21 replies to this topic

[azn1993]

Hey everyone, I have had these google redirects and my computer is infected by Trojan.Dropper.BCMiner and Rootkit.0Access! I have tried many of the solutions online but they are still here. I have tried to download combofix but it automatically crashed to a blue screen while it hasnt finish downloading. Can anyone expert help with this problem or help me to get rid of these infection off my computer? Thanks alot!

I have done the "perform full scan" using Malwarebytes Anti-Malware. Here's the log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.03.10
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Erica :: ERICA-PC [administrator]
8/8/2012 12:19:32 PM
mbam-log-2012-08-08 (12-48-58).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 158312
Time elapsed: 29 minute(s), 6 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@ (Rootkit.0Access) -> No action taken.
(end)






Thanks alot!!!!!!!!!!!

[azn1993]

DDS.txt and Attach.txt are attached here.

Attached Files

•  Attach.txt   6.66K   3 downloads
•  DDS.txt   14.35K   3 downloads

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[azn1993]

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Erica [Admin rights]
Mode: Scan -- Date: 08/08/2012 13:28:34
¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n.) -> FOUND
[ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\erica\appdata\local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\erica\appdata\local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\erica\appdata\local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c031903ef0e94caca6428ba2553ec33d
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 2d9f73e8480f01623a080c08240fd05d
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 2d9f73e8480f01623a080c08240fd05d
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt




thank you for replying!

[MrCharlie]

Here you go......

You have two infections:

Quote

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Your computer is infected with a nasty rootkit. Please read the following information first.

Quote

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• 
  
  Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
  services.exe
  
• Now press the Search button
  
• When the search is complete, search.txt will also be written to your USB
  
• Type exit and reboot the computer normally
  
• Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[azn1993]

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by Erica at 08-08-2012 13:42:23
Running from F:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============
2012-08-08 13:28 - 2012-08-08 13:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt
2012-08-08 13:27 - 2012-08-08 13:28 - 00000000 ____D C:\Users\Erica\Desktop\RK_Quarantine
2012-08-08 13:02 - 2012-08-08 13:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar
2012-08-08 13:01 - 2012-08-08 13:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt
2012-08-08 13:01 - 2012-08-08 13:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt
2012-08-08 12:40 - 2012-08-08 12:40 - 00607260 ____R (Swearware) C:\Users\Erica\Desktop\dds.scr
2012-08-08 12:00 - 2012-08-08 12:00 - 00262144 ____A C:\Windows\Minidump\080812-37237-01.dmp
2012-08-08 11:37 - 2012-08-08 11:37 - 00266472 ____A C:\Windows\Minidump\080812-22432-01.dmp
2012-08-06 17:12 - 2009-07-13 18:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-06 12:25 - 2005-04-25 05:16 - 00253952 ____N (TODO: <Company name>) C:\Windows\SBCDSL.exe
2012-08-06 12:25 - 2002-02-13 19:53 - 00006345 ___RA C:\Windows\SysWOW64\DevMngr.vxd
2012-08-05 15:59 - 2012-08-05 15:59 - 00000000 ____D C:\Users\Erica\Desktop\textbook fall 2012
2012-08-03 17:35 - 2012-08-08 11:37 - 00003922 ____A C:\Windows\PFRO.log
2012-07-30 18:11 - 2012-07-30 18:11 - 00000981 ____A C:\Windows\WindowsUpdate.log
2012-07-30 18:07 - 2012-08-08 11:59 - 00000000 ___SD C:\32788R22FWJFW
2012-07-30 18:07 - 2012-07-30 18:08 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp
2012-07-30 17:54 - 2012-08-08 12:00 - 638726075 ____A C:\Windows\MEMORY.DMP
2012-07-30 17:54 - 2012-08-08 11:37 - 00001232 ____A C:\Windows\setupact.log
2012-07-30 17:54 - 2012-07-30 17:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp
2012-07-30 17:54 - 2012-07-30 17:54 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 17:36 - 2012-08-08 12:00 - 00000000 ____D C:\Windows\Minidump
2012-07-26 18:02 - 2012-07-26 18:03 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx
2012-07-21 20:45 - 2012-07-21 20:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv
2012-07-21 20:44 - 2012-07-21 20:45 - 00000000 ____D C:\Users\Erica\AppData\Local\{54948630-CFCE-4700-98F4-11609C1F679E}
2012-07-21 20:44 - 2012-07-21 20:44 - 00000000 ____D C:\Users\Erica\AppData\Local\{6695E5A6-25E0-413C-8EE3-17575F20945D}
2012-07-21 09:41 - 2012-07-27 18:43 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt
2012-07-13 15:15 - 2012-07-13 15:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg
2012-07-13 15:14 - 2012-07-14 17:27 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-13 15:14 - 2012-07-13 15:14 - 00000000 ____D C:\Program Files\CCleaner
2012-07-13 14:58 - 2012-07-22 21:14 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job
2012-07-13 14:58 - 2012-07-13 15:08 - 00000000 ____D C:\Users\All Users\RegAce
2012-07-13 14:57 - 2012-07-13 14:57 - 00000000 ____D C:\ComboFix
2012-07-13 14:54 - 2012-08-03 17:48 - 00000000 ____D C:\Windows\erdnt
2012-07-13 14:54 - 2012-07-13 14:56 - 00000000 ____D C:\Qoobox
2012-07-13 11:47 - 2012-07-13 11:47 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-12 19:20 - 2012-07-12 19:21 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-12 19:20 - 2012-05-11 11:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-07-12 19:19 - 2012-07-12 19:19 - 00000000 ____D C:\Users\Erica\AppData\Roaming\TestApp
2012-07-12 19:19 - 2012-07-12 19:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-12 19:16 - 2012-07-12 19:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat
2012-07-12 18:36 - 2012-07-12 19:42 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-10 22:44 - 2012-06-11 20:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 22:40 - 2012-06-02 05:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 22:40 - 2012-06-02 05:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 22:40 - 2012-06-02 05:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 22:40 - 2012-06-02 05:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 22:40 - 2012-06-02 05:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 22:40 - 2012-06-02 05:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 22:40 - 2012-06-02 05:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 22:40 - 2012-06-02 05:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 22:40 - 2012-06-02 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 22:40 - 2012-06-02 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 22:40 - 2012-06-02 04:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 22:40 - 2012-06-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 22:40 - 2012-06-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 22:40 - 2012-06-02 04:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 22:40 - 2012-06-02 02:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 22:40 - 2012-06-02 01:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 22:40 - 2012-06-02 01:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 22:40 - 2012-06-02 01:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 22:40 - 2012-06-02 01:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 22:40 - 2012-06-02 01:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 22:40 - 2012-06-02 01:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 22:40 - 2012-06-02 01:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 22:40 - 2012-06-02 01:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 22:40 - 2012-06-02 01:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 22:40 - 2012-06-02 01:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 22:40 - 2012-06-02 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 22:40 - 2012-06-02 01:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 22:40 - 2012-06-02 01:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:22 - 2012-07-10 19:24 - 00000000 ____D C:\Users\Erica\AppData\Roaming\GetRightToGo
2012-07-10 18:38 - 2012-07-10 18:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk
2012-07-10 18:31 - 2012-07-10 18:31 - 00000000 ____A C:\Windows\LiveUpdate.INI
2012-07-10 17:49 - 2012-06-08 22:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:49 - 2012-06-08 21:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 17:49 - 2012-06-05 23:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:49 - 2012-06-05 23:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:49 - 2012-06-05 22:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 17:49 - 2012-06-05 22:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 17:49 - 2010-06-25 20:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 17:49 - 2010-06-25 20:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 17:48 - 2012-06-01 22:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:48 - 2012-06-01 22:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:48 - 2012-06-01 22:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:48 - 2012-06-01 22:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:48 - 2012-06-01 22:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:48 - 2012-06-01 21:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 17:48 - 2012-06-01 21:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 17:48 - 2012-06-01 21:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 17:48 - 2012-06-01 21:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 17:38 - 2012-06-05 23:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 17:38 - 2012-06-05 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

