Ads playing in the background randomly

[jotfarmer]

Hello,

This morning I started having ads playing in the background while I am on the internet. Downloaded and ran Malwarbytes and seems to have stopped most but not all ads from getting thru. Now malwarebytes pops up about once a minute saying it has successfully blocked accsess to a potentially malicious website. Type:outgoing to a different port each time.

Attach.txt

DDS.txt

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[jotfarmer]

ogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Joey [Admin rights]

Mode: Scan -- Date: 07/16/2012 12:27:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] {11E6AB9D-B175-4079-BDF0-7E3EB149918F}.job @ : C:\Users\Family\Desktop\FrostWire.exe -> FOUND

[sUSP PATH] {40578891-63E9-4620-ADC2-21A98469C0C8}.job @ : C:\Users\Family\Desktop\FrostWire.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD321KJ +++++

--- User ---

[MBR] f5db9608dbe95df131e69a17ddb71586

[bSP] 33e870195992370a52af789e14cb7fe0 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 71ff2ed5ee42056775e323fc6f95273d

[bSP] 33e870195992370a52af789e14cb7fe0 : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 71ff2ed5ee42056775e323fc6f95273d

[bSP] 33e870195992370a52af789e14cb7fe0 : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

OK, please do this...........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[jotfarmer]

Hello Mr. C,

After running TDSSKiller and following all instructions(deleting \Device\Harddisk0\DR0 and skipping all others except for the malicious object found being cured I went to reboot my computer. Now when I try to turn it back on it will not restart. I have tried and can boot from Windows 7 installation DVD. When I try to do a repair it says no problems can be detected. I have also tried to restore to the point I created before running TDSSKiller with no luck there either. While booted to DVD did Hard Disk Tests and all came back ok. Any suggestions now? Thank you so much for all your help!

Jotfarmer

[MrCharlie]

Well you did have a Master Boot record infection, that's why I had you run TDSSKiller.

¤¤¤ Infection : Root.MBR ¤¤¤

Can you get to the log from TDSSKiller and post it so I can see what happened?

MrC

[jotfarmer]

I can see the file from a C: prompt but I dont know how to copy it or access it to read it.

Jotfarmer

[MrCharlie]

If you burn an OTLPE cd, you'll be able to boot the computer up with it and get the log from TDSSKiller:

http://www.itxassociates.com/OT-Tools/OTLPEStd.exe

Just download it, put a blank cd in the burner and double click on OTLPEStd.exe and it will automatically burn the cd.

Just put the cd in the sick computer and boot from it, you'll be able to navigate around the system, copy the log to a usb flash drive, post it back here.

Let me know, MrC

[jotfarmer]

Mr. C,

I was able to use Xcopy to get it on a usb drive. Here it is! Appreciate it very much!

18:19:53.0650 5892 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

18:19:54.0866 5892 ============================================================

18:19:54.0866 5892 Current date / time: 2012/07/16 18:19:54.0866

18:19:54.0866 5892 SystemInfo:

18:19:54.0866 5892

18:19:54.0866 5892 OS Version: 6.1.7601 ServicePack: 1.0

18:19:54.0866 5892 Product type: Workstation

18:19:54.0866 5892 ComputerName: FAMILY-PC

18:19:54.0866 5892 UserName: Joey

18:19:54.0866 5892 Windows directory: C:\Windows

18:19:54.0866 5892 System windows directory: C:\Windows

18:19:54.0866 5892 Running under WOW64

18:19:54.0866 5892 Processor architecture: Intel x64

18:19:54.0866 5892 Number of processors: 4

18:19:54.0866 5892 Page size: 0x1000

18:19:54.0866 5892 Boot type: Normal boot

18:19:54.0866 5892 ============================================================

18:19:56.0707 5892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:19:56.0723 5892 ============================================================

18:19:56.0723 5892 \Device\Harddisk0\DR0:

18:19:56.0723 5892 MBR partitions:

18:19:56.0723 5892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000

18:19:56.0723 5892 ============================================================

18:19:56.0754 5892 C: <-> \Device\Harddisk0\DR0\Partition0

18:19:56.0754 5892 ============================================================

18:19:56.0754 5892 Initialize success

18:19:56.0754 5892 ============================================================

18:20:52.0867 6468 ============================================================

18:20:52.0867 6468 Scan started

18:20:52.0867 6468 Mode: Manual; SigCheck; TDLFS;

18:20:52.0867 6468 ============================================================

18:20:54.0848 6468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:20:54.0958 6468 1394ohci - ok

18:20:55.0036 6468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:20:55.0067 6468 ACPI - ok

18:20:55.0098 6468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:20:55.0192 6468 AcpiPmi - ok

18:20:55.0363 6468 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:20:55.0363 6468 AdobeARMservice - ok

18:20:55.0519 6468 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:20:55.0535 6468 AdobeFlashPlayerUpdateSvc - ok

18:20:55.0628 6468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:20:55.0644 6468 adp94xx - ok

18:20:55.0691 6468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:20:55.0722 6468 adpahci - ok

18:20:55.0738 6468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:20:55.0753 6468 adpu320 - ok

18:20:55.0784 6468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:20:55.0909 6468 AeLookupSvc - ok

18:20:55.0987 6468 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

18:20:56.0034 6468 AFD - ok

18:20:56.0112 6468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:20:56.0128 6468 agp440 - ok

18:20:56.0143 6468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:20:56.0206 6468 ALG - ok

18:20:56.0237 6468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:20:56.0252 6468 aliide - ok

18:20:56.0299 6468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:20:56.0315 6468 amdide - ok

18:20:56.0330 6468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:20:56.0393 6468 AmdK8 - ok

18:20:56.0408 6468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:20:56.0440 6468 AmdPPM - ok

18:20:56.0502 6468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:20:56.0518 6468 amdsata - ok

18:20:56.0549 6468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:20:56.0564 6468 amdsbs - ok

18:20:56.0580 6468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:20:56.0596 6468 amdxata - ok

18:20:56.0674 6468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:20:56.0798 6468 AppID - ok

18:20:56.0830 6468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:20:56.0908 6468 AppIDSvc - ok

18:20:56.0939 6468 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

18:20:57.0001 6468 Appinfo - ok

18:20:57.0142 6468 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:20:57.0157 6468 Apple Mobile Device - ok

18:20:57.0204 6468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:20:57.0220 6468 arc - ok

18:20:57.0235 6468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:20:57.0251 6468 arcsas - ok

18:20:57.0298 6468 aspnet_state - ok

18:20:57.0313 6468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:20:57.0376 6468 AsyncMac - ok

18:20:57.0422 6468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:20:57.0438 6468 atapi - ok

18:20:57.0532 6468 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:20:57.0594 6468 AudioEndpointBuilder - ok

18:20:57.0610 6468 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:20:57.0641 6468 AudioSrv - ok

18:20:57.0734 6468 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

18:20:58.0031 6468 AxInstSV - ok

18:20:58.0140 6468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:20:58.0187 6468 b06bdrv - ok

18:20:58.0218 6468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:20:58.0249 6468 b57nd60a - ok

18:20:58.0312 6468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:20:58.0358 6468 BDESVC - ok

18:20:58.0374 6468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:20:58.0436 6468 Beep - ok

18:20:58.0546 6468 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

18:20:58.0608 6468 BFE - ok

18:20:58.0670 6468 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

18:20:58.0733 6468 BITS - ok

18:20:58.0795 6468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:20:58.0826 6468 blbdrive - ok

18:20:58.0951 6468 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

18:20:58.0982 6468 Bonjour Service - ok

18:20:59.0029 6468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:20:59.0076 6468 bowser - ok

18:20:59.0107 6468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:20:59.0170 6468 BrFiltLo - ok

18:20:59.0170 6468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:20:59.0201 6468 BrFiltUp - ok

18:20:59.0248 6468 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

18:20:59.0310 6468 BridgeMP - ok

18:20:59.0357 6468 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

18:20:59.0404 6468 Browser - ok

18:20:59.0435 6468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:20:59.0482 6468 Brserid - ok

18:20:59.0497 6468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:20:59.0528 6468 BrSerWdm - ok

18:20:59.0544 6468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:20:59.0591 6468 BrUsbMdm - ok

18:20:59.0591 6468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:20:59.0622 6468 BrUsbSer - ok

18:20:59.0669 6468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:20:59.0716 6468 BTHMODEM - ok

18:20:59.0825 6468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:20:59.0903 6468 bthserv - ok

18:20:59.0934 6468 catchme - ok

18:20:59.0950 6468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:21:00.0028 6468 cdfs - ok

