4884 SDRSVC - ok

14:53:49.0001 4884 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

14:53:49.0041 4884 SeaPort - ok

14:53:49.0131 4884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:53:49.0179 4884 secdrv - ok

14:53:49.0218 4884 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:53:49.0256 4884 seclogon - ok

14:53:49.0287 4884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

14:53:49.0337 4884 SENS - ok

14:53:49.0365 4884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:53:49.0403 4884 SensrSvc - ok

14:53:49.0419 4884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

14:53:49.0448 4884 Serenum - ok

14:53:49.0473 4884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

14:53:49.0498 4884 Serial - ok

14:53:49.0521 4884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:53:49.0548 4884 sermouse - ok

14:53:49.0577 4884 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:53:49.0628 4884 SessionEnv - ok

14:53:49.0632 4884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:53:49.0652 4884 sffdisk - ok

14:53:49.0655 4884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:53:49.0677 4884 sffp_mmc - ok

14:53:49.0681 4884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:53:49.0702 4884 sffp_sd - ok

14:53:49.0706 4884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:53:49.0717 4884 sfloppy - ok

14:53:49.0761 4884 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:53:49.0830 4884 ShellHWDetection - ok

14:53:49.0855 4884 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

14:53:49.0879 4884 SiSGbeLH - ok

14:53:49.0904 4884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:53:49.0955 4884 SiSRaid2 - ok

14:53:49.0965 4884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:53:49.0976 4884 SiSRaid4 - ok

14:53:50.0054 4884 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe

14:53:50.0069 4884 SkypeUpdate - ok

14:53:50.0078 4884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:53:50.0129 4884 Smb - ok

14:53:50.0159 4884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:53:50.0172 4884 SNMPTRAP - ok

14:53:50.0245 4884 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe

14:53:50.0257 4884 SonicStage Back-End Service - ok

14:53:50.0271 4884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:53:50.0280 4884 spldr - ok

14:53:50.0341 4884 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:53:50.0405 4884 Spooler - ok

14:53:50.0621 4884 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:53:50.0752 4884 sppsvc - ok

14:53:50.0887 4884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:53:50.0940 4884 sppuinotify - ok

14:53:51.0019 4884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:53:51.0119 4884 srv - ok

14:53:51.0171 4884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:53:51.0201 4884 srv2 - ok

14:53:51.0223 4884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:53:51.0255 4884 srvnet - ok

14:53:51.0314 4884 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

14:53:51.0355 4884 ssadbus - ok

14:53:51.0383 4884 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

14:53:51.0410 4884 ssadmdfl - ok

14:53:51.0444 4884 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

14:53:51.0474 4884 ssadmdm - ok

14:53:51.0501 4884 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys

14:53:51.0525 4884 ssadserd - ok

14:53:51.0576 4884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:53:51.0634 4884 SSDPSRV - ok

14:53:51.0730 4884 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe

14:53:51.0740 4884 SSScsiSV - ok

14:53:51.0763 4884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:53:51.0802 4884 SstpSvc - ok

14:53:51.0830 4884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:53:51.0840 4884 stexstor - ok

14:53:51.0930 4884 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:53:51.0977 4884 stisvc - ok

14:53:51.0995 4884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:53:52.0005 4884 swenum - ok

14:53:52.0054 4884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:53:52.0123 4884 swprv - ok

14:53:52.0256 4884 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:53:52.0333 4884 SysMain - ok

14:53:52.0445 4884 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:53:52.0465 4884 TabletInputService - ok

14:53:52.0491 4884 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:53:52.0554 4884 TapiSrv - ok

14:53:52.0578 4884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:53:52.0613 4884 TBS - ok

14:53:52.0777 4884 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

14:53:52.0848 4884 Tcpip - ok

14:53:53.0165 4884 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

14:53:53.0209 4884 TCPIP6 - ok

14:53:53.0307 4884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:53:53.0356 4884 tcpipreg - ok

14:53:53.0374 4884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:53:53.0400 4884 TDPIPE - ok