============ 3 Months Modified Files ========================
2012-08-08 13:28 - 2012-08-08 13:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt
2012-08-08 13:02 - 2012-08-08 13:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar
2012-08-08 13:01 - 2012-08-08 13:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt
2012-08-08 13:01 - 2012-08-08 13:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt
2012-08-08 12:40 - 2012-08-08 12:40 - 00607260 ____R (Swearware) C:\Users\Erica\Desktop\dds.scr
2012-08-08 12:00 - 2012-08-08 12:00 - 00262144 ____A C:\Windows\Minidump\080812-37237-01.dmp
2012-08-08 12:00 - 2012-07-30 17:54 - 638726075 ____A C:\Windows\MEMORY.DMP
2012-08-08 11:45 - 2009-07-13 21:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-08 11:45 - 2009-07-13 21:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-08 11:38 - 2012-06-03 12:56 - 00000380 ____A C:\Users\Erica\AppData\Roaming\sp_data.sys
2012-08-08 11:38 - 2012-04-13 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-08 11:37 - 2012-08-08 11:37 - 00266472 ____A C:\Windows\Minidump\080812-22432-01.dmp
2012-08-08 11:37 - 2012-08-03 17:35 - 00003922 ____A C:\Windows\PFRO.log
2012-08-08 11:37 - 2012-07-30 17:54 - 00001232 ____A C:\Windows\setupact.log
2012-08-08 11:37 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-08 11:32 - 2012-03-26 16:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job
2012-08-06 12:28 - 2011-10-06 16:59 - 00002012 ____A C:\Windows\System32\AutoRunFilter.ini
2012-08-04 00:32 - 2012-03-26 16:21 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job
2012-08-03 17:39 - 2012-04-13 08:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 17:39 - 2012-03-05 14:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 18:11 - 2012-07-30 18:11 - 00000981 ____A C:\Windows\WindowsUpdate.log
2012-07-30 18:08 - 2012-07-30 18:07 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp
2012-07-30 17:54 - 2012-07-30 17:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp
2012-07-30 17:54 - 2012-07-30 17:54 - 00000000 ____A C:\Windows\setuperr.log
2012-07-29 22:47 - 2009-07-13 22:13 - 00745942 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-27 18:43 - 2012-07-21 09:41 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt
2012-07-26 18:03 - 2012-07-26 18:02 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx
2012-07-22 21:14 - 2012-07-13 14:58 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job
2012-07-21 20:45 - 2012-07-21 20:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv
2012-07-14 17:27 - 2012-07-13 15:14 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-14 10:00 - 2011-10-06 16:59 - 00001396 ____A C:\Windows\System32\ServiceFilter.ini
2012-07-13 15:15 - 2012-07-13 15:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg
2012-07-12 19:21 - 2012-07-12 19:20 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-12 19:16 - 2012-07-12 19:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat
2012-07-11 17:56 - 2009-07-13 21:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 22:44 - 2009-07-13 19:34 - 00000478 ____A C:\Windows\win.ini
2012-07-10 22:41 - 2012-02-29 18:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 18:38 - 2012-07-10 18:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk
2012-07-10 18:31 - 2012-07-10 18:31 - 00000000 ____A C:\Windows\LiveUpdate.INI
2012-07-07 17:09 - 2012-07-07 17:09 - 00000312 ____A C:\rkill.log
2012-06-17 20:16 - 2012-05-24 15:12 - 00005632 ____A C:\Users\Erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-12 09:09 - 2009-07-13 22:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 20:08 - 2012-07-10 22:44 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 22:43 - 2012-07-10 17:49 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 21:41 - 2012-07-10 17:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 18:45 - 2012-06-06 18:45 - 00759334 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-05 23:06 - 2012-07-10 17:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 23:06 - 2012-07-10 17:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 23:02 - 2012-07-10 17:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 22:05 - 2012-07-10 17:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 22:05 - 2012-07-10 17:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 22:03 - 2012-07-10 17:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 15:26 - 2012-06-05 15:26 - 00001510 ____A C:\Users\Erica\Desktop\Warcraft III.lnk
2012-06-05 15:26 - 2012-06-05 15:24 - 00015153 ____A C:\Windows\War3Unin.dat
2012-06-05 15:24 - 2012-06-05 15:24 - 00126976 ____A (Blizzard Entertainment) C:\Windows\War3Unin.exe
2012-06-05 15:24 - 2012-06-05 15:24 - 00002829 ____A C:\Windows\War3Unin.pif
2012-06-03 12:59 - 2011-10-06 16:59 - 00000080 ____A C:\Windows\System32\Defrag.ini
2012-06-03 12:58 - 2011-10-06 16:46 - 00000184 ____A C:\setup.log
2012-06-03 12:52 - 2012-02-19 21:57 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-06-03 08:45 - 2011-10-06 16:51 - 00002490 ____A C:\RHDSetup.log
2012-06-02 15:19 - 2012-06-21 17:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2012-06-21 17:03 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2012-06-21 17:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:19 - 2012-06-21 17:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2012-06-21 17:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2012-06-21 17:03 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:15 - 2012-06-21 17:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:15 - 2012-06-21 17:03 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:15 - 2012-06-21 17:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:49 - 2012-07-10 22:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 05:17 - 2012-07-10 22:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 05:12 - 2012-07-10 22:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 05:05 - 2012-07-10 22:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 05:05 - 2012-07-10 22:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 05:04 - 2012-07-10 22:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 05:04 - 2012-07-10 22:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 05:03 - 2012-07-10 22:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 05:01 - 2012-07-10 22:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 05:00 - 2012-07-10 22:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 04:59 - 2012-07-10 22:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 04:57 - 2012-07-10 22:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 04:57 - 2012-07-10 22:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 04:54 - 2012-07-10 22:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 02:07 - 2012-07-10 22:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 01:43 - 2012-07-10 22:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 01:33 - 2012-07-10 22:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 01:26 - 2012-07-10 22:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 01:25 - 2012-07-10 22:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 01:25 - 2012-07-10 22:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 01:23 - 2012-07-10 22:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 01:21 - 2012-07-10 22:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 01:20 - 2012-07-10 22:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 01:19 - 2012-07-10 22:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 01:19 - 2012-07-10 22:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 01:17 - 2012-07-10 22:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 01:16 - 2012-07-10 22:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 01:14 - 2012-07-10 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 22:50 - 2012-07-10 17:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 22:48 - 2012-07-10 17:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 22:48 - 2012-07-10 17:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 22:45 - 2012-07-10 17:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 22:44 - 2012-07-10 17:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 21:40 - 2012-07-10 17:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 21:40 - 2012-07-10 17:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 21:39 - 2012-07-10 17:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 21:34 - 2012-07-10 17:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-11 11:14 - 2012-07-12 19:20 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

ZeroAccess:
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\1afb2d56
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\201d3dde
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@
ZeroAccess:
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
========================= Memory info ======================
Percentage of memory in use: 40%
Total physical RAM: 4000.13 MB
Available physical RAM: 2386.8 MB
Total Pagefile: 7998.45 MB
Available Pagefile: 6527.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:134.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.35 GB) NTFS
3 Drive e: (Warcraft III) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
4 Drive f: (ERICA) (Removable) (Total:7.47 GB) (Free:0.43 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 7663 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 0 Extended 254 GB 211 GB
Partition 3 Logical 254 GB 211 GB
==================================================================================
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 186 GB Healthy System (partition with boot components)
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 254 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F ERICA FAT32 Removable 7655 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-08-07 09:58
======================= End Of Log ==========================

[azn1993]

Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by Erica at 2012-08-08 13:43:26
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 16:19] - [2009-07-13 18:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 16:19] - [2009-07-13 18:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

[MrCharlie]

Quote

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

You didn't run the tool properly > please try it again....MrC

[azn1993]

I apologized for misreading the instruction
and I have just did the scan from the recovery tool.

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 08-08-2012 14:16:24
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-06-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391960 2011-06-01] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2277480 2011-08-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-06] ()
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-02-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKU\Erica\...\Run: [Facebook Update] "C:\Users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Erica\...\Run: [Google Update] "C:\Users\Erica\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-26] (Google Inc.)
HKU\Erica\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
HKU\Erica\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
==================== Services (Whitelisted) ======
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
3 SonicStage Back-End Service; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe" [112184 2007-02-05] (Sony Corporation)
3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
========================== Drivers (Whitelisted) =============
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-08 12:42 - 2012-08-08 12:42 - 00000000 ____D C:\FRST
2012-08-08 12:28 - 2012-08-08 12:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt
2012-08-08 12:27 - 2012-08-08 12:28 - 00000000 ____D C:\Users\Erica\Desktop\RK_Quarantine
2012-08-08 12:02 - 2012-08-08 12:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar
2012-08-08 12:01 - 2012-08-08 12:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt
2012-08-08 12:01 - 2012-08-08 12:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt
2012-08-05 14:59 - 2012-08-05 14:59 - 00000000 ____D C:\Users\Erica\Desktop\textbook fall 2012
2012-08-03 16:35 - 2012-08-03 16:35 - 00002202 ____A C:\Windows\PFRO.log
2012-07-30 17:11 - 2012-07-30 17:11 - 00000981 ____A C:\Windows\WindowsUpdate.log
2012-07-30 17:07 - 2012-08-08 14:14 - 00000000 ___SD C:\32788R22FWJFW
2012-07-30 17:07 - 2012-07-30 17:08 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp
2012-07-30 16:54 - 2012-08-06 10:39 - 00000616 ____A C:\Windows\setupact.log
2012-07-30 16:54 - 2012-07-30 17:07 - 484876219 ____A C:\Windows\MEMORY.DMP
2012-07-30 16:54 - 2012-07-30 16:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp
2012-07-30 16:54 - 2012-07-30 16:54 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 16:36 - 2012-07-30 17:14 - 00000000 ____D C:\Windows\Minidump
2012-07-26 17:02 - 2012-07-26 17:03 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx
2012-07-25 22:16 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-21 19:45 - 2012-07-21 19:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv
2012-07-21 19:44 - 2012-07-21 19:45 - 00000000 ____D C:\Users\Erica\AppData\Local\{54948630-CFCE-4700-98F4-11609C1F679E}
2012-07-21 19:44 - 2012-07-21 19:44 - 00000000 ____D C:\Users\Erica\AppData\Local\{6695E5A6-25E0-413C-8EE3-17575F20945D}
2012-07-21 08:41 - 2012-07-27 17:43 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt
2012-07-13 14:15 - 2012-07-13 14:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg
2012-07-13 14:14 - 2012-07-14 16:27 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-13 14:14 - 2012-07-13 14:14 - 00000000 ____D C:\Program Files\CCleaner
2012-07-13 13:58 - 2012-07-22 20:14 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job
2012-07-13 13:58 - 2012-07-13 14:08 - 00000000 ____D C:\Users\All Users\RegAce
2012-07-13 13:57 - 2012-07-13 13:57 - 00000000 ____D C:\ComboFix
2012-07-13 13:54 - 2012-08-08 14:14 - 00000000 ____D C:\Windows\erdnt
2012-07-13 13:54 - 2012-07-13 13:56 - 00000000 ____D C:\Qoobox
2012-07-13 10:47 - 2012-07-13 10:47 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-12 18:20 - 2012-07-12 18:21 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-12 18:20 - 2012-05-11 10:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-07-12 18:19 - 2012-07-12 18:19 - 00000000 ____D C:\Users\Erica\AppData\Roaming\TestApp
2012-07-12 18:19 - 2012-07-12 18:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-12 18:16 - 2012-07-12 18:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat
2012-07-12 17:36 - 2012-07-12 18:42 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-10 21:44 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 21:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 21:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 21:40 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 21:40 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 21:40 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 21:40 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 21:40 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 21:40 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 21:40 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 21:40 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 21:40 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 21:40 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 21:40 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 21:40 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 21:40 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 21:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 21:40 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 21:40 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 21:40 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 21:40 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 21:40 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 21:40 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 21:40 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 21:40 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 21:40 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 21:40 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 21:40 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 21:40 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 18:22 - 2012-07-10 18:24 - 00000000 ____D C:\Users\Erica\AppData\Roaming\GetRightToGo
2012-07-10 17:38 - 2012-07-10 17:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk
2012-07-10 17:31 - 2012-07-10 17:31 - 00000000 ____A C:\Windows\LiveUpdate.INI
2012-07-10 16:49 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:49 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 16:49 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:49 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:49 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 16:49 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 16:49 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 16:49 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 16:48 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 16:48 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 16:48 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:48 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:48 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 16:48 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 16:48 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 16:48 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 16:48 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:38 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 16:38 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