18:21:00.0090 6468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:21:00.0121 6468 cdrom - ok

18:21:00.0184 6468 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:21:00.0230 6468 CertPropSvc - ok

18:21:00.0277 6468 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

18:21:00.0308 6468 cfwids - ok

18:21:00.0324 6468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:21:00.0355 6468 circlass - ok

18:21:00.0402 6468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:21:00.0418 6468 CLFS - ok

18:21:00.0480 6468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:21:00.0496 6468 clr_optimization_v2.0.50727_32 - ok

18:21:00.0542 6468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:21:00.0558 6468 clr_optimization_v2.0.50727_64 - ok

18:21:00.0667 6468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:21:00.0683 6468 clr_optimization_v4.0.30319_32 - ok

18:21:00.0745 6468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:21:00.0761 6468 clr_optimization_v4.0.30319_64 - ok

18:21:00.0776 6468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:21:00.0808 6468 CmBatt - ok

18:21:00.0870 6468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:21:00.0886 6468 cmdide - ok

18:21:00.0948 6468 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

18:21:00.0979 6468 CNG - ok

18:21:00.0995 6468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:21:01.0010 6468 Compbatt - ok

18:21:01.0057 6468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:21:01.0135 6468 CompositeBus - ok

18:21:01.0151 6468 COMSysApp - ok

18:21:01.0166 6468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:21:01.0182 6468 crcdisk - ok

18:21:01.0244 6468 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

18:21:01.0260 6468 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

18:21:01.0260 6468 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

18:21:01.0307 6468 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

18:21:01.0322 6468 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

18:21:01.0322 6468 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

18:21:01.0385 6468 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

18:21:01.0432 6468 CryptSvc - ok

18:21:01.0494 6468 CT20XUT (f2e8c13e27a0044a19ba82e5c6e8879e) C:\Windows\system32\drivers\CT20XUT.SYS

18:21:01.0541 6468 CT20XUT - ok

18:21:01.0541 6468 CT20XUT.SYS (f2e8c13e27a0044a19ba82e5c6e8879e) C:\Windows\System32\drivers\CT20XUT.SYS

18:21:01.0588 6468 CT20XUT.SYS - ok

18:21:01.0619 6468 ctac32k (15425196a518c4f0d5a5bba524d60c4b) C:\Windows\system32\drivers\ctac32k.sys

18:21:01.0650 6468 ctac32k - ok

18:21:01.0697 6468 ctaud2k (095f82704725db00307a9c7193c13b3c) C:\Windows\system32\drivers\ctaud2k.sys

18:21:01.0759 6468 ctaud2k - ok

18:21:01.0884 6468 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

18:21:01.0915 6468 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning

18:21:01.0915 6468 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)

18:21:02.0009 6468 CTEXFIFX (4551fc6a89328995d87dc23e4fd1050b) C:\Windows\system32\drivers\CTEXFIFX.SYS

18:21:02.0040 6468 CTEXFIFX - ok

18:21:02.0259 6468 CTEXFIFX.SYS (4551fc6a89328995d87dc23e4fd1050b) C:\Windows\System32\drivers\CTEXFIFX.SYS

18:21:02.0290 6468 CTEXFIFX.SYS - ok

18:21:02.0337 6468 CTHWIUT (4ec7e207a05b974f59f477e3305cd60d) C:\Windows\system32\drivers\CTHWIUT.SYS

18:21:02.0352 6468 CTHWIUT - ok

18:21:02.0368 6468 CTHWIUT.SYS (4ec7e207a05b974f59f477e3305cd60d) C:\Windows\System32\drivers\CTHWIUT.SYS

18:21:02.0368 6468 CTHWIUT.SYS - ok

18:21:02.0383 6468 ctprxy2k (3e4e7a4a3b2f3d0172f276a0a1a60595) C:\Windows\system32\drivers\ctprxy2k.sys

18:21:02.0399 6468 ctprxy2k - ok

18:21:02.0415 6468 ctsfm2k (15ac0a5aa8e88fd6843c70c1738eb963) C:\Windows\system32\drivers\ctsfm2k.sys

18:21:02.0477 6468 ctsfm2k - ok

18:21:02.0555 6468 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:21:02.0617 6468 DcomLaunch - ok

18:21:02.0664 6468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:21:02.0742 6468 defragsvc - ok

18:21:02.0820 6468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:21:02.0867 6468 DfsC - ok

18:21:02.0914 6468 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

18:21:02.0992 6468 Dhcp - ok

18:21:03.0039 6468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:21:03.0163 6468 discache - ok

18:21:03.0195 6468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:21:03.0210 6468 Disk - ok

18:21:03.0226 6468 dlcx_device - ok

18:21:03.0273 6468 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

18:21:03.0366 6468 Dnscache - ok

18:21:03.0444 6468 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

18:21:03.0491 6468 dot3svc - ok

18:21:03.0553 6468 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

18:21:03.0600 6468 DPS - ok

18:21:03.0631 6468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:21:03.0678 6468 drmkaud - ok

18:21:03.0756 6468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:21:03.0787 6468 DXGKrnl - ok

18:21:03.0834 6468 e1express (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys

18:21:03.0850 6468 e1express - ok

18:21:03.0881 6468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:21:03.0959 6468 EapHost - ok

18:21:04.0427 6468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:21:04.0505 6468 ebdrv - ok

18:21:04.0661 6468 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

18:21:04.0692 6468 EFS - ok

18:21:04.0786 6468 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

18:21:04.0848 6468 ehRecvr - ok

18:21:04.0911 6468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:21:04.0957 6468 ehSched - ok

18:21:05.0051 6468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:21:05.0067 6468 elxstor - ok

18:21:05.0098 6468 emupia (c8f9f86a1a078fdb304e2b6029f1e5e2) C:\Windows\system32\drivers\emupia2k.sys

18:21:05.0113 6468 emupia - ok

18:21:05.0160 6468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:21:05.0191 6468 ErrDev - ok

18:21:05.0254 6468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:21:05.0316 6468 EventSystem - ok

18:21:05.0347 6468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:21:05.0410 6468 exfat - ok

18:21:05.0441 6468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:21:05.0519 6468 fastfat - ok

18:21:05.0613 6468 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

18:21:05.0675 6468 Fax - ok

18:21:05.0691 6468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:21:05.0753 6468 fdc - ok

18:21:05.0753 6468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:21:05.0815 6468 fdPHost - ok

18:21:05.0831 6468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:21:05.0909 6468 FDResPub - ok

18:21:05.0925 6468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:21:05.0940 6468 FileInfo - ok

18:21:05.0956 6468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:21:06.0018 6468 Filetrace - ok

18:21:06.0034 6468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:21:06.0049 6468 flpydisk - ok

18:21:06.0112 6468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:21:06.0127 6468 FltMgr - ok

18:21:06.0237 6468 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

18:21:06.0330 6468 FontCache - ok

18:21:06.0471 6468 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:21:06.0486 6468 FontCache3.0.0.0 - ok

18:21:06.0549 6468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:21:06.0564 6468 FsDepends - ok

18:21:06.0595 6468 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

18:21:06.0658 6468 Fs_Rec - ok

18:21:06.0720 6468 FTDIBUS (35fd2bb5131714e657b7ab3a78642854) C:\Windows\system32\drivers\ftdibus.sys

18:21:06.0736 6468 FTDIBUS - ok

18:21:06.0767 6468 FTSER2K (196c9bddbef9b6d0973f398bef5b2eee) C:\Windows\system32\drivers\ftser2k.sys

18:21:06.0783 6468 FTSER2K - ok

18:21:06.0861 6468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:21:06.0892 6468 fvevol - ok

18:21:06.0907 6468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:21:06.0923 6468 gagp30kx - ok

18:21:06.0970 6468 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:21:06.0985 6468 GEARAspiWDM - ok

18:21:07.0063 6468 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

18:21:07.0126 6468 gpsvc - ok

18:21:07.0251 6468 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:21:07.0266 6468 gupdate - ok

18:21:07.0282 6468 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:21:07.0297 6468 gupdatem - ok

18:21:07.0422 6468 ha20x2k (57f6cf8c66d23b2ebd32b4a00fe82a15) C:\Windows\system32\drivers\ha20x2k.sys

18:21:07.0500 6468 ha20x2k - ok

18:21:07.0625 6468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:21:07.0672 6468 hcw85cir - ok

18:21:07.0765 6468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:21:07.0781 6468 HdAudAddService - ok