14:53:53.0425 4884 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:53:53.0436 4884 TDTCP - ok

14:53:53.0460 4884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:53:53.0512 4884 tdx - ok

14:53:53.0533 4884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

14:53:53.0544 4884 TermDD - ok

14:53:53.0605 4884 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:53:53.0676 4884 TermService - ok

14:53:53.0696 4884 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:53:53.0721 4884 Themes - ok

14:53:53.0751 4884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:53:53.0785 4884 THREADORDER - ok

14:53:53.0906 4884 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

14:53:53.0931 4884 TiMiniService - ok

14:53:53.0966 4884 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys

14:53:53.0975 4884 tmactmon - ok

14:53:54.0005 4884 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys

14:53:54.0015 4884 tmcomm - ok

14:53:54.0034 4884 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys

14:53:54.0043 4884 tmevtmgr - ok

14:53:54.0076 4884 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys

14:53:54.0083 4884 tmtdi - ok

14:53:54.0116 4884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:53:54.0184 4884 TrkWks - ok

14:53:54.0251 4884 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:53:54.0333 4884 TrustedInstaller - ok

14:53:54.0367 4884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:53:54.0408 4884 tssecsrv - ok

14:53:54.0449 4884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:53:54.0496 4884 TsUsbFlt - ok

14:53:54.0501 4884 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:53:54.0524 4884 TsUsbGD - ok

14:53:54.0558 4884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:53:54.0614 4884 tunnel - ok

14:53:54.0622 4884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:53:54.0634 4884 uagp35 - ok

14:53:54.0680 4884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:53:54.0736 4884 udfs - ok

14:53:54.0774 4884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:53:54.0807 4884 UI0Detect - ok

14:53:54.0833 4884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:53:54.0845 4884 uliagpkx - ok

14:53:54.0878 4884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:53:54.0902 4884 umbus - ok

14:53:54.0906 4884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

14:53:54.0924 4884 UmPass - ok

14:53:55.0228 4884 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:53:55.0318 4884 UNS - ok

14:53:55.0459 4884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:53:55.0520 4884 upnphost - ok

14:53:55.0570 4884 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

14:53:55.0610 4884 USBAAPL64 - ok

14:53:55.0646 4884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:53:55.0691 4884 usbccgp - ok

14:53:55.0740 4884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:53:55.0769 4884 usbcir - ok

14:53:55.0785 4884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

14:53:55.0800 4884 usbehci - ok

14:53:55.0857 4884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:53:55.0905 4884 usbhub - ok

14:53:55.0923 4884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:53:55.0950 4884 usbohci - ok

14:53:55.0982 4884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:53:55.0998 4884 usbprint - ok

14:53:56.0021 4884 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

14:53:56.0050 4884 usbscan - ok

14:53:56.0085 4884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:53:56.0127 4884 USBSTOR - ok

14:53:56.0152 4884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:53:56.0178 4884 usbuhci - ok

14:53:56.0242 4884 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

14:53:56.0282 4884 usbvideo - ok

14:53:56.0319 4884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:53:56.0372 4884 UxSms - ok

14:53:56.0398 4884 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:53:56.0411 4884 VaultSvc - ok

14:53:56.0444 4884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:53:56.0454 4884 vdrvroot - ok

14:53:56.0511 4884 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:53:56.0563 4884 vds - ok

14:53:56.0585 4884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:53:56.0600 4884 vga - ok

14:53:56.0617 4884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:53:56.0675 4884 VgaSave - ok

14:53:56.0691 4884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:53:56.0704 4884 vhdmp - ok

14:53:56.0708 4884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:53:56.0717 4884 viaide - ok

14:53:56.0744 4884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:53:56.0755 4884 volmgr - ok

14:53:56.0792 4884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:53:56.0810 4884 volmgrx - ok

14:53:56.0834 4884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:53:56.0851 4884 volsnap - ok

14:53:56.0910 4884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:53:56.0932 4884 vsmraid - ok