============ 3 Months Modified Files ========================
2012-08-08 12:28 - 2012-08-08 12:28 - 00003409 ____A C:\Users\Erica\Desktop\RKreport[1].txt
2012-08-08 12:02 - 2012-08-08 12:02 - 00001946 ____A C:\Users\Erica\Desktop\Attach.rar
2012-08-08 12:01 - 2012-08-08 12:01 - 00014692 ____A C:\Users\Erica\Desktop\DDS.txt
2012-08-08 12:01 - 2012-08-08 12:01 - 00006817 ____A C:\Users\Erica\Desktop\Attach.txt
2012-08-06 10:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-06 10:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-06 10:40 - 2012-06-03 11:56 - 00000380 ____A C:\Users\Erica\AppData\Roaming\sp_data.sys
2012-08-06 10:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 10:39 - 2012-07-30 16:54 - 00000616 ____A C:\Windows\setupact.log
2012-08-05 22:38 - 2012-04-13 07:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-05 22:35 - 2012-03-09 23:25 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job
2012-08-05 22:32 - 2012-03-26 15:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job
2012-08-03 23:32 - 2012-03-26 15:21 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job
2012-08-03 16:39 - 2012-04-13 07:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 16:39 - 2012-03-05 13:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 16:35 - 2012-08-03 16:35 - 00002202 ____A C:\Windows\PFRO.log
2012-07-30 17:11 - 2012-07-30 17:11 - 00000981 ____A C:\Windows\WindowsUpdate.log
2012-07-30 17:08 - 2012-07-30 17:07 - 00262144 ____A C:\Windows\Minidump\073012-18564-01.dmp
2012-07-30 17:07 - 2012-07-30 16:54 - 484876219 ____A C:\Windows\MEMORY.DMP
2012-07-30 16:54 - 2012-07-30 16:54 - 00272008 ____A C:\Windows\Minidump\073012-19390-01.dmp
2012-07-30 16:54 - 2012-07-30 16:54 - 00000000 ____A C:\Windows\setuperr.log
2012-07-29 21:47 - 2009-07-13 21:13 - 00745942 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 19:35 - 2012-03-09 23:25 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job
2012-07-27 17:43 - 2012-07-21 08:41 - 00000192 ____A C:\Users\Erica\Desktop\confidence interval.txt
2012-07-26 17:03 - 2012-07-26 17:02 - 00253068 ____A C:\Users\Erica\Desktop\ACCT212 Course Project 1 Template Parts A and B 05202012.xlsx
2012-07-22 20:14 - 2012-07-13 13:58 - 00000396 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Erica.job
2012-07-21 19:45 - 2012-07-21 19:45 - 04818574 ____A C:\Users\Erica\Desktop\1.wmv
2012-07-14 16:27 - 2012-07-13 14:14 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-14 09:00 - 2011-10-06 15:59 - 00001976 ____A C:\Windows\System32\AutoRunFilter.ini
2012-07-14 09:00 - 2011-10-06 15:59 - 00001396 ____A C:\Windows\System32\ServiceFilter.ini
2012-07-13 14:15 - 2012-07-13 14:15 - 00081938 ____A C:\Users\Erica\Documents\cc_20120713_151542.reg
2012-07-12 18:21 - 2012-07-12 18:20 - 01864267 ____A C:\Windows\System32\Drivers\Cat.DB
2012-07-12 18:16 - 2012-07-12 18:16 - 00033758 ____A C:\Users\Erica\AppData\Local\dt.dat
2012-07-11 16:56 - 2009-07-13 20:45 - 00413312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 21:44 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-10 21:41 - 2012-02-29 17:50 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 17:38 - 2012-07-10 17:38 - 00001073 ____A C:\Users\Public\Desktop\????.lnk
2012-07-10 17:31 - 2012-07-10 17:31 - 00000000 ____A C:\Windows\LiveUpdate.INI
2012-07-07 16:09 - 2012-07-07 16:09 - 00000312 ____A C:\rkill.log
2012-06-17 19:16 - 2012-05-24 14:12 - 00005632 ____A C:\Users\Erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-12 08:09 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:08 - 2012-07-10 21:44 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 16:49 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 16:49 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 17:45 - 2012-06-06 17:45 - 00759334 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-05 22:06 - 2012-07-10 16:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 16:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 16:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 16:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 16:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 16:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 14:26 - 2012-06-05 14:26 - 00001510 ____A C:\Users\Erica\Desktop\Warcraft III.lnk
2012-06-05 14:26 - 2012-06-05 14:24 - 00015153 ____A C:\Windows\War3Unin.dat
2012-06-05 14:24 - 2012-06-05 14:24 - 00126976 ____A (Blizzard Entertainment) C:\Windows\War3Unin.exe
2012-06-05 14:24 - 2012-06-05 14:24 - 00002829 ____A C:\Windows\War3Unin.pif
2012-06-03 11:59 - 2011-10-06 15:59 - 00000080 ____A C:\Windows\System32\Defrag.ini
2012-06-03 11:58 - 2011-10-06 15:46 - 00000184 ____A C:\setup.log
2012-06-03 11:52 - 2012-02-19 20:57 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-06-03 07:45 - 2011-10-06 15:51 - 00002490 ____A C:\RHDSetup.log
2012-06-02 14:19 - 2012-06-21 16:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 16:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 16:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 16:03 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 16:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 21:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 21:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 21:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 21:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 21:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 21:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 21:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 21:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 21:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 21:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 21:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 21:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 21:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 21:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 21:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 21:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 21:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 21:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 21:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 21:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 21:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 21:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 21:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 21:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 21:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 21:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 21:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 21:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 16:48 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 16:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 16:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 16:48 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 16:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 16:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 16:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 16:48 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 16:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-11 10:14 - 2012-07-12 18:20 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys

ZeroAccess:
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\1afb2d56
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\201d3dde
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@
ZeroAccess:
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4000.13 MB
Available physical RAM: 3427.27 MB
Total Pagefile: 3998.28 MB
Available Pagefile: 3416.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:134.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.35 GB) NTFS
3 Drive e: (Warcraft III) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
4 Drive f: (ERICA) (Removable) (Total:7.47 GB) (Free:0.43 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 7663 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 0 Extended 254 GB 211 GB
Partition 3 Logical 254 GB 211 GB
==================================================================================
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 186 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 254 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F ERICA FAT32 Removable 7655 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-08-07 08:58
======================= End Of Log ==========================









Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-08 14:18:00
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

MBR infection also!!!!

[azn1993]

okay I have followed the instruction and heres the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-08 14:35:04 Run:1
Running from F:\
==============================================
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54} moved successfully.
C:\Users\Erica\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====




thanks.

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[azn1993]

Okay, that's what I got.