18:21:07.0828 6468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

18:21:07.0906 6468 HDAudBus - ok

18:21:07.0906 6468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:21:07.0921 6468 HidBatt - ok

18:21:07.0937 6468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:21:07.0968 6468 HidBth - ok

18:21:07.0968 6468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:21:08.0015 6468 HidIr - ok

18:21:08.0062 6468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

18:21:08.0124 6468 hidserv - ok

18:21:08.0171 6468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

18:21:08.0218 6468 HidUsb - ok

18:21:08.0265 6468 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

18:21:08.0343 6468 hkmsvc - ok

18:21:08.0405 6468 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

18:21:08.0467 6468 HomeGroupListener - ok

18:21:08.0530 6468 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

18:21:08.0561 6468 HomeGroupProvider - ok

18:21:08.0608 6468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:21:08.0623 6468 HpSAMD - ok

18:21:08.0717 6468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:21:08.0779 6468 HTTP - ok

18:21:08.0826 6468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:21:08.0826 6468 hwpolicy - ok

18:21:08.0904 6468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

18:21:08.0920 6468 i8042prt - ok

18:21:08.0982 6468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:21:08.0998 6468 iaStorV - ok

18:21:09.0138 6468 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:21:09.0169 6468 idsvc - ok

18:21:09.0201 6468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:21:09.0216 6468 iirsp - ok

18:21:09.0279 6468 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

18:21:09.0341 6468 IKEEXT - ok

18:21:09.0357 6468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:21:09.0372 6468 intelide - ok

18:21:09.0403 6468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:21:09.0419 6468 intelppm - ok

18:21:09.0466 6468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:21:09.0528 6468 IPBusEnum - ok

18:21:09.0575 6468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:21:09.0622 6468 IpFilterDriver - ok

18:21:09.0700 6468 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

18:21:09.0747 6468 iphlpsvc - ok

18:21:09.0762 6468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:21:09.0793 6468 IPMIDRV - ok

18:21:09.0825 6468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:21:09.0903 6468 IPNAT - ok

18:21:10.0152 6468 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

18:21:10.0183 6468 iPod Service - ok

18:21:10.0199 6468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:21:10.0261 6468 IRENUM - ok

18:21:10.0324 6468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:21:10.0339 6468 isapnp - ok

18:21:10.0386 6468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:21:10.0417 6468 iScsiPrt - ok

18:21:10.0449 6468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:21:10.0464 6468 kbdclass - ok

18:21:10.0495 6468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

18:21:10.0511 6468 kbdhid - ok

18:21:10.0558 6468 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:21:10.0573 6468 KeyIso - ok

18:21:10.0620 6468 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

18:21:10.0636 6468 KSecDD - ok

18:21:10.0683 6468 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

18:21:10.0698 6468 KSecPkg - ok

18:21:10.0729 6468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:21:10.0792 6468 ksthunk - ok

18:21:10.0885 6468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:21:10.0948 6468 KtmRm - ok

18:21:11.0041 6468 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

18:21:11.0088 6468 LanmanServer - ok

18:21:11.0151 6468 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

18:21:11.0213 6468 LanmanWorkstation - ok

18:21:11.0260 6468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:21:11.0322 6468 lltdio - ok

18:21:11.0369 6468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:21:11.0447 6468 lltdsvc - ok

18:21:11.0463 6468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:21:11.0525 6468 lmhosts - ok

18:21:11.0556 6468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:21:11.0572 6468 LSI_FC - ok

18:21:11.0587 6468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:21:11.0603 6468 LSI_SAS - ok

18:21:11.0619 6468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:21:11.0634 6468 LSI_SAS2 - ok

18:21:11.0650 6468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:21:11.0681 6468 LSI_SCSI - ok

18:21:11.0712 6468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:21:11.0775 6468 luafv - ok

18:21:11.0868 6468 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

18:21:11.0884 6468 MBAMProtector - ok

18:21:11.0977 6468 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:21:11.0993 6468 MBAMService - ok

18:21:12.0118 6468 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

18:21:12.0133 6468 McAfee SiteAdvisor Service - ok

18:21:12.0227 6468 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

18:21:12.0258 6468 McciCMService ( UnsignedFile.Multi.Generic ) - warning

18:21:12.0258 6468 McciCMService - detected UnsignedFile.Multi.Generic (1)

18:21:12.0321 6468 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe

18:21:12.0352 6468 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning

18:21:12.0352 6468 McciCMService64 - detected UnsignedFile.Multi.Generic (1)

18:21:12.0461 6468 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:21:12.0477 6468 McMPFSvc - ok

18:21:12.0492 6468 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:21:12.0508 6468 mcmscsvc - ok

18:21:12.0508 6468 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:21:12.0523 6468 McNaiAnn - ok

18:21:12.0523 6468 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:21:12.0539 6468 McNASvc - ok

18:21:12.0633 6468 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

18:21:12.0664 6468 McODS - ok

18:21:12.0664 6468 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:21:12.0679 6468 McProxy - ok

18:21:12.0773 6468 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

18:21:12.0789 6468 McShield - ok

18:21:12.0913 6468 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

18:21:12.0945 6468 Mcx2Svc - ok

18:21:13.0069 6468 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe

18:21:13.0085 6468 MDM - ok

18:21:13.0163 6468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:21:13.0179 6468 megasas - ok

18:21:13.0210 6468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:21:13.0225 6468 MegaSR - ok

18:21:13.0272 6468 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

18:21:13.0288 6468 mfeapfk - ok

18:21:13.0350 6468 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

18:21:13.0366 6468 mfeavfk - ok

18:21:13.0428 6468 mfeavfk01 - ok

18:21:13.0522 6468 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

18:21:13.0537 6468 mfefire - ok

18:21:13.0600 6468 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

18:21:13.0615 6468 mfefirek - ok

18:21:13.0678 6468 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

18:21:13.0709 6468 mfehidk - ok

18:21:13.0725 6468 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

18:21:13.0740 6468 mfenlfk - ok

18:21:13.0756 6468 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

18:21:13.0818 6468 mferkdet - ok

18:21:13.0881 6468 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

18:21:13.0896 6468 mfevtp - ok

18:21:13.0927 6468 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

18:21:13.0959 6468 mfewfpk - ok

18:21:13.0990 6468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:21:14.0052 6468 MMCSS - ok

18:21:14.0083 6468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:21:14.0146 6468 Modem - ok

18:21:14.0193 6468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:21:14.0224 6468 monitor - ok

18:21:14.0271 6468 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys

18:21:14.0333 6468 motandroidusb - ok

18:21:14.0489 6468 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

18:21:14.0505 6468 MotoHelper - ok

18:21:14.0567 6468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:21:14.0583 6468 mouclass - ok

18:21:14.0598 6468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:21:14.0629 6468 mouhid - ok

18:21:14.0676 6468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:21:14.0692 6468 mountmgr - ok

18:21:14.0754 6468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:21:14.0801 6468 mpio - ok

18:21:14.0832 6468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:21:14.0879 6468 mpsdrv - ok

18:21:14.0973 6468 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

18:21:15.0035 6468 MpsSvc - ok

18:21:15.0097 6468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:21:15.0144 6468 MRxDAV - ok

18:21:15.0191 6468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:21:15.0238 6468 mrxsmb - ok

18:21:15.0285 6468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:21:15.0316 6468 mrxsmb10 - ok

18:21:15.0347 6468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:21:15.0363 6468 mrxsmb20 - ok

18:21:15.0378 6468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:21:15.0394 6468 msahci - ok

18:21:15.0425 6468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:21:15.0441 6468 msdsm - ok

18:21:15.0472 6468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:21:15.0519 6468 MSDTC - ok

18:21:15.0550 6468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:21:15.0612 6468 Msfs - ok

18:21:15.0612 6468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:21:15.0690 6468 mshidkmdf - ok

18:21:15.0706 6468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:21:15.0721 6468 msisadrv - ok

18:21:15.0753 6468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:21:15.0831 6468 MSiSCSI - ok

18:21:15.0831 6468 msiserver - ok

18:21:15.0987 6468 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

18:21:16.0002 6468 MSK80Service - ok

18:21:16.0018 6468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:21:16.0096 6468 MSKSSRV - ok

18:21:16.0111 6468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:21:16.0174 6468 MSPCLOCK - ok

18:21:16.0205 6468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:21:16.0267 6468 MSPQM - ok

18:21:16.0330 6468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:21:16.0361 6468 MsRPC - ok

18:21:16.0408 6468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:21:16.0423 6468 mssmbios - ok

18:21:16.0439 6468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:21:16.0501 6468 MSTEE - ok