14:53:57.0148 4884 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:53:57.0241 4884 VSS - ok

14:53:57.0378 4884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:53:57.0411 4884 vwifibus - ok

14:53:57.0430 4884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:53:57.0464 4884 vwififlt - ok

14:53:57.0521 4884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:53:57.0589 4884 W32Time - ok

14:53:57.0613 4884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:53:57.0633 4884 WacomPen - ok

14:53:57.0673 4884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:53:57.0719 4884 WANARP - ok

14:53:57.0735 4884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:53:57.0767 4884 Wanarpv6 - ok

14:53:57.0927 4884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:53:57.0969 4884 WatAdminSvc - ok

14:53:58.0089 4884 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:53:58.0146 4884 wbengine - ok

14:53:58.0247 4884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:53:58.0286 4884 WbioSrvc - ok

14:53:58.0312 4884 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:53:58.0342 4884 wcncsvc - ok

14:53:58.0358 4884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:53:58.0401 4884 WcsPlugInService - ok

14:53:58.0461 4884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:53:58.0472 4884 Wd - ok

14:53:58.0514 4884 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

14:53:58.0558 4884 WDC_SAM - ok

14:53:58.0615 4884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:53:58.0636 4884 Wdf01000 - ok

14:53:58.0658 4884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:53:58.0751 4884 WdiServiceHost - ok

14:53:58.0754 4884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:53:58.0772 4884 WdiSystemHost - ok

14:53:58.0821 4884 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:53:58.0870 4884 WebClient - ok

14:53:58.0923 4884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:53:58.0993 4884 Wecsvc - ok

14:53:59.0040 4884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:53:59.0075 4884 wercplsupport - ok

14:53:59.0109 4884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:53:59.0165 4884 WerSvc - ok

14:53:59.0242 4884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:53:59.0276 4884 WfpLwf - ok

14:53:59.0344 4884 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

14:53:59.0363 4884 WimFltr - ok

14:53:59.0392 4884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:53:59.0402 4884 WIMMount - ok

14:53:59.0407 4884 WinHttpAutoProxySvc - ok

14:53:59.0504 4884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:53:59.0573 4884 Winmgmt - ok

14:53:59.0719 4884 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:53:59.0820 4884 WinRM - ok

14:53:59.0992 4884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:54:00.0027 4884 WinUsb - ok

14:54:00.0121 4884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:54:00.0175 4884 Wlansvc - ok

14:54:00.0241 4884 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:54:00.0250 4884 wlcrasvc - ok

14:54:00.0461 4884 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:54:00.0536 4884 wlidsvc - ok

14:54:00.0684 4884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:54:00.0709 4884 WmiAcpi - ok

14:54:00.0774 4884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:54:00.0808 4884 wmiApSrv - ok

14:54:00.0851 4884 WMPNetworkSvc - ok

14:54:00.0885 4884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:54:00.0906 4884 WPCSvc - ok

14:54:00.0955 4884 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:54:00.0992 4884 WPDBusEnum - ok

14:54:01.0027 4884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:54:01.0076 4884 ws2ifsl - ok

14:54:01.0079 4884 WSearch - ok

14:54:01.0095 4884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:54:01.0155 4884 WudfPf - ok

14:54:01.0211 4884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:54:01.0265 4884 WUDFRd - ok

14:54:01.0292 4884 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:54:01.0325 4884 wudfsvc - ok

14:54:01.0358 4884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:54:01.0385 4884 WwanSvc - ok

14:54:01.0425 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:54:01.0479 4884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

14:54:01.0479 4884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

14:54:01.0583 4884 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:54:01.0583 4884 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:54:01.0588 4884 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

14:54:01.0698 4884 \Device\Harddisk1\DR1 - ok

14:54:01.0701 4884 Boot (0x1200) (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0

14:54:01.0703 4884 \Device\Harddisk0\DR0\Partition0 - ok

14:54:01.0727 4884 Boot (0x1200) (0159cae7e670be55fe9d2d9d63bb43b3) \Device\Harddisk0\DR0\Partition1