14:52:56.0349 3724 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:52:58.0352 3724 ============================================================
14:52:58.0352 3724 Current date / time: 2012/08/08 14:52:58.0352
14:52:58.0352 3724 SystemInfo:
14:52:58.0352 3724
14:52:58.0352 3724 OS Version: 6.1.7601 ServicePack: 1.0
14:52:58.0352 3724 Product type: Workstation
14:52:58.0352 3724 ComputerName: ERICA-PC
14:52:58.0352 3724 UserName: Erica
14:52:58.0352 3724 Windows directory: C:\Windows
14:52:58.0352 3724 System windows directory: C:\Windows
14:52:58.0352 3724 Running under WOW64
14:52:58.0352 3724 Processor architecture: Intel x64
14:52:58.0352 3724 Number of processors: 4
14:52:58.0352 3724 Page size: 0x1000
14:52:58.0352 3724 Boot type: Normal boot
14:52:58.0352 3724 ============================================================
14:52:58.0789 3724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:58.0794 3724 Drive \Device\Harddisk1\DR1 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:52:58.0795 3724 ============================================================
14:52:58.0795 3724 \Device\Harddisk0\DR0:
14:52:58.0796 3724 MBR partitions:
14:52:58.0796 3724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
14:52:58.0816 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
14:52:58.0816 3724 \Device\Harddisk1\DR1:
14:52:58.0816 3724 MBR partitions:
14:52:58.0816 3724 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
14:52:58.0816 3724 ============================================================
14:52:58.0864 3724 C: <-> \Device\Harddisk0\DR0\Partition0
14:52:58.0899 3724 D: <-> \Device\Harddisk0\DR0\Partition1
14:52:58.0899 3724 ============================================================
14:52:58.0899 3724 Initialize success
14:52:58.0899 3724 ============================================================
14:53:00.0285 4544 ============================================================
14:53:00.0285 4544 Scan started
14:53:00.0285 4544 Mode: Manual;
14:53:00.0285 4544 ============================================================
14:53:01.0055 4544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:53:01.0072 4544 1394ohci - ok
14:53:01.0120 4544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:53:01.0125 4544 ACPI - ok
14:53:01.0158 4544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:53:01.0159 4544 AcpiPmi - ok
14:53:01.0352 4544 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:53:01.0367 4544 AdobeFlashPlayerUpdateSvc - ok
14:53:01.0468 4544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:53:01.0490 4544 adp94xx - ok
14:53:01.0543 4544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:53:01.0547 4544 adpahci - ok
14:53:01.0576 4544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:53:01.0581 4544 adpu320 - ok
14:53:01.0620 4544 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:53:01.0621 4544 AeLookupSvc - ok
14:53:01.0754 4544 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
14:53:01.0761 4544 AFBAgent - ok
14:53:01.0888 4544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:53:01.0913 4544 AFD - ok
14:53:01.0952 4544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:53:01.0954 4544 agp440 - ok
14:53:01.0977 4544 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:53:01.0979 4544 ALG - ok
14:53:02.0001 4544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:53:02.0002 4544 aliide - ok
14:53:02.0009 4544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:53:02.0010 4544 amdide - ok
14:53:02.0033 4544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:53:02.0034 4544 AmdK8 - ok
14:53:02.0043 4544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:53:02.0044 4544 AmdPPM - ok
14:53:02.0116 4544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:53:02.0118 4544 amdsata - ok
14:53:02.0199 4544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:53:02.0214 4544 amdsbs - ok
14:53:02.0234 4544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:53:02.0235 4544 amdxata - ok
14:53:02.0375 4544 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:53:02.0411 4544 Amsp - ok
14:53:02.0452 4544 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:53:02.0453 4544 androidusb - ok
14:53:02.0498 4544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:53:02.0499 4544 AppID - ok
14:53:02.0528 4544 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:53:02.0529 4544 AppIDSvc - ok
14:53:02.0571 4544 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:53:02.0573 4544 Appinfo - ok
14:53:02.0677 4544 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:53:02.0679 4544 Apple Mobile Device - ok
14:53:02.0758 4544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:53:02.0759 4544 arc - ok
14:53:02.0772 4544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:53:02.0775 4544 arcsas - ok
14:53:02.0856 4544 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:53:02.0857 4544 ASLDRService - ok
14:53:02.0897 4544 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:53:02.0897 4544 ASMMAP64 - ok
14:53:02.0945 4544 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys
14:53:02.0947 4544 asmthub3 - ok
14:53:03.0047 4544 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:53:03.0049 4544 asmtxhci - ok
14:53:03.0106 4544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:53:03.0107 4544 AsyncMac - ok
14:53:03.0148 4544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:53:03.0149 4544 atapi - ok
14:53:03.0411 4544 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
14:53:03.0463 4544 athr - ok
14:53:03.0575 4544 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:53:03.0576 4544 ATKGFNEXSrv - ok
14:53:03.0641 4544 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
14:53:03.0641 4544 ATKWMIACPIIO_ - ok
14:53:03.0814 4544 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:53:03.0823 4544 AudioEndpointBuilder - ok
14:53:03.0830 4544 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:53:03.0834 4544 AudioSrv - ok
14:53:03.0862 4544 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:53:03.0864 4544 AxInstSV - ok
14:53:03.0946 4544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:53:03.0958 4544 b06bdrv - ok
14:53:04.0013 4544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:53:04.0028 4544 b57nd60a - ok
14:53:04.0126 4544 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:53:04.0133 4544 BBSvc - ok
14:53:04.0189 4544 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:53:04.0191 4544 BDESVC - ok
14:53:04.0238 4544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:53:04.0240 4544 Beep - ok
14:53:04.0280 4544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:53:04.0281 4544 blbdrive - ok
14:53:04.0413 4544 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:53:04.0480 4544 Bonjour Service - ok
14:53:04.0527 4544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:53:04.0529 4544 bowser - ok
14:53:04.0544 4544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:53:04.0545 4544 BrFiltLo - ok
14:53:04.0549 4544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:53:04.0550 4544 BrFiltUp - ok
14:53:04.0584 4544 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:53:04.0585 4544 BridgeMP - ok
14:53:04.0618 4544 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:53:04.0620 4544 Browser - ok
14:53:04.0644 4544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:53:04.0648 4544 Brserid - ok
14:53:04.0665 4544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:53:04.0708 4544 BrSerWdm - ok
14:53:04.0712 4544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:53:04.0713 4544 BrUsbMdm - ok
14:53:04.0719 4544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:53:04.0720 4544 BrUsbSer - ok
14:53:04.0764 4544 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:53:04.0765 4544 BthEnum - ok
14:53:04.0773 4544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:53:04.0774 4544 BTHMODEM - ok
14:53:04.0786 4544 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:53:04.0788 4544 BthPan - ok
14:53:04.0842 4544 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:53:04.0852 4544 BTHPORT - ok
14:53:04.0875 4544 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:53:04.0876 4544 bthserv - ok
14:53:04.0910 4544 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:53:04.0911 4544 BTHUSB - ok
14:53:04.0936 4544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:53:04.0949 4544 cdfs - ok
14:53:04.0992 4544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:53:05.0002 4544 cdrom - ok
14:53:05.0041 4544 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:53:05.0042 4544 CertPropSvc - ok
14:53:05.0079 4544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:53:05.0081 4544 circlass - ok
14:53:05.0127 4544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:53:05.0131 4544 CLFS - ok
14:53:05.0254 4544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:53:05.0284 4544 clr_optimization_v2.0.50727_32 - ok
14:53:05.0373 4544 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:53:05.0377 4544 clr_optimization_v2.0.50727_64 - ok
14:53:05.0464 4544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:53:05.0492 4544 clr_optimization_v4.0.30319_32 - ok
14:53:05.0556 4544 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:53:05.0559 4544 clr_optimization_v4.0.30319_64 - ok
14:53:05.0616 4544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:53:05.0617 4544 CmBatt - ok
14:53:05.0636 4544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:53:05.0637 4544 cmdide - ok
14:53:05.0703 4544 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:53:05.0709 4544 CNG - ok
14:53:05.0726 4544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:53:05.0727 4544 Compbatt - ok
14:53:05.0756 4544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:53:05.0757 4544 CompositeBus - ok
14:53:05.0769 4544 COMSysApp - ok
14:53:05.0783 4544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:53:05.0785 4544 crcdisk - ok
14:53:05.0825 4544 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:53:05.0833 4544 CryptSvc - ok
14:53:05.0908 4544 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:53:05.0914 4544 DcomLaunch - ok
14:53:05.0966 4544 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:53:05.0973 4544 defragsvc - ok
14:53:05.0995 4544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:53:05.0997 4544 DfsC - ok
14:53:06.0047 4544 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:53:06.0057 4544 Dhcp - ok
14:53:06.0080 4544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:53:06.0082 4544 discache - ok
14:53:06.0119 4544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:53:06.0120 4544 Disk - ok
14:53:06.0175 4544 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:53:06.0182 4544 Dnscache - ok
14:53:06.0216 4544 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:53:06.0228 4544 dot3svc - ok
14:53:06.0282 4544 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:53:06.0292 4544 DPS - ok
14:53:06.0310 4544 Scan interrupted by user!
14:53:06.0310 4544 Scan interrupted by user!
14:53:06.0310 4544 Scan interrupted by user!
14:53:06.0310 4544 ============================================================
14:53:06.0310 4544 Scan finished
14:53:06.0310 4544 ============================================================
14:53:06.0318 4148 Detected object count: 0
14:53:06.0318 4148 Actual detected object count: 0
14:53:22.0865 4884 ============================================================
14:53:22.0865 4884 Scan started
14:53:22.0865 4884 Mode: Manual; SigCheck; TDLFS;
14:53:22.0865 4884 ============================================================
14:53:23.0508 4884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:53:23.0592 4884 1394ohci - ok
14:53:23.0643 4884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:53:23.0662 4884 ACPI - ok
14:53:23.0665 4884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:53:23.0748 4884 AcpiPmi - ok
14:53:23.0909 4884 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:53:23.0922 4884 AdobeFlashPlayerUpdateSvc - ok
14:53:24.0034 4884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:53:24.0050 4884 adp94xx - ok
14:53:24.0091 4884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:53:24.0105 4884 adpahci - ok
14:53:24.0128 4884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:53:24.0139 4884 adpu320 - ok
14:53:24.0186 4884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:53:24.0327 4884 AeLookupSvc - ok
14:53:24.0402 4884 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
14:53:24.0420 4884 AFBAgent - ok
14:53:24.0496 4884 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:53:24.0562 4884 AFD - ok
14:53:24.0595 4884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:53:24.0605 4884 agp440 - ok
14:53:24.0632 4884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:53:24.0697 4884 ALG - ok
14:53:24.0700 4884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:53:24.0710 4884 aliide - ok
14:53:24.0717 4884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:53:24.0728 4884 amdide - ok
14:53:24.0740 4884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:53:24.0797 4884 AmdK8 - ok
14:53:24.0804 4884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:53:24.0857 4884 AmdPPM - ok
14:53:24.0893 4884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:53:24.0905 4884 amdsata - ok
14:53:24.0929 4884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:53:24.0941 4884 amdsbs - ok
14:53:24.0967 4884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:53:24.0976 4884 amdxata - ok
14:53:25.0065 4884 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:53:25.0076 4884 Amsp - ok
14:53:25.0107 4884 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
14:53:25.0147 4884 androidusb - ok
14:53:25.0154 4884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:53:25.0374 4884 AppID - ok
14:53:25.0438 4884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:53:25.0499 4884 AppIDSvc - ok
14:53:25.0549 4884 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:53:25.0597 4884 Appinfo - ok
14:53:25.0687 4884 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:53:25.0696 4884 Apple Mobile Device - ok
14:53:25.0734 4884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:53:25.0744 4884 arc - ok
14:53:25.0754 4884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:53:25.0764 4884 arcsas - ok