18:21:16.0533 6468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:21:16.0564 6468 MTConfig - ok

18:21:16.0595 6468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:21:16.0611 6468 Mup - ok

18:21:16.0673 6468 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

18:21:16.0751 6468 napagent - ok

18:21:16.0813 6468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:21:16.0860 6468 NativeWifiP - ok

18:21:16.0923 6468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:21:16.0954 6468 NDIS - ok

18:21:16.0969 6468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:21:17.0032 6468 NdisCap - ok

18:21:17.0063 6468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:21:17.0110 6468 NdisTapi - ok

18:21:17.0157 6468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:21:17.0250 6468 Ndisuio - ok

18:21:17.0297 6468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:21:17.0359 6468 NdisWan - ok

18:21:17.0406 6468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:21:17.0453 6468 NDProxy - ok

18:21:17.0469 6468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:21:17.0531 6468 NetBIOS - ok

18:21:17.0578 6468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:21:17.0640 6468 NetBT - ok

18:21:17.0671 6468 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:21:17.0687 6468 Netlogon - ok

18:21:17.0734 6468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:21:17.0812 6468 Netman - ok

18:21:17.0843 6468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:21:17.0921 6468 netprofm - ok

18:21:18.0015 6468 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:21:18.0030 6468 NetTcpPortSharing - ok

18:21:18.0061 6468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:21:18.0077 6468 nfrd960 - ok

18:21:18.0093 6468 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

18:21:18.0155 6468 NlaSvc - ok

18:21:18.0171 6468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:21:18.0233 6468 Npfs - ok

18:21:18.0249 6468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:21:18.0311 6468 nsi - ok

18:21:18.0311 6468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:21:18.0389 6468 nsiproxy - ok

18:21:18.0514 6468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:21:18.0561 6468 Ntfs - ok

18:21:18.0670 6468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:21:18.0717 6468 Null - ok

18:21:19.0497 6468 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:21:19.0840 6468 nvlddmkm - ok

18:21:20.0089 6468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:21:20.0105 6468 nvraid - ok

18:21:20.0121 6468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:21:20.0136 6468 nvstor - ok

18:21:20.0308 6468 nvsvc (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe

18:21:20.0339 6468 nvsvc - ok

18:21:20.0386 6468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:21:20.0401 6468 nv_agp - ok

18:21:20.0573 6468 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:21:20.0589 6468 odserv - ok

18:21:20.0635 6468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:21:20.0667 6468 ohci1394 - ok

18:21:20.0698 6468 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:21:20.0713 6468 ose - ok

18:21:20.0760 6468 ossrv (64184884b0f505e0e8d8a48f551e13a8) C:\Windows\system32\drivers\ctoss2k.sys

18:21:20.0776 6468 ossrv - ok

18:21:20.0823 6468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:21:20.0885 6468 p2pimsvc - ok

18:21:20.0916 6468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:21:20.0932 6468 p2psvc - ok

18:21:20.0979 6468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:21:20.0994 6468 Parport - ok

18:21:21.0041 6468 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

18:21:21.0057 6468 partmgr - ok

18:21:21.0072 6468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:21:21.0119 6468 PcaSvc - ok

18:21:21.0166 6468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:21:21.0181 6468 pci - ok

18:21:21.0213 6468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:21:21.0228 6468 pciide - ok

18:21:21.0259 6468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:21:21.0275 6468 pcmcia - ok

18:21:21.0337 6468 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

18:21:21.0384 6468 pcouffin - ok

18:21:21.0384 6468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:21:21.0400 6468 pcw - ok

18:21:21.0447 6468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:21:21.0540 6468 PEAUTH - ok

18:21:22.0211 6468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:21:22.0258 6468 PerfHost - ok

18:21:22.0367 6468 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

18:21:22.0445 6468 pla - ok

18:21:22.0507 6468 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

18:21:22.0554 6468 PlugPlay - ok

18:21:22.0585 6468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:21:22.0632 6468 PNRPAutoReg - ok

18:21:22.0663 6468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:21:22.0679 6468 PNRPsvc - ok

18:21:22.0757 6468 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

18:21:22.0804 6468 PolicyAgent - ok

18:21:22.0851 6468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:21:22.0913 6468 Power - ok

18:21:23.0007 6468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:21:23.0053 6468 PptpMiniport - ok

18:21:23.0100 6468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:21:23.0147 6468 Processor - ok

18:21:23.0209 6468 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

18:21:23.0256 6468 ProfSvc - ok

18:21:23.0303 6468 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:21:23.0319 6468 ProtectedStorage - ok

18:21:23.0381 6468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:21:23.0428 6468 Psched - ok

18:21:23.0521 6468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:21:23.0568 6468 ql2300 - ok

18:21:23.0693 6468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:21:23.0709 6468 ql40xx - ok

18:21:23.0740 6468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:21:23.0771 6468 QWAVE - ok

18:21:23.0787 6468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:21:23.0833 6468 QWAVEdrv - ok

18:21:23.0849 6468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:21:23.0911 6468 RasAcd - ok

18:21:23.0943 6468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:21:24.0005 6468 RasAgileVpn - ok

18:21:24.0021 6468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:21:24.0099 6468 RasAuto - ok

18:21:24.0457 6468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:21:24.0520 6468 Rasl2tp - ok

18:21:24.0582 6468 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

18:21:24.0660 6468 RasMan - ok

18:21:24.0660 6468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:21:24.0738 6468 RasPppoe - ok

18:21:24.0754 6468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:21:24.0832 6468 RasSstp - ok

18:21:24.0894 6468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:21:24.0941 6468 rdbss - ok

18:21:24.0941 6468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:21:24.0988 6468 rdpbus - ok

18:21:25.0019 6468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:21:25.0081 6468 RDPCDD - ok

18:21:25.0097 6468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:21:25.0175 6468 RDPENCDD - ok

18:21:25.0206 6468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:21:25.0253 6468 RDPREFMP - ok

18:21:25.0331 6468 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

18:21:25.0393 6468 RDPWD - ok

18:21:25.0440 6468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:21:25.0456 6468 rdyboost - ok

18:21:25.0503 6468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:21:25.0565 6468 RemoteAccess - ok

18:21:25.0612 6468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:21:25.0674 6468 RemoteRegistry - ok

18:21:25.0690 6468 RimUsb - ok

18:21:25.0737 6468 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

18:21:25.0830 6468 RimVSerPort - ok

18:21:25.0846 6468 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

18:21:25.0908 6468 ROOTMODEM - ok

18:21:25.0955 6468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:21:26.0017 6468 RpcEptMapper - ok

18:21:26.0049 6468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:21:26.0111 6468 RpcLocator - ok

18:21:26.0173 6468 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:21:26.0220 6468 RpcSs - ok

18:21:26.0236 6468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:21:26.0298 6468 rspndr - ok

18:21:26.0361 6468 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:21:26.0376 6468 SamSs - ok

18:21:26.0423 6468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:21:26.0439 6468 sbp2port - ok

18:21:26.0470 6468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:21:26.0532 6468 SCardSvr - ok

18:21:26.0579 6468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:21:26.0626 6468 scfilter - ok

18:21:26.0719 6468 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

18:21:26.0782 6468 Schedule - ok

18:21:26.0829 6468 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:21:26.0860 6468 SCPolicySvc - ok

18:21:26.0922 6468 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

18:21:26.0985 6468 SDRSVC - ok

18:21:27.0078 6468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:21:27.0156 6468 secdrv - ok

18:21:27.0172 6468 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

18:21:27.0203 6468 seclogon - ok

18:21:27.0219 6468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

18:21:27.0297 6468 SENS - ok

18:21:27.0312 6468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:21:27.0359 6468 SensrSvc - ok

18:21:27.0406 6468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:21:27.0437 6468 Serenum - ok

18:21:27.0468 6468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:21:27.0499 6468 Serial - ok

18:21:27.0531 6468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:21:27.0546 6468 sermouse - ok

18:21:27.0593 6468 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

18:21:27.0702 6468 SessionEnv - ok

18:21:27.0733 6468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:21:27.0780 6468 sffdisk - ok

18:21:27.0796 6468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:21:27.0827 6468 sffp_mmc - ok

18:21:27.0843 6468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:21:27.0874 6468 sffp_sd - ok

18:21:27.0874 6468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:21:27.0905 6468 sfloppy - ok

18:21:27.0967 6468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:21:28.0030 6468 SharedAccess - ok