14:54:01.0729 4884 \Device\Harddisk0\DR0\Partition1 - ok

14:54:01.0733 4884 Boot (0x1200) (4845846325eec051e9df4f95dbb4d5b3) \Device\Harddisk1\DR1\Partition0

14:54:01.0734 4884 \Device\Harddisk1\DR1\Partition0 - ok

14:54:01.0735 4884 ============================================================

14:54:01.0735 4884 Scan finished

14:54:01.0735 4884 ============================================================

14:54:01.0749 4880 Detected object count: 2

14:54:01.0749 4880 Actual detected object count: 2

14:54:45.0322 4880 \Device\Harddisk0\DR0\# - copied to quarantine

14:54:45.0323 4880 \Device\Harddisk0\DR0 - copied to quarantine

14:54:45.0405 4880 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

14:54:45.0407 4880 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

14:54:45.0413 4880 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

14:54:45.0418 4880 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

14:54:45.0437 4880 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

14:54:45.0448 4880 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

14:54:45.0449 4880 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

14:54:45.0450 4880 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

14:54:45.0451 4880 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

14:54:45.0454 4880 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

14:54:45.0457 4880 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

14:54:45.0458 4880 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

14:54:45.0461 4880 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

14:54:45.0463 4880 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

14:54:45.0469 4880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

14:54:45.0470 4880 \Device\Harddisk0\DR0 - ok

14:54:45.0484 4880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

14:54:45.0486 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:54:45.0487 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Share this post


Link to post
Share on other sites

Just run TDSSKiller again and choose delete for this one only:

14:54:45.0486 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:54:45.0487 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

----------------------------

Then......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-08-08.01 - Erica 08/08/2012 15:21:16.1.4 - x64

Running from: c:\users\Erica\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Erica\AppData\Roaming\360SE

c:\users\Erica\AppData\Roaming\360SE\360SE.ini

c:\users\Erica\AppData\Roaming\360SE\360se_s.ini

c:\users\Erica\AppData\Roaming\360SE\360seie6.ini

c:\users\Erica\AppData\Roaming\360SE\data\360sefav.db

c:\users\Erica\AppData\Roaming\360SE\data\BlankData.ini

c:\users\Erica\AppData\Roaming\360SE\data\FavouriteBar.dat

c:\users\Erica\AppData\Roaming\360SE\data\history.dat

c:\users\Erica\AppData\Roaming\360SE\data\ico\avc.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\cn.bing.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\cz.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\hao.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\me.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\se.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\uninstall.feedback.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.baidu.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.bing.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.google.com.hk.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.sogou.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\www.youdao.com.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\yahoo.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico

c:\users\Erica\AppData\Roaming\360SE\data\IEXCompat.dat

c:\users\Erica\AppData\Roaming\360SE\data\pluginbar.dat

c:\users\Erica\AppData\Roaming\360SE\data\StatusBar.dat

c:\users\Erica\AppData\Roaming\360SE\data\switch.ini

c:\users\Erica\AppData\Roaming\360SE\data\URLTitle.ini

c:\users\Erica\AppData\Roaming\360SE\data\user.dat

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtBank\bank2.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtBank\ExtBank.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtBank\stat.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtDoctor\ExtDoctor.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtDownload\extdownload1.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtLoginMagic\ExtLoginMagic.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\extpageblank\stat.dat

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtYouxi\stat3.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\ExtYouxi\ver.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\Favorites2.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2012_04_15.log

c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\titleopt.dll

c:\users\Erica\AppData\Roaming\360SE\extensions\Pluginbar\stat.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\Pluginbar\ver.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.in

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\safehfc.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\sc.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat

c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\urllibauth.dat

c:\users\Erica\AppData\Roaming\360SE\extensions\SnapPlugin\stat.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\TranslatorPlugin\stat.ini

c:\users\Erica\AppData\Roaming\360SE\extensions\TranslatorPlugin\translate.ini

c:\users\Erica\AppData\Roaming\360SE\seup.ini

c:\users\Erica\AppData\Roaming\360SE\stat.ini

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\1afb2d56

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\201d3dde

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@

c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-08 22:28 . 2012-08-08 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-08 20:42 . 2012-08-08 20:42 -------- d-----w- C:\FRST

2012-08-06 19:03 . 2012-08-06 19:03 -------- d-----w- c:\users\Erica\AppData\Local\ElevatedDiagnostics

2012-07-13 22:14 . 2012-07-13 22:14 -------- d-----w- c:\program files\CCleaner

2012-07-13 21:58 . 2012-07-13 22:08 -------- d-----w- c:\programdata\RegAce

2012-07-13 18:47 . 2012-08-08 22:16 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-13 02:20 . 2012-07-13 02:43 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-07-13 02:20 . 2012-05-11 18:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-07-13 02:19 . 2012-07-13 02:19 -------- d-----w- c:\programdata\PC Tools

2012-07-13 02:19 . 2012-07-13 02:19 -------- d-----w- c:\users\Erica\AppData\Roaming\TestApp

2012-07-13 01:36 . 2012-07-13 02:42 -------- d-----w- c:\programdata\MFAData

2012-07-13 01:36 . 2012-07-13 01:36 -------- d--h--w- c:\programdata\Common Files

2012-07-11 05:44 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 02:22 . 2012-07-11 02:24 -------- d-----w- c:\users\Erica\AppData\Roaming\GetRightToGo

2012-07-11 01:41 . 2010-12-10 05:18 624056 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.449\mframe.dll

2012-07-11 01:41 . 2010-12-10 05:18 312768 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.449\ppp.dll

2012-07-11 01:41 . 2010-12-10 05:18 247304 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll

2012-07-11 00:49 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 00:49 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 00:49 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 00:49 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 00:49 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 00:49 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-07-11 00:49 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-07-11 00:48 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-11 00:48 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 00:48 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 00:48 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 00:48 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 00:48 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-11 00:48 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-11 00:48 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-11 00:48 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-08 22:18 . 2012-06-03 19:56 380 ----a-w- c:\users\Erica\AppData\Roaming\sp_data.sys

2012-08-04 00:39 . 2012-04-13 15:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 00:39 . 2012-03-05 21:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 05:41 . 2012-03-01 01:50 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-29 18:14 . 2012-06-29 18:14 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-05 22:24 . 2012-06-05 22:24 2829 ----a-w- c:\windows\War3Unin.pif

2012-06-05 22:24 . 2012-06-05 22:24 126976 ----a-w- c:\windows\War3Unin.exe

2012-06-03 19:52 . 2012-02-20 04:57 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-06-02 22:19 . 2012-06-22 00:03 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 00:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 00:03 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 00:03 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 00:03 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-22 00:03 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 00:03 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 00:03 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-22 00:03 99840 ----a-w- c:\windows\system32\wudriver.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-02-22 296056]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-10-6 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-22 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPNAT

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:39]

.

2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job

- c:\users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 03:30]

.

2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job

- c:\users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 03:30]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job

- c:\users\Erica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 23:21]

.

2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job

- c:\users\Erica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 23:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

SafeBoot-68469606.sys

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-08 15:35:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-08 22:35

.

Pre-Run: 144,273,399,808 bytes free

Post-Run: 144,983,318,528 bytes free

.

- - End Of File - - DCFE8EE82C132D93EF464CFA776BBD7F

Share this post


Link to post
Share on other sites

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Oh okay. I did the quick scan. Heres the report. thanks!

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.03.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Erica :: ERICA-PC [administrator]

8/8/2012 3:47:00 PM

mbam-log-2012-08-08 (15-47-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199339

Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

So far nothing has pop up yet. and its running normal. but i dont know if the virus will come back later... thanks alot tho!!!

Share this post


Link to post
Share on other sites

Great thumbsup.gif (It's not going to come back)

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.