14:53:25.0832 4884 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:53:25.0843 4884 ASLDRService - ok
14:53:25.0885 4884 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:53:25.0896 4884 ASMMAP64 - ok
14:53:25.0936 4884 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys
14:53:25.0985 4884 asmthub3 - ok
14:53:26.0044 4884 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:53:26.0091 4884 asmtxhci - ok
14:53:26.0129 4884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:53:26.0192 4884 AsyncMac - ok
14:53:26.0215 4884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:53:26.0224 4884 atapi - ok
14:53:26.0421 4884 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
14:53:26.0503 4884 athr - ok
14:53:26.0609 4884 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:53:26.0621 4884 ATKGFNEXSrv - ok
14:53:26.0641 4884 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
14:53:26.0648 4884 ATKWMIACPIIO_ - ok
14:53:26.0804 4884 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:53:26.0862 4884 AudioEndpointBuilder - ok
14:53:26.0875 4884 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:53:26.0919 4884 AudioSrv - ok
14:53:26.0949 4884 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:53:27.0031 4884 AxInstSV - ok
14:53:27.0108 4884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:53:27.0151 4884 b06bdrv - ok
14:53:27.0188 4884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:53:27.0222 4884 b57nd60a - ok
14:53:27.0324 4884 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:53:27.0336 4884 BBSvc - ok
14:53:27.0379 4884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:53:27.0422 4884 BDESVC - ok
14:53:27.0437 4884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:53:27.0502 4884 Beep - ok
14:53:27.0536 4884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:53:27.0571 4884 blbdrive - ok
14:53:27.0687 4884 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:53:27.0702 4884 Bonjour Service - ok
14:53:27.0738 4884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:53:27.0776 4884 bowser - ok
14:53:27.0788 4884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:53:27.0837 4884 BrFiltLo - ok
14:53:27.0840 4884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:53:27.0858 4884 BrFiltUp - ok
14:53:27.0870 4884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:53:27.0922 4884 BridgeMP - ok
14:53:27.0974 4884 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:53:28.0035 4884 Browser - ok
14:53:28.0073 4884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:53:28.0117 4884 Brserid - ok
14:53:28.0124 4884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:53:28.0158 4884 BrSerWdm - ok
14:53:28.0161 4884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:53:28.0181 4884 BrUsbMdm - ok
14:53:28.0185 4884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:53:28.0203 4884 BrUsbSer - ok
14:53:28.0240 4884 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:53:28.0268 4884 BthEnum - ok
14:53:28.0280 4884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:53:28.0324 4884 BTHMODEM - ok
14:53:28.0340 4884 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:53:28.0366 4884 BthPan - ok
14:53:28.0415 4884 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:53:28.0463 4884 BTHPORT - ok
14:53:28.0505 4884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:53:28.0557 4884 bthserv - ok
14:53:28.0583 4884 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:53:28.0625 4884 BTHUSB - ok
14:53:28.0670 4884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:53:28.0721 4884 cdfs - ok
14:53:28.0747 4884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:53:28.0772 4884 cdrom - ok
14:53:28.0802 4884 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:53:28.0860 4884 CertPropSvc - ok
14:53:28.0880 4884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:53:28.0904 4884 circlass - ok
14:53:28.0980 4884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:53:28.0994 4884 CLFS - ok
14:53:29.0087 4884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:53:29.0098 4884 clr_optimization_v2.0.50727_32 - ok
14:53:29.0150 4884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:53:29.0159 4884 clr_optimization_v2.0.50727_64 - ok
14:53:29.0218 4884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:53:29.0227 4884 clr_optimization_v4.0.30319_32 - ok
14:53:29.0305 4884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:53:29.0321 4884 clr_optimization_v4.0.30319_64 - ok
14:53:29.0341 4884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:53:29.0366 4884 CmBatt - ok
14:53:29.0391 4884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:53:29.0400 4884 cmdide - ok
14:53:29.0471 4884 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:53:29.0510 4884 CNG - ok
14:53:29.0523 4884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:53:29.0533 4884 Compbatt - ok
14:53:29.0544 4884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:53:29.0578 4884 CompositeBus - ok
14:53:29.0581 4884 COMSysApp - ok
14:53:29.0588 4884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:53:29.0598 4884 crcdisk - ok
14:53:29.0645 4884 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:53:29.0691 4884 CryptSvc - ok
14:53:29.0755 4884 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:53:29.0808 4884 DcomLaunch - ok
14:53:29.0861 4884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:53:29.0916 4884 defragsvc - ok
14:53:29.0949 4884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:53:30.0001 4884 DfsC - ok
14:53:30.0046 4884 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:53:30.0109 4884 Dhcp - ok
14:53:30.0148 4884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:53:30.0200 4884 discache - ok
14:53:30.0228 4884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:53:30.0238 4884 Disk - ok
14:53:30.0275 4884 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:53:30.0325 4884 Dnscache - ok
14:53:30.0369 4884 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:53:30.0413 4884 dot3svc - ok
14:53:30.0448 4884 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:53:30.0506 4884 DPS - ok
14:53:30.0532 4884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:53:30.0568 4884 drmkaud - ok
14:53:30.0646 4884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:53:30.0670 4884 DXGKrnl - ok
14:53:30.0705 4884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:53:30.0756 4884 EapHost - ok
14:53:30.0943 4884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:53:31.0031 4884 ebdrv - ok
14:53:31.0177 4884 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:53:31.0234 4884 EFS - ok
14:53:31.0361 4884 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:53:31.0463 4884 ehRecvr - ok
14:53:31.0495 4884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:53:31.0548 4884 ehSched - ok
14:53:31.0649 4884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:53:31.0674 4884 elxstor - ok
14:53:31.0677 4884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:53:31.0703 4884 ErrDev - ok
14:53:31.0757 4884 ETD (4c120d2b2ea269eae7a5744794eb6db1) C:\Windows\system32\DRIVERS\ETD.sys
14:53:31.0767 4884 ETD - ok
14:53:31.0826 4884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:53:31.0896 4884 EventSystem - ok
14:53:31.0925 4884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:53:31.0976 4884 exfat - ok
14:53:32.0013 4884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:53:32.0081 4884 fastfat - ok
14:53:32.0156 4884 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:53:32.0213 4884 Fax - ok
14:53:32.0220 4884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:53:32.0249 4884 fdc - ok
14:53:32.0278 4884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:53:32.0340 4884 fdPHost - ok
14:53:32.0373 4884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:53:32.0420 4884 FDResPub - ok
14:53:32.0456 4884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:53:32.0466 4884 FileInfo - ok
14:53:32.0487 4884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:53:32.0574 4884 Filetrace - ok
14:53:32.0587 4884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:53:32.0608 4884 flpydisk - ok
14:53:32.0646 4884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:53:32.0665 4884 FltMgr - ok
14:53:32.0750 4884 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:53:32.0829 4884 FontCache - ok
14:53:32.0901 4884 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:53:32.0909 4884 FontCache3.0.0.0 - ok
14:53:32.0973 4884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:53:32.0983 4884 FsDepends - ok
14:53:33.0023 4884 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
14:53:33.0031 4884 fssfltr - ok
14:53:33.0261 4884 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:53:33.0319 4884 fsssvc - ok
14:53:33.0470 4884 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:53:33.0481 4884 Fs_Rec - ok
14:53:33.0549 4884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:53:33.0564 4884 fvevol - ok
14:53:33.0599 4884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:53:33.0609 4884 gagp30kx - ok
14:53:33.0658 4884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:53:33.0665 4884 GEARAspiWDM - ok
14:53:33.0741 4884 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:53:33.0796 4884 gpsvc - ok
14:53:33.0912 4884 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:53:33.0927 4884 gusvc - ok
14:53:33.0958 4884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:53:33.0992 4884 hcw85cir - ok
14:53:34.0051 4884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:53:34.0089 4884 HdAudAddService - ok
14:53:34.0133 4884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:53:34.0169 4884 HDAudBus - ok
14:53:34.0175 4884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:53:34.0227 4884 HidBatt - ok
14:53:34.0237 4884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:53:34.0301 4884 HidBth - ok
14:53:34.0307 4884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:53:34.0321 4884 HidIr - ok
14:53:34.0354 4884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:53:34.0399 4884 hidserv - ok
14:53:34.0432 4884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:53:34.0460 4884 HidUsb - ok
14:53:34.0499 4884 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:53:34.0552 4884 hkmsvc - ok
14:53:34.0593 4884 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:53:34.0645 4884 HomeGroupListener - ok
14:53:34.0685 4884 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:53:34.0734 4884 HomeGroupProvider - ok
14:53:34.0757 4884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:53:34.0768 4884 HpSAMD - ok
14:53:34.0838 4884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:53:34.0903 4884 HTTP - ok
14:53:34.0921 4884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:53:34.0931 4884 hwpolicy - ok
14:53:34.0967 4884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:53:34.0981 4884 i8042prt - ok
14:53:35.0089 4884 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
14:53:35.0107 4884 iaStor - ok
14:53:35.0173 4884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:53:35.0193 4884 iaStorV - ok
14:53:35.0315 4884 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:53:35.0347 4884 idsvc - ok
14:53:36.0047 4884 igfx (e15a809273ea164a7479d2fa64d18988) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:53:36.0372 4884 igfx - ok
14:53:36.0508 4884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:53:36.0518 4884 iirsp - ok
14:53:36.0610 4884 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:53:36.0677 4884 IKEEXT - ok
14:53:36.0882 4884 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
14:53:36.0937 4884 IntcAzAudAddService - ok
14:53:37.0149 4884 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:53:37.0189 4884 IntcDAud - ok
14:53:37.0218 4884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:53:37.0227 4884 intelide - ok
14:53:37.0261 4884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:53:37.0288 4884 intelppm - ok
14:53:37.0335 4884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:53:37.0385 4884 IPBusEnum - ok
14:53:37.0397 4884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:53:37.0445 4884 IpFilterDriver - ok
14:53:37.0456 4884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:53:37.0473 4884 IPMIDRV - ok
14:53:37.0523 4884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:53:37.0574 4884 IPNAT - ok
14:53:37.0726 4884 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:53:37.0751 4884 iPod Service - ok
14:53:37.0774 4884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:53:37.0790 4884 IRENUM - ok
14:53:37.0794 4884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:53:37.0804 4884 isapnp - ok
14:53:37.0838 4884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:53:37.0864 4884 iScsiPrt - ok
14:53:37.0882 4884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:53:37.0894 4884 kbdclass - ok
14:53:37.0910 4884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:53:37.0936 4884 kbdhid - ok
14:53:37.0984 4884 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:53:37.0991 4884 kbfiltr - ok
14:53:38.0010 4884 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:38.0021 4884 KeyIso - ok
14:53:38.0049 4884 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:53:38.0059 4884 KSecDD - ok
14:53:38.0098 4884 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:53:38.0111 4884 KSecPkg - ok
14:53:38.0137 4884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:53:38.0175 4884 ksthunk - ok
14:53:38.0242 4884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:53:38.0318 4884 KtmRm - ok
14:53:38.0354 4884 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:53:38.0374 4884 L1C - ok
14:53:38.0443 4884 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:53:38.0491 4884 LanmanServer - ok
14:53:38.0528 4884 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:53:38.0577 4884 LanmanWorkstation - ok
14:53:38.0643 4884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:53:38.0721 4884 lltdio - ok
14:53:38.0782 4884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:53:38.0844 4884 lltdsvc - ok
14:53:38.0858 4884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:53:38.0902 4884 lmhosts - ok
14:53:39.0043 4884 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:53:39.0068 4884 LMS - ok