18:21:28.0092 6468 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

18:21:28.0123 6468 ShellHWDetection - ok

18:21:28.0170 6468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:21:28.0186 6468 SiSRaid2 - ok

18:21:28.0201 6468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:21:28.0217 6468 SiSRaid4 - ok

18:21:28.0248 6468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:21:28.0311 6468 Smb - ok

18:21:28.0357 6468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:21:28.0404 6468 SNMPTRAP - ok

18:21:28.0404 6468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:21:28.0420 6468 spldr - ok

18:21:28.0498 6468 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

18:21:28.0545 6468 Spooler - ok

18:21:28.0747 6468 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

18:21:28.0841 6468 sppsvc - ok

18:21:28.0950 6468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:21:28.0997 6468 sppuinotify - ok

18:21:29.0106 6468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:21:29.0153 6468 srv - ok

18:21:29.0184 6468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:21:29.0231 6468 srv2 - ok

18:21:29.0262 6468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:21:29.0293 6468 srvnet - ok

18:21:29.0325 6468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:21:29.0403 6468 SSDPSRV - ok

18:21:29.0418 6468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:21:29.0481 6468 SstpSvc - ok

18:21:29.0621 6468 Steam Client Service - ok

18:21:29.0746 6468 Stereo Service (9bf7e58d9113ce15cf4f1e1b18ceff83) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

18:21:29.0761 6468 Stereo Service - ok

18:21:29.0793 6468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:21:29.0808 6468 stexstor - ok

18:21:29.0886 6468 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

18:21:29.0933 6468 stisvc - ok

18:21:29.0980 6468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:21:29.0995 6468 swenum - ok

18:21:30.0042 6468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:21:30.0136 6468 swprv - ok

18:21:30.0276 6468 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

18:21:30.0323 6468 SysMain - ok

18:21:30.0526 6468 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

18:21:30.0557 6468 TabletInputService - ok

18:21:30.0588 6468 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

18:21:30.0635 6468 TapiSrv - ok

18:21:30.0666 6468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:21:30.0713 6468 TBS - ok

18:21:30.0885 6468 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

18:21:30.0931 6468 Tcpip - ok

18:21:31.0103 6468 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

18:21:31.0150 6468 TCPIP6 - ok

18:21:31.0228 6468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:21:31.0275 6468 tcpipreg - ok

18:21:31.0337 6468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:21:31.0399 6468 TDPIPE - ok

18:21:31.0431 6468 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

18:21:31.0477 6468 TDTCP - ok

18:21:31.0524 6468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:21:31.0555 6468 tdx - ok

18:21:31.0571 6468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:21:31.0587 6468 TermDD - ok

18:21:31.0680 6468 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

18:21:31.0727 6468 TermService - ok

18:21:31.0758 6468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:21:31.0789 6468 Themes - ok

18:21:31.0821 6468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:21:31.0883 6468 THREADORDER - ok

18:21:31.0992 6468 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

18:21:32.0008 6468 TomTomHOMEService - ok

18:21:32.0023 6468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:21:32.0070 6468 TrkWks - ok

18:21:32.0164 6468 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

18:21:32.0226 6468 TrustedInstaller - ok

18:21:32.0304 6468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:21:32.0367 6468 tssecsrv - ok

18:21:32.0429 6468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:21:32.0460 6468 TsUsbFlt - ok

18:21:32.0538 6468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:21:32.0585 6468 tunnel - ok

18:21:32.0616 6468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:21:32.0632 6468 uagp35 - ok

18:21:32.0694 6468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:21:32.0741 6468 udfs - ok

18:21:32.0772 6468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:21:32.0788 6468 UI0Detect - ok

18:21:32.0835 6468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:21:32.0850 6468 uliagpkx - ok

18:21:32.0897 6468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

18:21:32.0959 6468 umbus - ok

18:21:32.0975 6468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:21:33.0006 6468 UmPass - ok

18:21:33.0037 6468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:21:33.0115 6468 upnphost - ok

18:21:33.0162 6468 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

18:21:33.0209 6468 USBAAPL64 - ok

18:21:33.0256 6468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:21:33.0303 6468 usbccgp - ok

18:21:33.0349 6468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:21:33.0365 6468 usbcir - ok

18:21:33.0396 6468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

18:21:33.0443 6468 usbehci - ok

18:21:33.0521 6468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:21:33.0552 6468 usbhub - ok

18:21:33.0568 6468 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

18:21:33.0599 6468 usbohci - ok

18:21:33.0615 6468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:21:33.0646 6468 usbprint - ok

18:21:33.0677 6468 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:21:33.0724 6468 usbscan - ok

18:21:33.0739 6468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:21:33.0786 6468 USBSTOR - ok

18:21:33.0817 6468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

18:21:33.0849 6468 usbuhci - ok

18:21:33.0880 6468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:21:33.0927 6468 UxSms - ok

18:21:33.0973 6468 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:21:33.0989 6468 VaultSvc - ok

18:21:34.0020 6468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:21:34.0036 6468 vdrvroot - ok

18:21:34.0114 6468 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

18:21:34.0161 6468 vds - ok

18:21:34.0192 6468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:21:34.0207 6468 vga - ok

18:21:34.0223 6468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:21:34.0285 6468 VgaSave - ok

18:21:34.0332 6468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:21:34.0363 6468 vhdmp - ok

18:21:34.0395 6468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:21:34.0410 6468 viaide - ok

18:21:34.0426 6468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:21:34.0441 6468 volmgr - ok

18:21:34.0519 6468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:21:34.0535 6468 volmgrx - ok

18:21:34.0566 6468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:21:34.0582 6468 volsnap - ok

18:21:34.0613 6468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:21:34.0629 6468 vsmraid - ok

18:21:34.0753 6468 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

18:21:34.0816 6468 VSS - ok

18:21:34.0987 6468 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS

18:21:35.0019 6468 VST64HWBS2 - ok

18:21:35.0159 6468 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

18:21:35.0190 6468 VST64_DPV - ok

18:21:35.0284 6468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

18:21:35.0299 6468 vwifibus - ok

18:21:35.0346 6468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:21:35.0409 6468 W32Time - ok

18:21:35.0424 6468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:21:35.0455 6468 WacomPen - ok

18:21:35.0502 6468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:21:35.0549 6468 WANARP - ok

18:21:35.0549 6468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:21:35.0580 6468 Wanarpv6 - ok

18:21:35.0689 6468 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:21:35.0767 6468 WatAdminSvc - ok

18:21:35.0877 6468 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

18:21:35.0970 6468 wbengine - ok

18:21:36.0079 6468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:21:36.0095 6468 WbioSrvc - ok

18:21:36.0126 6468 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

18:21:36.0189 6468 wcncsvc - ok

18:21:36.0204 6468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:21:36.0267 6468 WcsPlugInService - ok

18:21:36.0298 6468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:21:36.0313 6468 Wd - ok

18:21:36.0360 6468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:21:36.0391 6468 Wdf01000 - ok

18:21:36.0407 6468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:21:36.0501 6468 WdiServiceHost - ok

18:21:36.0501 6468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:21:36.0516 6468 WdiSystemHost - ok

18:21:36.0594 6468 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

18:21:36.0657 6468 WebClient - ok

18:21:36.0688 6468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:21:36.0766 6468 Wecsvc - ok

18:21:36.0797 6468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:21:36.0875 6468 wercplsupport - ok

18:21:36.0922 6468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:21:36.0984 6468 WerSvc - ok

18:21:37.0062 6468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:21:37.0109 6468 WfpLwf - ok

18:21:37.0125 6468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:21:37.0140 6468 WIMMount - ok

18:21:37.0218 6468 winachsf (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

18:21:37.0249 6468 winachsf - ok

18:21:37.0281 6468 WinDefend - ok

18:21:37.0296 6468 WinHttpAutoProxySvc - ok

18:21:37.0374 6468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:21:37.0421 6468 Winmgmt - ok

18:21:37.0561 6468 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

18:21:37.0639 6468 WinRM - ok

18:21:37.0780 6468 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

18:21:37.0795 6468 WinUsb - ok

18:21:37.0858 6468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:21:37.0920 6468 Wlansvc - ok

18:21:38.0154 6468 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:21:38.0201 6468 wlidsvc - ok

18:21:38.0373 6468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:21:38.0388 6468 WmiAcpi - ok

18:21:38.0482 6468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:21:38.0513 6468 wmiApSrv - ok

18:21:38.0607 6468 WMPNetworkSvc - ok

18:21:38.0638 6468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:21:38.0653 6468 WPCSvc - ok