14:53:39.0130 4884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:53:39.0143 4884 LSI_FC - ok
14:53:39.0156 4884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:53:39.0168 4884 LSI_SAS - ok
14:53:39.0180 4884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:53:39.0191 4884 LSI_SAS2 - ok
14:53:39.0207 4884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:53:39.0219 4884 LSI_SCSI - ok
14:53:39.0256 4884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:53:39.0304 4884 luafv - ok
14:53:39.0360 4884 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:53:39.0389 4884 Mcx2Svc - ok
14:53:39.0397 4884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:53:39.0408 4884 megasas - ok
14:53:39.0448 4884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:53:39.0462 4884 MegaSR - ok
14:53:39.0501 4884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:53:39.0508 4884 MEIx64 - ok
14:53:39.0624 4884 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:53:39.0633 4884 Microsoft Office Groove Audit Service - ok
14:53:39.0664 4884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:53:39.0717 4884 MMCSS - ok
14:53:39.0750 4884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:53:39.0816 4884 Modem - ok
14:53:39.0839 4884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:53:39.0867 4884 monitor - ok
14:53:39.0898 4884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:53:39.0909 4884 mouclass - ok
14:53:39.0938 4884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:53:39.0967 4884 mouhid - ok
14:53:39.0993 4884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:53:40.0004 4884 mountmgr - ok
14:53:40.0017 4884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:53:40.0030 4884 mpio - ok
14:53:40.0044 4884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:53:40.0080 4884 mpsdrv - ok
14:53:40.0109 4884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:53:40.0162 4884 MRxDAV - ok
14:53:40.0206 4884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:53:40.0245 4884 mrxsmb - ok
14:53:40.0285 4884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:53:40.0325 4884 mrxsmb10 - ok
14:53:40.0368 4884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:53:40.0414 4884 mrxsmb20 - ok
14:53:40.0448 4884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:53:40.0458 4884 msahci - ok
14:53:40.0482 4884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:53:40.0501 4884 msdsm - ok
14:53:40.0540 4884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:53:40.0581 4884 MSDTC - ok
14:53:40.0602 4884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:53:40.0658 4884 Msfs - ok
14:53:40.0677 4884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:53:40.0723 4884 mshidkmdf - ok
14:53:40.0745 4884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:53:40.0755 4884 msisadrv - ok
14:53:40.0806 4884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:53:40.0872 4884 MSiSCSI - ok
14:53:40.0877 4884 msiserver - ok
14:53:40.0910 4884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:53:40.0962 4884 MSKSSRV - ok
14:53:41.0000 4884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:53:41.0045 4884 MSPCLOCK - ok
14:53:41.0050 4884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:53:41.0102 4884 MSPQM - ok
14:53:41.0183 4884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:53:41.0202 4884 MsRPC - ok
14:53:41.0224 4884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:53:41.0233 4884 mssmbios - ok
14:53:41.0246 4884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:53:41.0293 4884 MSTEE - ok
14:53:41.0309 4884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:53:41.0330 4884 MTConfig - ok
14:53:41.0353 4884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:53:41.0370 4884 Mup - ok
14:53:41.0428 4884 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:53:41.0495 4884 napagent - ok
14:53:41.0548 4884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:53:41.0589 4884 NativeWifiP - ok
14:53:41.0681 4884 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:53:41.0715 4884 NDIS - ok
14:53:41.0742 4884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:53:41.0801 4884 NdisCap - ok
14:53:41.0827 4884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:53:41.0872 4884 NdisTapi - ok
14:53:41.0907 4884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:53:41.0972 4884 Ndisuio - ok
14:53:42.0005 4884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:53:42.0072 4884 NdisWan - ok
14:53:42.0096 4884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:53:42.0150 4884 NDProxy - ok
14:53:42.0166 4884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:53:42.0224 4884 NetBIOS - ok
14:53:42.0256 4884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:53:42.0320 4884 NetBT - ok
14:53:42.0343 4884 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:42.0357 4884 Netlogon - ok
14:53:42.0407 4884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:53:42.0474 4884 Netman - ok
14:53:42.0526 4884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:53:42.0612 4884 netprofm - ok
14:53:42.0698 4884 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:53:42.0732 4884 NetTcpPortSharing - ok
14:53:42.0766 4884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:53:42.0777 4884 nfrd960 - ok
14:53:42.0821 4884 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:53:42.0887 4884 NlaSvc - ok
14:53:42.0905 4884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:53:42.0939 4884 Npfs - ok
14:53:42.0973 4884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:53:43.0030 4884 nsi - ok
14:53:43.0057 4884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:53:43.0108 4884 nsiproxy - ok
14:53:43.0265 4884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:53:43.0322 4884 Ntfs - ok
14:53:43.0448 4884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:53:43.0500 4884 Null - ok
14:53:43.0531 4884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:53:43.0545 4884 nvraid - ok
14:53:43.0587 4884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:53:43.0612 4884 nvstor - ok
14:53:43.0651 4884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:53:43.0666 4884 nv_agp - ok
14:53:43.0812 4884 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:53:43.0852 4884 odserv - ok
14:53:43.0861 4884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:53:43.0892 4884 ohci1394 - ok
14:53:43.0932 4884 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:53:43.0943 4884 ose - ok
14:53:43.0996 4884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:53:44.0037 4884 p2pimsvc - ok
14:53:44.0086 4884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:53:44.0127 4884 p2psvc - ok
14:53:44.0172 4884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:53:44.0200 4884 Parport - ok
14:53:44.0226 4884 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:53:44.0236 4884 partmgr - ok
14:53:44.0296 4884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:53:44.0336 4884 PcaSvc - ok
14:53:44.0373 4884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:53:44.0389 4884 pci - ok
14:53:44.0399 4884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:53:44.0408 4884 pciide - ok
14:53:44.0424 4884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:53:44.0437 4884 pcmcia - ok
14:53:44.0452 4884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:53:44.0462 4884 pcw - ok
14:53:44.0502 4884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:53:44.0561 4884 PEAUTH - ok
14:53:44.0655 4884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:53:44.0680 4884 PerfHost - ok
14:53:44.0850 4884 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:53:44.0948 4884 pla - ok
14:53:45.0051 4884 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:53:45.0137 4884 PlugPlay - ok
14:53:45.0243 4884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:53:45.0300 4884 PNRPAutoReg - ok
14:53:45.0347 4884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:53:45.0362 4884 PNRPsvc - ok
14:53:45.0436 4884 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:53:45.0522 4884 PolicyAgent - ok
14:53:45.0565 4884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:53:45.0610 4884 Power - ok
14:53:45.0695 4884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:53:45.0740 4884 PptpMiniport - ok
14:53:45.0762 4884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:53:45.0793 4884 Processor - ok
14:53:45.0845 4884 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:53:45.0907 4884 ProfSvc - ok
14:53:45.0931 4884 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:45.0943 4884 ProtectedStorage - ok
14:53:45.0975 4884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:53:46.0025 4884 Psched - ok
14:53:46.0064 4884 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers\PxHlpa64.sys
14:53:46.0074 4884 PxHlpa64 - ok
14:53:46.0204 4884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:53:46.0266 4884 ql2300 - ok
14:53:46.0400 4884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:53:46.0424 4884 ql40xx - ok
14:53:46.0471 4884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:53:46.0504 4884 QWAVE - ok
14:53:46.0520 4884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:53:46.0550 4884 QWAVEdrv - ok
14:53:46.0553 4884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:53:46.0615 4884 RasAcd - ok
14:53:46.0661 4884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:53:46.0705 4884 RasAgileVpn - ok
14:53:46.0732 4884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:53:46.0785 4884 RasAuto - ok
14:53:46.0823 4884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:53:46.0895 4884 Rasl2tp - ok
14:53:46.0940 4884 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:53:46.0983 4884 RasMan - ok
14:53:46.0998 4884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:53:47.0035 4884 RasPppoe - ok
14:53:47.0067 4884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:53:47.0116 4884 RasSstp - ok
14:53:47.0151 4884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:53:47.0212 4884 rdbss - ok
14:53:47.0232 4884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:53:47.0246 4884 rdpbus - ok
14:53:47.0259 4884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:53:47.0303 4884 RDPCDD - ok
14:53:47.0334 4884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:53:47.0386 4884 RDPENCDD - ok
14:53:47.0400 4884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:53:47.0447 4884 RDPREFMP - ok
14:53:47.0486 4884 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:53:47.0540 4884 RDPWD - ok
14:53:47.0585 4884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:53:47.0597 4884 rdyboost - ok
14:53:47.0647 4884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:53:47.0698 4884 RemoteAccess - ok
14:53:47.0745 4884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:53:47.0794 4884 RemoteRegistry - ok
14:53:47.0842 4884 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:53:47.0875 4884 RFCOMM - ok
14:53:47.0904 4884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:53:47.0965 4884 RpcEptMapper - ok
14:53:47.0991 4884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:53:48.0014 4884 RpcLocator - ok
14:53:48.0069 4884 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:53:48.0110 4884 RpcSs - ok
14:53:48.0145 4884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:53:48.0180 4884 rspndr - ok
14:53:48.0252 4884 RSUSBVSTOR (ce0a1d8a59410e698140821e4e69da0d) C:\Windows\system32\Drivers\RtsUVStor.sys
14:53:48.0264 4884 RSUSBVSTOR - ok
14:53:48.0339 4884 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:53:48.0353 4884 RTL8167 - ok
14:53:48.0377 4884 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:48.0388 4884 SamSs - ok
14:53:48.0409 4884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:53:48.0421 4884 sbp2port - ok
14:53:48.0456 4884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:53:48.0509 4884 SCardSvr - ok
14:53:48.0531 4884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:53:48.0566 4884 scfilter - ok
14:53:48.0645 4884 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:53:48.0711 4884 Schedule - ok
14:53:48.0777 4884 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:53:48.0816 4884 SCPolicySvc - ok
14:53:48.0848 4884 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:53:48.0899 4884 SDRSVC - ok
14:53:49.0001 4884 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:53:49.0041 4884 SeaPort - ok
14:53:49.0131 4884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:53:49.0179 4884 secdrv - ok
14:53:49.0218 4884 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:53:49.0256 4884 seclogon - ok
14:53:49.0287 4884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:53:49.0337 4884 SENS - ok
14:53:49.0365 4884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:53:49.0403 4884 SensrSvc - ok
14:53:49.0419 4884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:53:49.0448 4884 Serenum - ok
14:53:49.0473 4884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:53:49.0498 4884 Serial - ok
14:53:49.0521 4884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:53:49.0548 4884 sermouse - ok
14:53:49.0577 4884 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:53:49.0628 4884 SessionEnv - ok
14:53:49.0632 4884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:53:49.0652 4884 sffdisk - ok
14:53:49.0655 4884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:53:49.0677 4884 sffp_mmc - ok
14:53:49.0681 4884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:53:49.0702 4884 sffp_sd - ok
14:53:49.0706 4884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:53:49.0717 4884 sfloppy - ok
14:53:49.0761 4884 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:53:49.0830 4884 ShellHWDetection - ok
14:53:49.0855 4884 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
14:53:49.0879 4884 SiSGbeLH - ok
14:53:49.0904 4884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:53:49.0955 4884 SiSRaid2 - ok
14:53:49.0965 4884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:53:49.0976 4884 SiSRaid4 - ok
14:53:50.0054 4884 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:53:50.0069 4884 SkypeUpdate - ok
14:53:50.0078 4884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:53:50.0129 4884 Smb - ok
14:53:50.0159 4884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:53:50.0172 4884 SNMPTRAP - ok