18:21:38.0700 6468 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

18:21:38.0747 6468 WPDBusEnum - ok

18:21:38.0763 6468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:21:38.0825 6468 ws2ifsl - ok

18:21:38.0841 6468 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

18:21:38.0887 6468 wscsvc - ok

18:21:38.0887 6468 WSearch - ok

18:21:39.0059 6468 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

18:21:39.0106 6468 wuauserv - ok

18:21:39.0246 6468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:21:39.0324 6468 WudfPf - ok

18:21:39.0355 6468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:21:39.0418 6468 WUDFRd - ok

18:21:39.0465 6468 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

18:21:39.0511 6468 wudfsvc - ok

18:21:39.0543 6468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:21:39.0574 6468 WwanSvc - ok

18:21:39.0605 6468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:21:39.0636 6468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

18:21:39.0636 6468 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

18:21:39.0667 6468 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:21:39.0667 6468 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:21:39.0699 6468 Boot (0x1200) (b0477d2d990c0baec025d0f3f844fe61) \Device\Harddisk0\DR0\Partition0

18:21:39.0699 6468 \Device\Harddisk0\DR0\Partition0 - ok

18:21:39.0699 6468 ============================================================

18:21:39.0699 6468 Scan finished

18:21:39.0699 6468 ============================================================

18:21:39.0699 4664 Detected object count: 7

18:21:39.0699 4664 Actual detected object count: 7

18:24:38.0958 4664 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:24:38.0958 4664 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:24:38.0958 4664 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:24:38.0958 4664 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:24:38.0958 4664 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user

18:24:38.0958 4664 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:24:38.0974 4664 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

18:24:38.0974 4664 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:24:38.0974 4664 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

18:24:38.0974 4664 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:24:39.0692 4664 \Device\Harddisk0\DR0\# - copied to quarantine

18:24:39.0707 4664 \Device\Harddisk0\DR0 - copied to quarantine

18:24:39.0738 4664 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

18:24:39.0910 4664 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:24:39.0941 4664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:24:46.0353 4664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:24:46.0400 4664 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:24:51.0891 4664 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:24:51.0985 4664 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:24:52.0000 4664 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:24:52.0000 4664 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:24:52.0031 4664 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:24:52.0141 4664 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:24:52.0219 4664 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:24:52.0234 4664 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:24:52.0234 4664 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

18:24:52.0265 4664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

18:24:52.0297 4664 \Device\Harddisk0\DR0 - ok

18:24:52.0297 4664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

18:24:52.0312 4664 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

18:24:52.0343 4664 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

18:24:52.0390 4664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

18:24:57.0663 4664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

18:24:57.0710 4664 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:25:03.0014 4664 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:25:03.0092 4664 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

18:25:03.0092 4664 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

18:25:03.0107 4664 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

18:25:03.0107 4664 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:25:03.0185 4664 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:25:03.0263 4664 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

18:25:03.0263 4664 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

18:25:03.0279 4664 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

18:25:03.0279 4664 \Device\Harddisk0\DR0\TDLFS - deleted

18:25:03.0279 4664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

18:26:02.0606 6852 Deinitialize success

[MrCharlie]

Did you choose delete for this one?

18:25:03.0279 4664 \Device\Harddisk0\DR0\TDLFS - deleted

Also see if these's a RK_Quarantine folder on your desktop and see if there's a PhysicalDrive0_User.dat file in there.

Also in "C", there should be a TDSSKiller_Quarantine folder

Let me know, MrC

[jotfarmer]

Mr. C,

No sir I only deleted the \Device\Harddisk0\DR0 file. Yes there is a RK_Quarantine folder with PhysicalDrive0_user.dat file in it and C; does have the TDSSKiller_Quarantine folder in it as well.

Jotfarmer

[MrCharlie]

OK, this is.......

18:25:03.0279 4664 \Device\Harddisk0\DR0\TDLFS - deleted <---most likely the problem

18:25:03.0279 4664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete <--- OK

Hang on while I figure out a solution, MrC

[MrCharlie]

Please do this.......

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• 
  
  • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    

  [*]Select Command Prompt

  [*]In the command window type in notepad and press Enter.

  [*]The notepad opens. Under File menu select Open.

  [*]Select "Computer" and find your flash drive letter and close the notepad.

  [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

  Note: Replace letter e with the drive letter of your flash drive.

  [*]The tool will start to run.

  [*]When the tool opens click Yes to disclaimer.

  [*]Press Scan button.

  [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

[jotfarmer]

Here it is Mr. C! Thanks again.

Jotfarmer

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02

Ran by SYSTEM at 17-07-2012 19:00:09

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [dlcxmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [292336 2007-01-12] ()

HKLM\...\Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe" [304008 2006-11-03] ()

HKLM\...\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry [31744 2006-10-15] ()

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Family\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s [247728 2011-04-22] (TomTom)

HKU\Joey\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)

HKU\Joey\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Joey\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-02] (Valve Corporation)

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Event Reminder.lnk

ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23\Remind.exe (Broderbund Properties LLC)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\Family\Start Menu\Programs\Startup\Impulse Now.lnk

ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (No File)

Startup: C:\Users\Joey\Start Menu\Programs\Startup\Impulse Now.lnk

ShortcutTarget: Impulse Now.lnk -> C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (No File)

==================== Services (Whitelisted) ======

2 dlcx_device; C:\Windows\system32\dlcxcoms.exe -service [561152 2006-10-11] ( )

2 dlcx_device; C:\Windows\SysWow64\dlcxcoms.exe -service [532480 2006-10-11] ( )

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [103440 2012-01-13] (McAfee, Inc.)

2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2011-07-05] (Alcatel-Lucent)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)

3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)

3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [75016 2012-04-13] (FTDI Ltd.)

3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2012-04-13] (FTDI Ltd.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)

3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)

3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)

3 mfeavfk01; [x]

3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-16 15:24 - 2012-07-16 15:24 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-07-16 09:32 - 2012-07-16 09:32 - 00002028 ____A C:\Users\Joey\Desktop\RKreport[1].txt

2012-07-16 09:27 - 2012-07-16 09:27 - 00002046 ____A C:\Users\Joey\Desktop\RKreport.txt

2012-07-16 09:25 - 2012-07-16 09:26 - 00000000 ____D C:\Users\Joey\Desktop\RK_Quarantine

2012-07-16 08:28 - 2012-07-16 08:28 - 00023763 ____A C:\Users\Joey\Desktop\DDS.txt

2012-07-16 08:28 - 2012-07-16 08:28 - 00008951 ____A C:\Users\Joey\Desktop\Attach.txt

2012-07-16 07:39 - 2012-07-16 07:39 - 00000000 ____D C:\Users\Family\AppData\Local\{F89DAF85-8DAE-42BD-8079-EA49A943269A}

2012-07-16 07:38 - 2012-07-16 07:39 - 00000000 ____D C:\Users\Family\AppData\Local\{2A678C68-48E4-4736-9A9B-C34EDF2D508A}

2012-07-16 07:19 - 2012-07-16 07:19 - 00020386 ____A C:\ComboFix.txt

2012-07-16 06:35 - 2012-07-16 19:24 - 00000000 ___SD C:\ComboFix

2012-07-16 06:35 - 2012-07-16 07:19 - 00000000 ____D C:\Qoobox

2012-07-16 06:35 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-16 06:35 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-16 06:35 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-16 06:35 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-16 06:35 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-16 06:35 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-16 06:35 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-16 06:35 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-16 06:30 - 2012-07-16 06:30 - 00000000 ____D C:\Windows\erdnt

2012-07-16 06:26 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-07-16 05:53 - 2012-07-16 05:53 - 04579127 ____R (Swearware) C:\Users\Family\Downloads\ComboFix.exe

2012-07-16 05:41 - 2012-07-16 05:41 - 00000000 ____D C:\Users\Family\AppData\Roaming\Malwarebytes

2012-07-16 05:17 - 2012-07-16 05:17 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-16 05:17 - 2012-07-16 05:17 - 00000000 ____D C:\Users\Joey\AppData\Roaming\Malwarebytes

2012-07-16 05:17 - 2012-07-16 05:17 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-16 05:17 - 2012-07-16 05:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-16 05:17 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-14 19:37 - 2012-07-14 19:37 - 00000000 ____D C:\Program Files (x86)\7-Zip

2012-07-13 18:58 - 2012-07-13 18:58 - 00000000 ____D C:\Users\Family\AppData\Local\{D2724959-0713-4CA5-AC83-8664D09CECB2}

2012-07-13 18:58 - 2012-07-13 18:58 - 00000000 ____D C:\Users\Family\AppData\Local\{2B7811F3-B3CF-4F3D-BA88-426340220856}

2012-07-13 03:52 - 2012-07-13 03:52 - 00000000 ____D C:\Users\Family\AppData\Local\{D889C8CF-DF2A-4917-BD17-C398653C70DB}

2012-07-13 03:51 - 2012-07-13 03:52 - 00000000 ____D C:\Users\Family\AppData\Local\{AD5F02BB-C54F-4367-8781-8B33598B4E0B}

2012-07-12 15:51 - 2012-07-12 15:51 - 00000000 ____D C:\Users\Family\AppData\Local\{DDE36B55-6B9D-483C-ABB2-C9E4A9498B44}

2012-07-12 15:51 - 2012-07-12 15:51 - 00000000 ____D C:\Users\Family\AppData\Local\{AB30D375-B94C-4F5B-891A-62223C61A7C4}

2012-07-11 00:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 00:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 00:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 00:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 00:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 00:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 00:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 00:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 00:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 00:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 00:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 00:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 00:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 00:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 00:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 00:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-11 00:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-11 00:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-11 00:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-11 00:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-11 00:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-11 00:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-11 00:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-11 00:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-11 00:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-11 00:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-11 00:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-11 00:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-11 00:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 12:12 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 12:12 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 12:12 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 12:12 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 12:12 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 12:12 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 12:12 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 12:12 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-10 12:12 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 12:12 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 12:12 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 12:12 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 12:12 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 12:12 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 12:12 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 12:12 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 12:12 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 12:12 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 12:12 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-09 08:02 - 2012-07-09 08:02 - 00000000 ____D C:\Users\Family\AppData\Local\{A4FC615A-62E6-4764-B358-84FFC51F7285}

2012-07-09 08:02 - 2012-07-09 08:02 - 00000000 ____D C:\Users\Family\AppData\Local\{2BD9D048-40E5-4BFA-8161-C153DAAEDFD9}

2012-07-08 18:57 - 2012-07-08 18:58 - 00000000 ____D C:\Users\Family\AppData\Local\{7AA7A4AE-2F43-431F-B174-B329E0B88ECA}

2012-07-08 18:57 - 2012-07-08 18:57 - 00000000 ____D C:\Users\Family\AppData\Local\{FCAC0D1D-FFEC-4A15-9907-26C52309F05A}

2012-07-06 19:42 - 2012-07-06 19:42 - 00000000 ____D C:\Users\Family\AppData\Local\{F88DD10D-DC88-4BE5-87F9-4E73CDA95E98}

2012-07-06 19:42 - 2012-07-06 19:42 - 00000000 ____D C:\Users\Family\AppData\Local\{2C92D13F-F336-4334-A4B2-DDEA8F489FF3}

2012-07-04 20:53 - 2012-07-04 20:54 - 00000000 ____D C:\Users\Family\AppData\Local\{7FD7FE41-FA7C-4100-B014-84D2CB882E60}

2012-07-04 20:53 - 2012-07-04 20:53 - 00000000 ____D C:\Users\Family\AppData\Local\{CCC4E4ED-F72D-4824-BF98-F710B02C2708}

2012-07-04 07:00 - 2012-07-04 07:00 - 00000000 ____D C:\Users\Family\AppData\Local\{14DECB37-8F01-46D0-8FE3-D15DE4556B08}

2012-07-04 06:59 - 2012-07-04 06:59 - 00000000 ____D C:\Users\Family\AppData\Local\{5E0AA4A6-44F8-4172-B008-3E5145EBBFA3}

2012-07-03 11:31 - 2012-07-03 11:31 - 00000000 ____D C:\Users\Family\AppData\Local\{E49597FA-9B42-477A-995A-D6B3E6936EE3}

2012-07-03 11:30 - 2012-07-03 11:31 - 00000000 ____D C:\Users\Family\AppData\Local\{B62B528E-1925-4E41-B20F-669860733D57}

2012-07-02 07:02 - 2012-07-02 07:03 - 00000000 ____D C:\Users\Family\AppData\Local\{2DAD795F-BFE9-488F-BBED-16F269219483}

2012-07-02 07:02 - 2012-07-02 07:02 - 00000000 ____D C:\Users\Family\AppData\Local\{043BD888-607B-4C6B-8CA6-E69CCF89E9BF}

2012-07-01 15:35 - 2012-07-01 15:35 - 00001214 ____A C:\Users\Family\Desktop\Minecraft saves Shortcut.lnk

2012-06-30 11:13 - 2012-06-30 11:13 - 00024838 ____A C:\Users\Family\Desktop\hs_err_pid4924.log

2012-06-30 07:46 - 2012-06-30 07:46 - 00000000 ____D C:\Users\Family\AppData\Local\{FE276DB0-5444-4DC7-A3D1-A8C11B00C503}

2012-06-30 07:46 - 2012-06-30 07:46 - 00000000 ____D C:\Users\Family\AppData\Local\{D5A44896-D20E-45F4-B6AE-BFC84EA8599E}

2012-06-29 09:23 - 2012-06-29 09:23 - 00024660 ____A C:\Users\Family\Desktop\hs_err_pid5924.log

2012-06-28 18:39 - 2012-06-28 18:40 - 00000000 ____D C:\Users\Family\AppData\Local\{EEBCF1B1-2E4D-4403-9313-2B1E67E8EE9C}

2012-06-28 18:39 - 2012-06-28 18:39 - 00000000 ____D C:\Users\Family\AppData\Local\{38D6C174-6ACD-4217-8D23-2BA3347105FD}

2012-06-27 18:16 - 2012-06-27 18:16 - 00000000 ____D C:\Users\Family\AppData\Local\{1F77D5E6-E513-4B3F-A1C8-DD0FC4AD53F1}

2012-06-27 18:16 - 2012-06-27 18:16 - 00000000 ____D C:\Users\Family\AppData\Local\{06143D5F-7AD2-4EC2-A379-28D46CE1987B}

2012-06-25 08:04 - 2012-06-25 08:04 - 00000000 ____D C:\Users\Family\AppData\Local\{89CE6A29-009B-4A08-BF75-D976F294D9CA}

2012-06-25 08:04 - 2012-06-25 08:04 - 00000000 ____D C:\Users\Family\AppData\Local\{2682D182-18B2-4CBC-B4D3-DFDDBDC56C96}

2012-06-23 13:25 - 2012-06-23 13:25 - 00000000 ____D C:\Users\Family\AppData\Local\{C3C12B95-3060-44FE-B171-216A14056BD6}

2012-06-23 13:24 - 2012-06-23 13:24 - 00000000 ____D C:\Users\Family\AppData\Local\{BE16553B-420F-4767-9DD5-04E6A6FA1D5F}

2012-06-21 05:16 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-21 05:16 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-21 05:16 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-21 05:16 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-21 05:16 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-21 05:16 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-21 05:16 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-21 05:16 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-21 05:16 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-18 18:54 - 2012-06-18 18:55 - 00000000 ____D C:\Users\Family\AppData\Local\{4BD2BBBC-3B76-4A63-95A6-7D94D32C9FEF}

2012-06-18 18:54 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Family\AppData\Local\{9509EF68-5C98-4A52-803E-CCEBB1E3794D}

2012-06-18 18:44 - 2012-06-18 18:44 - 00000000 ____D C:\Windows\en

2012-06-18 18:41 - 2012-06-18 18:41 - 00000000 ____D C:\Program Files\Windows Live

2012-06-18 18:36 - 2012-06-18 18:36 - 00000000 ____D C:\Users\Family\AppData\Local\{DAEA6582-D4B7-4187-8221-D56574484D8E}

2012-06-18 18:36 - 2012-06-18 18:36 - 00000000 ____D C:\Users\Family\AppData\Local\{D5F42A18-8AFE-4E1A-838E-3FA0C631FF5B}

2012-06-18 18:35 - 2012-06-18 18:35 - 00000000 ____D C:\Users\Family\AppData\Local\{C6494FDB-9E7E-444A-8B60-29FD0E3476AB}

2012-06-18 18:35 - 2012-06-18 18:35 - 00000000 ____D C:\Users\Family\AppData\Local\{4AD2A9A5-B441-4B7E-A20D-00D325CBF1A2}

2012-06-18 18:34 - 2012-06-18 18:35 - 00000000 ____D C:\Users\Family\AppData\Local\{4249C9D3-2384-4B4B-A108-8109F644E316}

2012-06-18 18:34 - 2012-06-18 18:34 - 00000000 ____D C:\Users\Family\AppData\Local\{233D910E-12A4-4CE9-893B-E7A1ACE3EBAF}

2012-06-18 18:31 - 2012-06-18 18:31 - 00000000 ____D C:\Users\Joey\AppData\Local\Windows Live

2012-06-18 18:30 - 2012-06-18 18:30 - 00000000 ____D C:\Users\Family\AppData\Local\{EC113D87-DE33-4FDC-9776-F51EF476D970}

2012-06-18 18:30 - 2012-06-18 18:30 - 00000000 ____D C:\Users\Family\AppData\Local\{8753F923-9735-460A-9156-43A972D3BB52}

2012-06-18 17:36 - 2012-06-18 17:36 - 00000000 ____D C:\Users\Family\AppData\Local\{83068B0F-F180-4BEE-83D4-D21243241131}

2012-06-18 17:36 - 2012-06-18 17:36 - 00000000 ____D C:\Users\Family\AppData\Local\{23FCA954-D244-4C4F-B23B-D95AA51F94FB}

============ 3 Months Modified Files ========================

2012-07-16 09:32 - 2012-07-16 09:32 - 00002028 ____A C:\Users\Joey\Desktop\RKreport[1].txt

2012-07-16 09:27 - 2012-07-16 09:27 - 00002046 ____A C:\Users\Joey\Desktop\RKreport.txt

2012-07-16 08:28 - 2012-07-16 08:28 - 00023763 ____A C:\Users\Joey\Desktop\DDS.txt

2012-07-16 08:28 - 2012-07-16 08:28 - 00008951 ____A C:\Users\Joey\Desktop\Attach.txt

2012-07-16 07:19 - 2012-07-16 07:19 - 00020386 ____A C:\ComboFix.txt

2012-07-16 06:36 - 2012-04-01 17:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-16 06:33 - 2009-07-13 20:45 - 00013424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-16 06:33 - 2009-07-13 20:45 - 00013424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-16 06:31 - 2010-02-25 08:00 - 01454494 ____A C:\Windows\WindowsUpdate.log

2012-07-16 06:30 - 2010-12-01 10:11 - 00001828 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk

2012-07-16 06:25 - 2010-10-12 04:09 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-16 06:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-16 06:25 - 2009-07-13 20:51 - 00066550 ____A C:\Windows\setupact.log

2012-07-16 06:02 - 2010-10-12 04:09 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-16 05:53 - 2012-07-16 05:53 - 04579127 ____R (Swearware) C:\Users\Family\Downloads\ComboFix.exe

2012-07-16 05:39 - 2010-02-25 08:21 - 00230448 ____A C:\Windows\PFRO.log

2012-07-16 05:17 - 2012-07-16 05:17 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-15 10:50 - 2011-09-28 21:04 - 00000370 ____A C:\Windows\Tasks\At2.job

2012-07-15 08:46 - 2011-01-20 13:25 - 00000370 ____A C:\Windows\Tasks\At1.job

2012-07-11 13:36 - 2012-04-01 17:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-11 13:36 - 2011-06-06 04:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-11 03:39 - 2009-07-13 20:45 - 01242104 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 00:07 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini

2012-07-11 00:03 - 2010-02-25 08:17 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 10:46 - 2012-07-16 05:17 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-01 15:35 - 2012-07-01 15:35 - 00001214 ____A C:\Users\Family\Desktop\Minecraft saves Shortcut.lnk

2012-07-01 15:35 - 2012-05-15 18:56 - 00105472 __ASH C:\Users\Family\Desktop\Thumbs.db

2012-07-01 14:24 - 2011-11-24 08:25 - 00016995 ____A C:\Users\All Users\SlingSetup.log

2012-06-30 11:13 - 2012-06-30 11:13 - 00024838 ____A C:\Users\Family\Desktop\hs_err_pid4924.log

2012-06-29 09:23 - 2012-06-29 09:23 - 00024660 ____A C:\Users\Family\Desktop\hs_err_pid5924.log

2012-06-18 18:39 - 2010-02-25 12:10 - 00050882 ____A C:\Windows\DirectX.log

2012-06-16 10:28 - 2012-06-16 10:28 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-16 10:20 - 2012-06-16 10:20 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-06-13 06:53 - 2010-03-04 15:39 - 00013040 ____A C:\Windows\DPINST.LOG

2012-06-13 00:10 - 2009-07-13 21:13 - 00753796 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-11 19:08 - 2012-07-11 00:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-10 12:12 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 12:12 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-10 12:12 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 12:12 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 12:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 12:12 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 12:12 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 12:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-21 05:16 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 05:16 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 05:16 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 05:16 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 05:16 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 05:16 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 05:16 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 12:19 - 2012-06-21 05:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:15 - 2012-06-21 05:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-11 00:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-11 00:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-11 00:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-11 00:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-11 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-11 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-11 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-11 00:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-11 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-11 00:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-11 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-11 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-11 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-11 00:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-11 00:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-11 00:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-11 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-11 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-11 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-11 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-11 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-11 00:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-11 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-11 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-10 12:12 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 12:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 12:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 12:12 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 12:12 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 12:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 12:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 12:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 12:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-16 23:14 - 2011-08-02 19:40 - 00007582 ____A C:\Users\Joey\AppData\Local\Resmon.ResmonCfg

2012-05-12 09:44 - 2010-05-01 18:16 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk

2012-05-11 01:26 - 2012-05-11 01:26 - 00466216 ____A C:\Windows\Minidump\051112-86143-01.dmp

2012-05-11 01:25 - 2010-04-26 05:15 - 393210997 ____A C:\Windows\MEMORY.DMP

2012-05-06 12:17 - 2012-05-06 12:17 - 00227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-05-06 12:17 - 2012-05-06 12:17 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-05-06 12:17 - 2012-05-06 12:17 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-05-06 12:17 - 2012-05-06 05:37 - 00772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll

2012-05-06 12:17 - 2012-05-06 05:37 - 00687560 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-05-06 11:51 - 2012-05-06 11:51 - 00000071 ____A C:\Users\Family\Documents\minecraft.txt

2012-05-05 18:57 - 2012-05-05 19:06 - 00278561 ____A C:\Users\Family\Desktop\Minecraft.exe

2012-05-05 18:57 - 2012-05-05 18:57 - 00278561 ____A C:\Users\Family\Downloads\Minecraft.exe

2012-05-04 03:06 - 2012-06-12 22:21 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-12 22:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-12 22:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-30 21:40 - 2012-06-12 22:21 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-29 11:09 - 2012-04-29 11:09 - 00001906 ____A C:\Users\Family\Desktop\addons - Shortcut.lnk

2012-04-28 19:40 - 2012-04-28 14:18 - 00000022 ____A C:\Users\Family\Downloads\deadline2.zip

2012-04-27 19:55 - 2012-06-12 22:21 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 21:41 - 2012-06-12 22:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-12 22:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-12 22:21 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-23 21:37 - 2012-06-12 22:21 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-12 22:21 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-12 22:21 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-12 22:21 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-12 22:21 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-12 22:21 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

Possible MBR infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%

Total physical RAM: 4029.92 MB

Available physical RAM: 3197.89 MB

Total Pagefile: 4028.07 MB

Available Pagefile: 3194.75 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.04 GB) (Free:111.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF

3 Drive e: (USB20FD) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 10 GB

Disk 1 Online 7648 MB 0 B

Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 47 MB 31 KB

Partition 2 Primary 288 GB 10 GB

==================================================================================

Disk: 0

[MrCharlie]

OK, I having someone look over the log, I'll get back to you asap, MrC

[jotfarmer]

Ok. Thank you sir!

[MrCharlie]

OK, you're missing part of the log, can you post the rest of the log from here:

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 47 MB 31 KB

Partition 2 Primary 288 GB 10 GB

--------------------------------------

Next:

Download and save the attached fix.txt and to your flash drive

Then download and save Farbar Recovery Scan Tool x64 to the flash drive also.

Then boot to recovery mode and Press Fix and wait until it is done. (as you did when you ran

Farbar Recovery Scan Tool)

See if the computer boots now, MrC

[jotfarmer]

Mr C,

I don't understand the first part of your post about the missing part of the log. What do I need to post? Also when I tried to do fix it says fixlist.txt is missing. Do I need to rename fix.txt to fixlist.txt?

Jotfarmer

[MrCharlie]

Hang on a second.....MrC

[MrCharlie]

Please hang on, MrC

[jotfarmer]

Ok Mr. C I am hanging on!

[MrCharlie]

Glad it's straightened out now

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!