14:53:50.0245 4884 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
14:53:50.0257 4884 SonicStage Back-End Service - ok
14:53:50.0271 4884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:53:50.0280 4884 spldr - ok
14:53:50.0341 4884 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:53:50.0405 4884 Spooler - ok
14:53:50.0621 4884 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:53:50.0752 4884 sppsvc - ok
14:53:50.0887 4884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:53:50.0940 4884 sppuinotify - ok
14:53:51.0019 4884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:53:51.0119 4884 srv - ok
14:53:51.0171 4884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:53:51.0201 4884 srv2 - ok
14:53:51.0223 4884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:53:51.0255 4884 srvnet - ok
14:53:51.0314 4884 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:53:51.0355 4884 ssadbus - ok
14:53:51.0383 4884 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:53:51.0410 4884 ssadmdfl - ok
14:53:51.0444 4884 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:53:51.0474 4884 ssadmdm - ok
14:53:51.0501 4884 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
14:53:51.0525 4884 ssadserd - ok
14:53:51.0576 4884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:53:51.0634 4884 SSDPSRV - ok
14:53:51.0730 4884 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
14:53:51.0740 4884 SSScsiSV - ok
14:53:51.0763 4884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:53:51.0802 4884 SstpSvc - ok
14:53:51.0830 4884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:53:51.0840 4884 stexstor - ok
14:53:51.0930 4884 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:53:51.0977 4884 stisvc - ok
14:53:51.0995 4884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:53:52.0005 4884 swenum - ok
14:53:52.0054 4884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:53:52.0123 4884 swprv - ok
14:53:52.0256 4884 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:53:52.0333 4884 SysMain - ok
14:53:52.0445 4884 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:53:52.0465 4884 TabletInputService - ok
14:53:52.0491 4884 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:53:52.0554 4884 TapiSrv - ok
14:53:52.0578 4884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:53:52.0613 4884 TBS - ok
14:53:52.0777 4884 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:53:52.0848 4884 Tcpip - ok
14:53:53.0165 4884 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:53:53.0209 4884 TCPIP6 - ok
14:53:53.0307 4884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:53:53.0356 4884 tcpipreg - ok
14:53:53.0374 4884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:53:53.0400 4884 TDPIPE - ok
14:53:53.0425 4884 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:53:53.0436 4884 TDTCP - ok
14:53:53.0460 4884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:53:53.0512 4884 tdx - ok
14:53:53.0533 4884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:53:53.0544 4884 TermDD - ok
14:53:53.0605 4884 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:53:53.0676 4884 TermService - ok
14:53:53.0696 4884 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:53:53.0721 4884 Themes - ok
14:53:53.0751 4884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:53:53.0785 4884 THREADORDER - ok
14:53:53.0906 4884 TiMiniService (69d76ce06bb629b69165c81d83a4b03e) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
14:53:53.0931 4884 TiMiniService - ok
14:53:53.0966 4884 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
14:53:53.0975 4884 tmactmon - ok
14:53:54.0005 4884 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
14:53:54.0015 4884 tmcomm - ok
14:53:54.0034 4884 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:53:54.0043 4884 tmevtmgr - ok
14:53:54.0076 4884 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
14:53:54.0083 4884 tmtdi - ok
14:53:54.0116 4884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:53:54.0184 4884 TrkWks - ok
14:53:54.0251 4884 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:53:54.0333 4884 TrustedInstaller - ok
14:53:54.0367 4884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:53:54.0408 4884 tssecsrv - ok
14:53:54.0449 4884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:53:54.0496 4884 TsUsbFlt - ok
14:53:54.0501 4884 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:53:54.0524 4884 TsUsbGD - ok
14:53:54.0558 4884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:53:54.0614 4884 tunnel - ok
14:53:54.0622 4884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:53:54.0634 4884 uagp35 - ok
14:53:54.0680 4884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:53:54.0736 4884 udfs - ok
14:53:54.0774 4884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:53:54.0807 4884 UI0Detect - ok
14:53:54.0833 4884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:53:54.0845 4884 uliagpkx - ok
14:53:54.0878 4884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:53:54.0902 4884 umbus - ok
14:53:54.0906 4884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:53:54.0924 4884 UmPass - ok
14:53:55.0228 4884 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:53:55.0318 4884 UNS - ok
14:53:55.0459 4884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:53:55.0520 4884 upnphost - ok
14:53:55.0570 4884 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:53:55.0610 4884 USBAAPL64 - ok
14:53:55.0646 4884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:53:55.0691 4884 usbccgp - ok
14:53:55.0740 4884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:53:55.0769 4884 usbcir - ok
14:53:55.0785 4884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:53:55.0800 4884 usbehci - ok
14:53:55.0857 4884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:53:55.0905 4884 usbhub - ok
14:53:55.0923 4884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:53:55.0950 4884 usbohci - ok
14:53:55.0982 4884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:53:55.0998 4884 usbprint - ok
14:53:56.0021 4884 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:53:56.0050 4884 usbscan - ok
14:53:56.0085 4884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:53:56.0127 4884 USBSTOR - ok
14:53:56.0152 4884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:53:56.0178 4884 usbuhci - ok
14:53:56.0242 4884 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:53:56.0282 4884 usbvideo - ok
14:53:56.0319 4884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:53:56.0372 4884 UxSms - ok
14:53:56.0398 4884 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:53:56.0411 4884 VaultSvc - ok
14:53:56.0444 4884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:53:56.0454 4884 vdrvroot - ok
14:53:56.0511 4884 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:53:56.0563 4884 vds - ok
14:53:56.0585 4884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:53:56.0600 4884 vga - ok
14:53:56.0617 4884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:53:56.0675 4884 VgaSave - ok
14:53:56.0691 4884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:53:56.0704 4884 vhdmp - ok
14:53:56.0708 4884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:53:56.0717 4884 viaide - ok
14:53:56.0744 4884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:53:56.0755 4884 volmgr - ok
14:53:56.0792 4884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:53:56.0810 4884 volmgrx - ok
14:53:56.0834 4884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:53:56.0851 4884 volsnap - ok
14:53:56.0910 4884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:53:56.0932 4884 vsmraid - ok
14:53:57.0148 4884 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:53:57.0241 4884 VSS - ok
14:53:57.0378 4884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:53:57.0411 4884 vwifibus - ok
14:53:57.0430 4884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:53:57.0464 4884 vwififlt - ok
14:53:57.0521 4884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:53:57.0589 4884 W32Time - ok
14:53:57.0613 4884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:53:57.0633 4884 WacomPen - ok
14:53:57.0673 4884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:53:57.0719 4884 WANARP - ok
14:53:57.0735 4884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:53:57.0767 4884 Wanarpv6 - ok
14:53:57.0927 4884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:53:57.0969 4884 WatAdminSvc - ok
14:53:58.0089 4884 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:53:58.0146 4884 wbengine - ok
14:53:58.0247 4884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:53:58.0286 4884 WbioSrvc - ok
14:53:58.0312 4884 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:53:58.0342 4884 wcncsvc - ok
14:53:58.0358 4884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:53:58.0401 4884 WcsPlugInService - ok
14:53:58.0461 4884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:53:58.0472 4884 Wd - ok
14:53:58.0514 4884 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:53:58.0558 4884 WDC_SAM - ok
14:53:58.0615 4884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:53:58.0636 4884 Wdf01000 - ok
14:53:58.0658 4884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:53:58.0751 4884 WdiServiceHost - ok
14:53:58.0754 4884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:53:58.0772 4884 WdiSystemHost - ok
14:53:58.0821 4884 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:53:58.0870 4884 WebClient - ok
14:53:58.0923 4884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:53:58.0993 4884 Wecsvc - ok
14:53:59.0040 4884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:53:59.0075 4884 wercplsupport - ok
14:53:59.0109 4884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:53:59.0165 4884 WerSvc - ok
14:53:59.0242 4884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:53:59.0276 4884 WfpLwf - ok
14:53:59.0344 4884 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:53:59.0363 4884 WimFltr - ok
14:53:59.0392 4884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:53:59.0402 4884 WIMMount - ok
14:53:59.0407 4884 WinHttpAutoProxySvc - ok
14:53:59.0504 4884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:53:59.0573 4884 Winmgmt - ok
14:53:59.0719 4884 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:53:59.0820 4884 WinRM - ok
14:53:59.0992 4884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:54:00.0027 4884 WinUsb - ok
14:54:00.0121 4884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:54:00.0175 4884 Wlansvc - ok
14:54:00.0241 4884 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:54:00.0250 4884 wlcrasvc - ok
14:54:00.0461 4884 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:54:00.0536 4884 wlidsvc - ok
14:54:00.0684 4884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:54:00.0709 4884 WmiAcpi - ok
14:54:00.0774 4884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:54:00.0808 4884 wmiApSrv - ok
14:54:00.0851 4884 WMPNetworkSvc - ok
14:54:00.0885 4884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:54:00.0906 4884 WPCSvc - ok
14:54:00.0955 4884 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:54:00.0992 4884 WPDBusEnum - ok
14:54:01.0027 4884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:54:01.0076 4884 ws2ifsl - ok
14:54:01.0079 4884 WSearch - ok
14:54:01.0095 4884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:54:01.0155 4884 WudfPf - ok
14:54:01.0211 4884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:01.0265 4884 WUDFRd - ok
14:54:01.0292 4884 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:54:01.0325 4884 wudfsvc - ok
14:54:01.0358 4884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:54:01.0385 4884 WwanSvc - ok
14:54:01.0425 4884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:54:01.0479 4884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:54:01.0479 4884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:54:01.0583 4884 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:54:01.0583 4884 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:54:01.0588 4884 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:54:01.0698 4884 \Device\Harddisk1\DR1 - ok
14:54:01.0701 4884 Boot (0x1200) (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0
14:54:01.0703 4884 \Device\Harddisk0\DR0\Partition0 - ok
14:54:01.0727 4884 Boot (0x1200) (0159cae7e670be55fe9d2d9d63bb43b3) \Device\Harddisk0\DR0\Partition1
14:54:01.0729 4884 \Device\Harddisk0\DR0\Partition1 - ok
14:54:01.0733 4884 Boot (0x1200) (4845846325eec051e9df4f95dbb4d5b3) \Device\Harddisk1\DR1\Partition0
14:54:01.0734 4884 \Device\Harddisk1\DR1\Partition0 - ok
14:54:01.0735 4884 ============================================================
14:54:01.0735 4884 Scan finished
14:54:01.0735 4884 ============================================================
14:54:01.0749 4880 Detected object count: 2
14:54:01.0749 4880 Actual detected object count: 2
14:54:45.0322 4880 \Device\Harddisk0\DR0\# - copied to quarantine
14:54:45.0323 4880 \Device\Harddisk0\DR0 - copied to quarantine
14:54:45.0405 4880 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:54:45.0407 4880 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:54:45.0413 4880 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:54:45.0418 4880 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:54:45.0437 4880 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:54:45.0448 4880 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:54:45.0449 4880 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:54:45.0450 4880 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:54:45.0451 4880 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:54:45.0454 4880 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:54:45.0457 4880 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:54:45.0458 4880 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:54:45.0461 4880 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:54:45.0463 4880 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:54:45.0469 4880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:54:45.0470 4880 \Device\Harddisk0\DR0 - ok
14:54:45.0484 4880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:54:45.0486 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:54:45.0487 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

[MrCharlie]

Just run TDSSKiller again and choose delete for this one only:

Quote

14:54:45.0486 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:54:45.0487 4880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

----------------------------

Then......


Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[azn1993]

ComboFix 12-08-08.01 - Erica 08/08/2012 15:21:16.1.4 - x64
Running from: c:\users\Erica\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Erica\AppData\Roaming\360SE
c:\users\Erica\AppData\Roaming\360SE\360SE.ini
c:\users\Erica\AppData\Roaming\360SE\360se_s.ini
c:\users\Erica\AppData\Roaming\360SE\360seie6.ini
c:\users\Erica\AppData\Roaming\360SE\data\360sefav.db
c:\users\Erica\AppData\Roaming\360SE\data\BlankData.ini
c:\users\Erica\AppData\Roaming\360SE\data\FavouriteBar.dat
c:\users\Erica\AppData\Roaming\360SE\data\history.dat
c:\users\Erica\AppData\Roaming\360SE\data\ico\avc.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\cn.bing.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\cz.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\hao.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\me.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\se.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\uninstall.feedback.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.baidu.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.bing.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.google.com.hk.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.sogou.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\www.youdao.com.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\yahoo.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico
c:\users\Erica\AppData\Roaming\360SE\data\IEXCompat.dat
c:\users\Erica\AppData\Roaming\360SE\data\pluginbar.dat
c:\users\Erica\AppData\Roaming\360SE\data\StatusBar.dat
c:\users\Erica\AppData\Roaming\360SE\data\switch.ini
c:\users\Erica\AppData\Roaming\360SE\data\URLTitle.ini
c:\users\Erica\AppData\Roaming\360SE\data\user.dat
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtAddons\ExtStats.ini.cfg
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtBank\bank2.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtBank\ExtBank.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtBank\stat.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtDoctor\ExtDoctor.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtDownload\extdownload1.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtLoginMagic\ExtLoginMagic.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\extpageblank\stat.dat
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtProxy\proxy.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtYouxi\stat3.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\ExtYouxi\ver.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\Favorites2.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2012_04_15.log
c:\users\Erica\AppData\Roaming\360SE\extensions\Favorites\titleopt.dll
c:\users\Erica\AppData\Roaming\360SE\extensions\Pluginbar\stat.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\Pluginbar\ver.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.in
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\safehfc.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\sc.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat
c:\users\Erica\AppData\Roaming\360SE\extensions\SafeCentral\urllibauth.dat
c:\users\Erica\AppData\Roaming\360SE\extensions\SnapPlugin\stat.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\TranslatorPlugin\stat.ini
c:\users\Erica\AppData\Roaming\360SE\extensions\TranslatorPlugin\translate.ini
c:\users\Erica\AppData\Roaming\360SE\seup.ini
c:\users\Erica\AppData\Roaming\360SE\stat.ini
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\00000004.@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\1afb2d56
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L\201d3dde
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\n
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000004.@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\00000008.@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\000000cb.@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000000.@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000032.@
c:\windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U\80000064.@
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 22:28 . 2012-08-08 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 20:42 . 2012-08-08 20:42 -------- d-----w- C:\FRST
2012-08-06 19:03 . 2012-08-06 19:03 -------- d-----w- c:\users\Erica\AppData\Local\ElevatedDiagnostics
2012-07-13 22:14 . 2012-07-13 22:14 -------- d-----w- c:\program files\CCleaner
2012-07-13 21:58 . 2012-07-13 22:08 -------- d-----w- c:\programdata\RegAce
2012-07-13 18:47 . 2012-08-08 22:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-13 02:20 . 2012-07-13 02:43 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-13 02:20 . 2012-05-11 18:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-13 02:19 . 2012-07-13 02:19 -------- d-----w- c:\programdata\PC Tools
2012-07-13 02:19 . 2012-07-13 02:19 -------- d-----w- c:\users\Erica\AppData\Roaming\TestApp
2012-07-13 01:36 . 2012-07-13 02:42 -------- d-----w- c:\programdata\MFAData
2012-07-13 01:36 . 2012-07-13 01:36 -------- d--h--w- c:\programdata\Common Files
2012-07-11 05:44 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:22 . 2012-07-11 02:24 -------- d-----w- c:\users\Erica\AppData\Roaming\GetRightToGo
2012-07-11 01:41 . 2010-12-10 05:18 624056 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.449\mframe.dll
2012-07-11 01:41 . 2010-12-10 05:18 312768 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.449\ppp.dll
2012-07-11 01:41 . 2010-12-10 05:18 247304 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll
2012-07-11 00:49 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 00:49 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 00:49 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 00:49 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 00:49 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 00:49 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 00:49 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 00:48 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 00:48 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 00:48 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 00:48 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 00:48 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 00:48 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 00:48 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 00:48 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 00:48 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 22:18 . 2012-06-03 19:56 380 ----a-w- c:\users\Erica\AppData\Roaming\sp_data.sys
2012-08-04 00:39 . 2012-04-13 15:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 00:39 . 2012-03-05 21:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 05:41 . 2012-03-01 01:50 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 18:14 . 2012-06-29 18:14 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-05 22:24 . 2012-06-05 22:24 2829 ----a-w- c:\windows\War3Unin.pif
2012-06-05 22:24 . 2012-06-05 22:24 126976 ----a-w- c:\windows\War3Unin.exe
2012-06-03 19:52 . 2012-02-20 04:57 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-06-02 22:19 . 2012-06-22 00:03 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 00:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 00:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 00:03 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 00:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 00:03 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 00:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 00:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 00:03 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-02-22 296056]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-10-6 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-22 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:39]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job
- c:\users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 03:30]
.
2012-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job
- c:\users\Erica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 03:30]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000Core.job
- c:\users\Erica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 23:21]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2033533363-2417740829-912105009-1000UA.job
- c:\users\Erica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 23:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-68469606.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-08 15:35:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 22:35
.
Pre-Run: 144,273,399,808 bytes free
Post-Run: 144,983,318,528 bytes free
.
- - End Of File - - DCFE8EE82C132D93EF464CFA776BBD7F

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[azn1993]

Oh okay. I did the quick scan. Heres the report. thanks!

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.03.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Erica :: ERICA-PC [administrator]
8/8/2012 3:47:00 PM
mbam-log-2012-08-08 (15-47-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199339
Time elapsed: 2 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[MrCharlie]

How is it??? MrC

[azn1993]

So far nothing has pop up yet. and its running normal. but i dont know if the virus will come back later... thanks alot tho!!!

[MrCharlie]

Great (It's not going to come back)

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC