Solved Malwarebytes won't remove trojan

[bloodlilly02]

Malwarebytes detected two trojans but will not remove them. I have done full scan and quick scan several times, and followed the instructions to remove and restart my computer. Each time I do, I rescan and the trojans are still there. My most recent log is below. Help!!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.30.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Supreme Commander :: DAMIAN2 [administrator]
6/30/2012 4:43:37 PM
mbam-log-2012-06-30 (16-49-15) most recent
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230859
Time elapsed: 5 minute(s), 17 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3576 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[bloodlilly02]

Thanks! Here are my logs:

Malwarebytes Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.30.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Supreme Commander :: DAMIAN2 [administrator]
7/1/2012 9:44:38 AM
mbam-log-2012-07-01 (09-44-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230915
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5008 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
GMER Log (did not find anything so it did not create a log)

DDs Logs
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Supreme Commander at 11:26:31 on 2012-07-01
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4057.942 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleecoms.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Users\Supreme Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://co115w.col115.mail.live.com/default.aspx?wa=wsignin1.0
mWinlogon: Userinit=userinit.exe,
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Spotify Web Helper] "C:\Users\Supreme Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
StartupFolder: C:\Users\SUPREM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://games.bigfishgames.com/en_mysterysolitairese/online/SpinTopGamesLauncher.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{65A8C9A7-19F8-4191-999A-517A2CB42269} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{65A8C9A7-19F8-4191-999A-517A2CB42269}\E45445745414258363 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Dell V715w] "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-26 494424]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe [2010-3-25 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\Windows\system32\DRIVERS\o2sdgx64.sys --> C:\Windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM13Vfx.sys --> C:\Windows\system32\DRIVERS\OEM13Vfx.sys [?]
R3 OEM13Vid;Creative Camera OEM013 Driver;C:\Windows\system32\DRIVERS\OEM13Vid.sys --> C:\Windows\system32\DRIVERS\OEM13Vid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleeserv.exe [2011-12-3 45224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-11 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-11 136176]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;C:\Windows\system32\DRIVERS\kwusb2k.sys --> C:\Windows\system32\DRIVERS\kwusb2k.sys [?]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys --> C:\Windows\system32\DRIVERS\lgx64gps.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-01 14:59:19 20480 ----a-w- C:\Windows\svchost.exe
2012-06-30 21:04:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 21:04:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-30 18:54:41 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2012-06-30 18:54:22 -------- d-----w- C:\Users\Supreme Commander\AppData\Roaming\Systweak
2012-06-30 18:54:21 18856 ----a-w- C:\Windows\System32\roboot64.exe
2012-06-30 16:56:29 -------- d-----w- C:\Users\Supreme Commander\AppData\Roaming\Malwarebytes
2012-06-30 16:56:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-23 17:01:32 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 17:01:01 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 16:59:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 16:59:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 01:19:46 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-19 01:19:46 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-19 01:19:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-19 01:15:13 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-19 01:14:09 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-19 01:14:04 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-19 01:13:58 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-19 01:13:57 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-19 01:13:44 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-19 01:13:44 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-19 01:13:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-19 01:13:44 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-19 01:13:44 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-19 01:13:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec
2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2010-02-27 16:28:00 65202064 ----a-w- C:\Program Files (x86)\Tri_Peaks_Solitaire_2-setup.exe
.
============= FINISH: 11:27:16.26 ===============

DDS Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/6/2010 5:26:05 PM
System Uptime: 7/1/2012 9:57:45 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0T816J
Processor: Intel(R) Core(TM)2 Duo CPU P7570 @ 2.26GHz | U2E1 | 2267/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 145.339 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP208: 6/20/2012 2:08:41 PM - Windows Update
RP209: 6/20/2012 9:33:20 PM - Windows Update
RP210: 6/23/2012 11:59:02 AM - Windows Update
RP211: 6/23/2012 3:04:03 PM - Windows Update
RP212: 6/24/2012 11:55:50 PM - Windows Update
RP213: 6/25/2012 11:03:23 PM - Windows Update
RP214: 6/28/2012 12:08:59 AM - Windows Update
RP215: 6/28/2012 10:15:13 PM - Windows Update
RP216: 6/30/2012 1:57:00 PM - RegClean Pro Sat, Jun 30, 12 13:56
RP217: 6/30/2012 2:44:08 PM - Restore Operation
RP218: 6/30/2012 2:54:27 PM - IObit Uninstaller restore point
RP219: 6/30/2012 3:27:10 PM - Windows Update
RP220: 6/30/2012 4:20:55 PM - Removed Adobe Reader 9.1.2.
RP221: 7/1/2012 1:43:46 AM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Advanced Audio FX Engine
Advanced SystemCare 5
AGEIA PhysX v7.09.13
Apple Application Support
Apple Software Update
D3DX10
Dell Toolbar
Dell Webcam Central
Google Toolbar for Internet Explorer
Google Update Helper
Hoyle Board Games 3 Demo
Hoyle Solitaire
Hoyle Word Games Demo
iPod for Windows 2005-09-23
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Kyocera Wireless USB Device Drivers
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mind's Eye: Secrets Of The Forgotten
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PowerDVD DX
QuickLink Mobile
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SimCity 4 Deluxe
Smart Defrag 2
Spotify
System Requirements Lab CYRI
The Curse Of Montezuma
The Legend of Crystal Valley
The Secret of Margrave Manor
TXPCM10001 Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/1/2012 9:58:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleeCATSCustConnectService service to connect.
7/1/2012 9:58:32 AM, Error: Service Control Manager [7000] - The dleeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/1/2012 9:58:27 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
7/1/2012 9:58:27 AM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
7/1/2012 1:44:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
.
==== End Of File ===========================

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[bloodlilly02]

Roguekiller log
RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Supreme Commander [Admin rights]
Mode: Scan -- Date: 07/02/2012 20:20:23
¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : OEM13Mon.exe (C:\Windows\OEM13Mon.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320423ASG +++++
--- User ---
[MBR] 107b9e004b4e09bf62eee565ecfd0137
[BSP] 3ccbda4e12e9c6386df2698ebc3d6f50 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 8131e86e7bce206f33e0bcbf30e3edf0
[BSP] 3ccbda4e12e9c6386df2698ebc3d6f50 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 8131e86e7bce206f33e0bcbf30e3edf0
[BSP] 3ccbda4e12e9c6386df2698ebc3d6f50 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMRB Log
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 20:22:33
-----------------------------
20:22:33.730 OS Version: Windows x64 6.1.7600
20:22:33.730 Number of processors: 2 586 0x170A
20:22:33.730 ComputerName: DAMIAN2 UserName:
20:22:39.627 Initialize success
20:22:45.483 AVAST engine download error: 0
20:23:00.912 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:23:00.927 Disk 0 Vendor: ST932042 0004 Size: 305245MB BusType: 3
20:23:00.927 Device \Driver\iaStor -> MajorFunction fffffa8005bf05e8
20:23:00.927 Disk 0 MBR read successfully
20:23:00.943 Disk 0 MBR scan
20:23:00.943 Disk 0 Windows VISTA default MBR code
20:23:00.958 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:23:00.974 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:23:00.990 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
20:23:01.036 Disk 0 scanning C:\Windows\system32\drivers
20:23:11.520 Service scanning
20:23:34.530 Modules scanning
20:23:34.545 Disk 0 trace - called modules:
20:23:34.561 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005bf05e8]<<
20:23:34.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005771760]
20:23:34.592 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800478b050]
20:23:34.592 \Driver\iaStor[0xfffffa8005b23d90] -> IRP_MJ_CREATE -> 0xfffffa8005bf05e8
20:23:34.608 Scan finished successfully
20:24:00.395 Disk 0 MBR has been saved successfully to "C:\Users\Supreme Commander\Desktop\MBR.dat"
20:24:00.410 The log file has been saved successfully to "C:\Users\Supreme Commander\Desktop\aswMBR log.txt"

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[bloodlilly02]

I will need a few more days to do this next step. Hopefully will have it completed by Saturday at the latest.

 

[Broni]

OK

 

[bloodlilly02]

Combofix log

ComboFix 12-07-07.04 - Supreme Commander 07/07/2012 11:24:08.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4057.2951 [GMT -5:00]
Running from: c:\users\Supreme Commander\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Supreme Commander\AppData\Roaming\TMInc
c:\users\Supreme Commander\AppData\Roaming\TMInc\game.cfg
c:\users\Supreme Commander\AppData\Roaming\TMInc\user1.sav
c:\windows\svchost.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-06-30 21:04 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 21:04 . 2012-06-30 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-30 18:54 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-06-30 18:54 . 2012-06-30 20:03 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Systweak
2012-06-30 18:54 . 2012-06-26 17:25 18856 ----a-w- c:\windows\system32\roboot64.exe
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Malwarebytes
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 00:23 . 2012-06-29 00:23 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 17:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 16:59 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 16:59 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 01:19 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 01:19 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 01:19 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 01:15 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 01:14 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 01:14 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 01:13 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 01:13 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 01:13 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 01:13 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 16:28 . 2010-05-07 20:10 65202064 ----a-w- c:\program files (x86)\Tri_Peaks_Solitaire_2-setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-26 619352]
"Spotify Web Helper"="c:\users\Supreme Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-23 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]
.
c:\users\Supreme Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys [2007-08-28 213120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
R3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2010-01-21 26624]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-26 494424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe [2009-03-02 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-17 215040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 309248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://co115w.col115.mail.live.com/default.aspx?wa=wsignin1.0
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-RCDEMO - c:\sierra\RCRacersDemo\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-07-07 11:49:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 16:49
.
Pre-Run: 157,693,878,272 bytes free
Post-Run: 157,946,605,568 bytes free
.
- - End Of File - - 7EEF7EB6555769117BF8525CA9D89734

 

[Broni]

Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=====================================

Please re-run Combofix one more time and post new log.

 

[bloodlilly02]

Combofix log
ComboFix 12-07-07.04 - Supreme Commander 07/10/2012 17:41:07.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4057.2962 [GMT -5:00]
Running from: c:\users\Supreme Commander\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 22:52 . 2012-07-10 22:52 -------- d-----w- c:\users\Mcx1-DAMIAN2\AppData\Local\temp
2012-07-10 22:52 . 2012-07-10 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 21:04 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 21:04 . 2012-06-30 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-30 18:54 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-06-30 18:54 . 2012-06-30 20:03 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Systweak
2012-06-30 18:54 . 2012-06-26 17:25 18856 ----a-w- c:\windows\system32\roboot64.exe
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Malwarebytes
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 00:23 . 2012-06-29 00:23 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 17:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 16:59 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 16:59 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 01:19 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 01:19 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 01:19 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 01:15 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 01:14 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 01:14 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 01:13 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 01:13 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 01:13 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 01:13 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 16:28 . 2010-05-07 20:10 65202064 ----a-w- c:\program files (x86)\Tri_Peaks_Solitaire_2-setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-07_16.36.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-28 18:52 . 2012-07-10 22:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-05-28 18:52 . 2012-07-07 15:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-28 21:11 . 2012-07-10 22:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-05-28 21:11 . 2012-07-07 15:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-09 22:59 . 2012-07-09 22:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070920120710\index.dat
+ 2012-07-09 22:59 . 2012-07-09 22:43 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070220120709\index.dat
+ 2012-05-28 18:52 . 2012-07-10 22:09 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-04-30 10:47 . 2012-07-10 22:39 49980 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-10 22:39 47226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-07 19:33 . 2012-07-10 22:39 15432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3524355026-2606028294-2129067630-1000_UserData.bin
+ 2010-05-06 22:26 . 2012-07-10 22:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-06 22:26 . 2012-07-07 16:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-06 22:26 . 2012-07-10 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-06 22:26 . 2012-07-07 16:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-08 00:15 . 2012-07-08 00:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070720120708\index.dat
- 2009-07-14 04:54 . 2012-07-07 16:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-10 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-29 16:45 . 2012-07-07 16:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-29 16:45 . 2012-07-10 22:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-29 16:45 . 2012-07-07 16:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-29 16:45 . 2012-07-07 16:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-07 19:40 . 2012-07-07 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 19:40 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-07 19:40 . 2012-07-07 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-07 19:40 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-05 07:06 . 2012-07-08 06:22 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-07 16:35 . 2012-07-07 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-10 22:56 . 2012-07-10 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-10 22:56 . 2012-07-10 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-07 16:35 . 2012-07-07 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-07 16:36 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-10 22:57 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 21:23 . 2012-07-09 02:25 303400 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-04 22:01 628554 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-08 15:18 628554 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-04 22:01 108700 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-08 15:18 108700 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-07-07 15:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-08 18:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-07-10 22:56 330852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-07 16:34 330852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-10 22:57 5292032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-10 22:57 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-07 16:36 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-09 04:39 . 2012-04-18 22:17 1236940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3524355026-2606028294-2129067630-1000-12288.dat
+ 2011-06-09 04:39 . 2012-07-09 05:50 1236940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3524355026-2606028294-2129067630-1000-12288.dat
+ 2012-07-07 17:00 . 2012-07-07 17:00 2871808 c:\windows\Installer\176db4.msi
- 2009-07-14 02:34 . 2012-07-07 16:34 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-10 22:53 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Supreme Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-23 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]
.
c:\users\Supreme Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys [2007-08-28 213120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
R3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2010-01-21 26624]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe [2009-03-02 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-17 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 309248]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://co115w.col115.mail.live.com/default.aspx?wa=wsignin1.0
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-10 18:11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 23:11
ComboFix2.txt 2012-07-07 16:49
.
Pre-Run: 158,168,813,568 bytes free
Post-Run: 157,743,443,968 bytes free
.
- - End Of File - - 6F9865490C3BE07CBA2A709C48AEBD45

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[bloodlilly02]

Just wanted to let you know I won't be able to do the next step until possibly Saturday or Sunday.

 

[Broni]

OK...

 

[bloodlilly02]

TDSSKiller Log Pt 1(too long to post)
20:20:10.0836 5360 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:20:11.0371 5360 ============================================================
20:20:11.0371 5360 Current date / time: 2012/07/14 20:20:11.0370
20:20:11.0371 5360 SystemInfo:
20:20:11.0371 5360
20:20:11.0371 5360 OS Version: 6.1.7600 ServicePack: 0.0
20:20:11.0371 5360 Product type: Workstation
20:20:11.0371 5360 ComputerName: DAMIAN2
20:20:11.0372 5360 UserName: Supreme Commander
20:20:11.0372 5360 Windows directory: C:\Windows
20:20:11.0372 5360 System windows directory: C:\Windows
20:20:11.0372 5360 Running under WOW64
20:20:11.0372 5360 Processor architecture: Intel x64
20:20:11.0372 5360 Number of processors: 2
20:20:11.0372 5360 Page size: 0x1000
20:20:11.0372 5360 Boot type: Normal boot
20:20:11.0372 5360 ============================================================
20:20:12.0203 5360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:20:12.0213 5360 ============================================================
20:20:12.0213 5360 \Device\Harddisk0\DR0:
20:20:12.0213 5360 MBR partitions:
20:20:12.0213 5360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:20:12.0213 5360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
20:20:12.0213 5360 ============================================================
20:20:12.0238 5360 C: <-> \Device\Harddisk0\DR0\Partition1
20:20:12.0239 5360 ============================================================
20:20:12.0239 5360 Initialize success
20:20:12.0239 5360 ============================================================
20:20:14.0125 5392 ============================================================
20:20:14.0125 5392 Scan started
20:20:14.0125 5392 Mode: Manual;
20:20:14.0125 5392 ============================================================
20:20:18.0287 5392 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:20:18.0316 5392 1394ohci - ok
20:20:18.0361 5392 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:20:18.0382 5392 ACPI - ok
20:20:18.0410 5392 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:20:18.0414 5392 AcpiPmi - ok
20:20:18.0569 5392 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:20:18.0611 5392 adp94xx - ok
20:20:18.0653 5392 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:20:18.0671 5392 adpahci - ok
20:20:18.0702 5392 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:20:18.0721 5392 adpu320 - ok
20:20:18.0865 5392 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:20:18.0867 5392 AeLookupSvc - ok
20:20:19.0345 5392 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe
20:20:19.0377 5392 AESTFilters - ok
20:20:20.0209 5392 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:20:20.0228 5392 AFD - ok
20:20:20.0268 5392 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:20:20.0273 5392 agp440 - ok
20:20:20.0307 5392 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:20:20.0313 5392 ALG - ok
20:20:20.0338 5392 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:20:20.0342 5392 aliide - ok
20:20:20.0370 5392 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:20:20.0374 5392 amdide - ok
20:20:20.0410 5392 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:20:20.0413 5392 AmdK8 - ok
20:20:20.0432 5392 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:20:20.0436 5392 AmdPPM - ok
20:20:20.0467 5392 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:20:20.0473 5392 amdsata - ok
20:20:20.0504 5392 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:20:20.0539 5392 amdsbs - ok
20:20:20.0556 5392 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:20:20.0559 5392 amdxata - ok
20:20:21.0068 5392 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:20:21.0102 5392 ApfiltrService - ok
20:20:21.0145 5392 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:20:21.0150 5392 AppID - ok
20:20:21.0176 5392 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:20:21.0180 5392 AppIDSvc - ok
20:20:21.0217 5392 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:20:21.0221 5392 Appinfo - ok
20:20:21.0516 5392 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:20:21.0519 5392 Apple Mobile Device - ok
20:20:21.0574 5392 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:20:21.0616 5392 AppMgmt - ok
20:20:21.0647 5392 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:20:21.0653 5392 arc - ok
20:20:21.0690 5392 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:20:21.0696 5392 arcsas - ok
20:20:21.0731 5392 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:20:21.0735 5392 AsyncMac - ok
20:20:21.0772 5392 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:20:21.0777 5392 atapi - ok
20:20:21.0851 5392 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
20:20:21.0890 5392 atksgt - ok
20:20:21.0974 5392 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:20:22.0013 5392 AudioEndpointBuilder - ok
20:20:22.0033 5392 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:20:22.0044 5392 AudioSrv - ok
20:20:27.0700 5392 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
20:20:27.0835 5392 AVGIDSAgent - ok
20:20:29.0602 5392 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:20:29.0616 5392 AVGIDSDriver - ok
20:20:29.0729 5392 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:20:29.0759 5392 AVGIDSFilter - ok
20:20:29.0803 5392 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:20:29.0807 5392 AVGIDSHA - ok
20:20:29.0902 5392 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:20:29.0918 5392 Avgldx64 - ok
20:20:29.0987 5392 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:20:29.0991 5392 Avgmfx64 - ok
20:20:30.0059 5392 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:20:30.0062 5392 Avgrkx64 - ok
20:20:30.0214 5392 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:20:30.0350 5392 Avgtdia - ok
20:20:30.0786 5392 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:20:30.0791 5392 avgwd - ok
20:20:30.0866 5392 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:20:30.0879 5392 AxInstSV - ok
20:20:31.0774 5392 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:20:31.0803 5392 b06bdrv - ok
20:20:31.0940 5392 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:20:31.0960 5392 b57nd60a - ok
20:20:32.0007 5392 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:20:32.0013 5392 BDESVC - ok
20:20:32.0034 5392 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:20:32.0039 5392 Beep - ok
20:20:32.0149 5392 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:20:32.0180 5392 BFE - ok
20:20:33.0898 5392 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:20:33.0932 5392 BITS - ok
20:20:33.0984 5392 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:20:33.0988 5392 blbdrive - ok
20:20:34.0548 5392 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:20:34.0567 5392 Bonjour Service - ok
20:20:34.0635 5392 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:20:34.0640 5392 bowser - ok
20:20:34.0668 5392 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:20:34.0672 5392 BrFiltLo - ok
20:20:34.0690 5392 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:20:34.0694 5392 BrFiltUp - ok
20:20:34.0751 5392 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:20:34.0757 5392 BridgeMP - ok
20:20:34.0807 5392 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:20:34.0823 5392 Browser - ok
20:20:34.0898 5392 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:20:34.0914 5392 Brserid - ok
20:20:34.0938 5392 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:20:34.0943 5392 BrSerWdm - ok
20:20:34.0957 5392 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:20:34.0961 5392 BrUsbMdm - ok
20:20:34.0977 5392 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:20:34.0981 5392 BrUsbSer - ok
20:20:35.0004 5392 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:20:35.0009 5392 BTHMODEM - ok
20:20:35.0045 5392 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:20:35.0048 5392 bthserv - ok
20:20:35.0072 5392 catchme - ok
20:20:35.0105 5392 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:20:35.0115 5392 cdfs - ok
20:20:35.0146 5392 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:20:35.0155 5392 cdrom - ok
20:20:35.0185 5392 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:20:35.0189 5392 CertPropSvc - ok
20:20:35.0208 5392 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:20:35.0212 5392 circlass - ok
20:20:35.0501 5392 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:20:35.0538 5392 CLFS - ok
20:20:35.0609 5392 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:20:35.0614 5392 clr_optimization_v2.0.50727_32 - ok
20:20:35.0661 5392 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:20:35.0667 5392 clr_optimization_v2.0.50727_64 - ok
20:20:35.0988 5392 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:20:35.0997 5392 clr_optimization_v4.0.30319_32 - ok
20:20:36.0059 5392 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:20:36.0065 5392 clr_optimization_v4.0.30319_64 - ok
20:20:36.0105 5392 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:20:36.0109 5392 CmBatt - ok
20:20:36.0122 5392 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:20:36.0126 5392 cmdide - ok
20:20:36.0196 5392 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
20:20:36.0238 5392 CNG - ok
20:20:36.0274 5392 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:20:36.0278 5392 Compbatt - ok
20:20:36.0306 5392 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:20:36.0314 5392 CompositeBus - ok
20:20:36.0326 5392 COMSysApp - ok
20:20:36.0351 5392 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:20:36.0354 5392 crcdisk - ok
20:20:36.0428 5392 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
20:20:36.0432 5392 CryptSvc - ok
20:20:36.0508 5392 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:20:36.0520 5392 CSC - ok
20:20:36.0597 5392 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
20:20:36.0623 5392 CscService - ok
20:20:36.0674 5392 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:20:36.0688 5392 CtClsFlt - ok
20:20:36.0744 5392 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:20:36.0794 5392 DcomLaunch - ok
20:20:36.0841 5392 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:20:36.0860 5392 defragsvc - ok
20:20:37.0016 5392 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:20:37.0031 5392 DfsC - ok
20:20:37.0074 5392 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:20:37.0110 5392 Dhcp - ok
20:20:37.0138 5392 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:20:37.0140 5392 discache - ok
20:20:37.0178 5392 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:20:37.0183 5392 Disk - ok
20:20:37.0344 5392 dleeCATSCustConnectService (6955872bed7981571d4bcbe31ca4e3f8) C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe
20:20:37.0377 5392 dleeCATSCustConnectService - ok
20:20:37.0419 5392 dlee_device - ok
20:20:37.0790 5392 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:20:37.0819 5392 Dnscache - ok
20:20:37.0872 5392 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:20:37.0887 5392 dot3svc - ok
20:20:37.0914 5392 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:20:37.0931 5392 DPS - ok
20:20:37.0966 5392 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:20:37.0970 5392 drmkaud - ok
20:20:38.0523 5392 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:20:38.0566 5392 DXGKrnl - ok
20:20:38.0605 5392 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:20:38.0616 5392 EapHost - ok
20:20:42.0239 5392 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:20:42.0367 5392 ebdrv - ok
20:20:43.0749 5392 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:20:43.0753 5392 EFS - ok
20:20:44.0425 5392 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:20:44.0470 5392 ehRecvr - ok
20:20:44.0528 5392 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:20:44.0533 5392 ehSched - ok
20:20:45.0734 5392 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:20:45.0764 5392 elxstor - ok
20:20:45.0800 5392 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:20:45.0803 5392 ErrDev - ok
20:20:45.0915 5392 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:20:45.0929 5392 EventSystem - ok
20:20:47.0337 5392 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:20:47.0402 5392 EvtEng - ok
20:20:48.0169 5392 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:20:48.0191 5392 exfat - ok
20:20:48.0359 5392 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:20:48.0390 5392 fastfat - ok
20:20:48.0471 5392 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:20:48.0509 5392 Fax - ok
20:20:48.0539 5392 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:20:48.0544 5392 fdc - ok
20:20:48.0564 5392 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:20:48.0569 5392 fdPHost - ok
20:20:48.0587 5392 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:20:48.0590 5392 FDResPub - ok
20:20:48.0608 5392 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:20:48.0611 5392 FileInfo - ok
20:20:48.0625 5392 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:20:48.0628 5392 Filetrace - ok
20:20:48.0647 5392 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:20:48.0651 5392 flpydisk - ok
20:20:49.0216 5392 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:20:49.0249 5392 FltMgr - ok
20:20:50.0529 5392 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:20:50.0584 5392 FontCache - ok
20:20:50.0635 5392 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:20:50.0640 5392 FontCache3.0.0.0 - ok
20:20:50.0770 5392 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:20:50.0773 5392 FsDepends - ok
20:20:50.0809 5392 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:20:50.0813 5392 Fs_Rec - ok
20:20:50.0898 5392 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:20:50.0912 5392 fvevol - ok
20:20:50.0936 5392 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:20:50.0945 5392 gagp30kx - ok
20:20:50.0982 5392 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:20:50.0986 5392 GEARAspiWDM - ok
20:20:51.0577 5392 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:20:51.0616 5392 gpsvc - ok
20:20:51.0726 5392 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:20:51.0731 5392 gupdate - ok
20:20:51.0761 5392 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:20:51.0764 5392 gupdatem - ok
20:20:51.0813 5392 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:20:51.0830 5392 gusvc - ok
20:20:51.0867 5392 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:20:51.0871 5392 hcw85cir - ok
20:20:51.0901 5392 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:20:51.0906 5392 HDAudBus - ok
20:20:51.0928 5392 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:20:51.0932 5392 HidBatt - ok
20:20:51.0960 5392 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:20:51.0965 5392 HidBth - ok
20:20:51.0982 5392 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:20:51.0987 5392 HidIr - ok
20:20:52.0016 5392 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:20:52.0020 5392 hidserv - ok
20:20:52.0056 5392 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:20:52.0060 5392 HidUsb - ok
20:20:52.0081 5392 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:20:52.0087 5392 hkmsvc - ok
20:20:52.0119 5392 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:20:52.0135 5392 HomeGroupListener - ok
20:20:52.0181 5392 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:20:52.0199 5392 HomeGroupProvider - ok
20:20:52.0227 5392 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:20:52.0232 5392 HpSAMD - ok
20:20:52.0292 5392 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:20:52.0322 5392 HTTP - ok
20:20:52.0343 5392 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:20:52.0344 5392 hwpolicy - ok
20:20:52.0386 5392 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:20:52.0391 5392 i8042prt - ok
20:20:52.0449 5392 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:20:52.0455 5392 iaStor - ok
20:20:52.0516 5392 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:20:52.0535 5392 iaStorV - ok
20:20:52.0620 5392 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:20:52.0760 5392 IDriverT - ok
20:20:52.0874 5392 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:20:52.0921 5392 idsvc - ok
20:20:53.0689 5392 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:20:53.0949 5392 igfx - ok
20:20:54.0102 5392 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:20:54.0107 5392 iirsp - ok
20:20:54.0280 5392 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:20:54.0338 5392 IKEEXT - ok
20:20:54.0372 5392 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:20:54.0376 5392 intelide - ok
20:20:54.0404 5392 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:20:54.0408 5392 intelppm - ok
20:20:54.0445 5392 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:20:54.0457 5392 IPBusEnum - ok
20:20:54.0508 5392 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:20:54.0512 5392 IpFilterDriver - ok
20:20:54.0533 5392 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:20:54.0538 5392 IPMIDRV - ok
20:20:54.0563 5392 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:20:54.0578 5392 IPNAT - ok
20:20:54.0728 5392 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files (x86)\iPod\bin\iPodService.exe
20:20:54.0742 5392 iPod Service - ok
20:20:54.0771 5392 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:20:54.0774 5392 IRENUM - ok
20:20:54.0793 5392 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:20:54.0798 5392 isapnp - ok
20:20:54.0835 5392 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:20:54.0848 5392 iScsiPrt - ok
20:20:54.0878 5392 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:20:54.0883 5392 kbdclass - ok
20:20:54.0912 5392 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:20:54.0917 5392 kbdhid - ok
20:20:54.0963 5392 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:20:54.0966 5392 KeyIso - ok
20:20:55.0015 5392 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
20:20:55.0020 5392 KSecDD - ok
20:20:55.0052 5392 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
20:20:55.0070 5392 KSecPkg - ok
20:20:55.0100 5392 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:20:55.0104 5392 ksthunk - ok
20:20:55.0154 5392 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:20:55.0174 5392 KtmRm - ok
20:20:55.0213 5392 kwkxusb (37fac632eea358aea230b44ddac6e0a7) C:\Windows\system32\DRIVERS\kwusb2k.sys
20:20:55.0229 5392 kwkxusb - ok
20:20:55.0274 5392 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
20:20:55.0295 5392 LanmanServer - ok
20:20:55.0335 5392 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:20:55.0353 5392 LanmanWorkstation - ok
20:20:55.0400 5392 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
20:20:55.0404 5392 lirsgt - ok
20:20:55.0437 5392 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:20:55.0441 5392 lltdio - ok
20:20:55.0522 5392 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:20:55.0545 5392 lltdsvc - ok
20:20:55.0561 5392 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:20:55.0568 5392 lmhosts - ok
20:20:55.0618 5392 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:20:55.0629 5392 LSI_FC - ok
20:20:55.0656 5392 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:20:55.0667 5392 LSI_SAS - ok
20:20:55.0694 5392 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:20:55.0699 5392 LSI_SAS2 - ok
20:20:55.0732 5392 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:20:55.0742 5392 LSI_SCSI - ok
20:20:55.0777 5392 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:20:55.0788 5392 luafv - ok
20:20:55.0813 5392 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:20:55.0819 5392 Mcx2Svc - ok

 

[bloodlilly02]

TDSSKiller Log Part 2
20:20:55.0839 5392 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:20:55.0845 5392 megasas - ok
20:20:55.0883 5392 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:20:55.0902 5392 MegaSR - ok
20:20:55.0945 5392 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:20:55.0949 5392 MMCSS - ok
20:20:55.0964 5392 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:20:55.0967 5392 Modem - ok
20:20:55.0995 5392 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:20:55.0998 5392 monitor - ok
20:20:56.0030 5392 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:20:56.0034 5392 mouclass - ok
20:20:56.0055 5392 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:20:56.0059 5392 mouhid - ok
20:20:56.0083 5392 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:20:56.0088 5392 mountmgr - ok
20:20:56.0119 5392 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:20:56.0135 5392 mpio - ok
20:20:56.0164 5392 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:20:56.0178 5392 mpsdrv - ok
20:20:56.0201 5392 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:20:56.0213 5392 MRxDAV - ok
20:20:56.0267 5392 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:20:56.0284 5392 mrxsmb - ok
20:20:56.0327 5392 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:20:56.0341 5392 mrxsmb10 - ok
20:20:56.0367 5392 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:20:56.0372 5392 mrxsmb20 - ok
20:20:56.0396 5392 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
20:20:56.0401 5392 msahci - ok
20:20:56.0438 5392 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:20:56.0450 5392 msdsm - ok
20:20:56.0492 5392 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:20:56.0511 5392 MSDTC - ok
20:20:56.0549 5392 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:20:56.0554 5392 Msfs - ok
20:20:56.0570 5392 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:20:56.0574 5392 mshidkmdf - ok
20:20:56.0592 5392 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:20:56.0596 5392 msisadrv - ok
20:20:56.0640 5392 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:20:56.0645 5392 MSiSCSI - ok
20:20:56.0648 5392 msiserver - ok
20:20:56.0678 5392 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:20:56.0682 5392 MSKSSRV - ok
20:20:56.0702 5392 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:20:56.0706 5392 MSPCLOCK - ok
20:20:56.0721 5392 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:20:56.0725 5392 MSPQM - ok
20:20:56.0758 5392 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:20:56.0772 5392 MsRPC - ok
20:20:56.0793 5392 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:20:56.0796 5392 mssmbios - ok
20:20:56.0802 5392 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:20:56.0805 5392 MSTEE - ok
20:20:56.0841 5392 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:20:56.0846 5392 MTConfig - ok
20:20:56.0868 5392 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:20:56.0871 5392 Mup - ok
20:20:56.0912 5392 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:20:56.0935 5392 napagent - ok
20:20:56.0983 5392 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:20:57.0004 5392 NativeWifiP - ok
20:20:57.0090 5392 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:20:57.0158 5392 NDIS - ok
20:20:57.0185 5392 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:20:57.0189 5392 NdisCap - ok
20:20:57.0215 5392 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:20:57.0219 5392 NdisTapi - ok
20:20:57.0244 5392 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:20:57.0249 5392 Ndisuio - ok
20:20:57.0271 5392 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:20:57.0287 5392 NdisWan - ok
20:20:57.0322 5392 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:20:57.0328 5392 NDProxy - ok
20:20:57.0345 5392 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:20:57.0349 5392 NetBIOS - ok
20:20:57.0420 5392 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:20:57.0436 5392 NetBT - ok
20:20:57.0486 5392 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:20:57.0490 5392 Netlogon - ok
20:20:57.0570 5392 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:20:57.0618 5392 Netman - ok
20:20:57.0686 5392 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:20:57.0712 5392 netprofm - ok
20:20:57.0773 5392 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:20:57.0776 5392 NetTcpPortSharing - ok
20:20:58.0130 5392 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:20:58.0316 5392 NETw5s64 - ok
20:20:58.0772 5392 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:20:58.0956 5392 NETw5v64 - ok
20:20:59.0088 5392 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:20:59.0093 5392 nfrd960 - ok
20:20:59.0151 5392 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:20:59.0170 5392 NlaSvc - ok
20:20:59.0192 5392 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:20:59.0196 5392 Npfs - ok
20:20:59.0214 5392 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:20:59.0218 5392 nsi - ok
20:20:59.0233 5392 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:20:59.0234 5392 nsiproxy - ok
20:20:59.0389 5392 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:20:59.0472 5392 Ntfs - ok
20:20:59.0622 5392 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:20:59.0626 5392 Null - ok
20:20:59.0655 5392 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:20:59.0671 5392 nvraid - ok
20:20:59.0718 5392 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:20:59.0734 5392 nvstor - ok
20:20:59.0776 5392 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:20:59.0782 5392 nv_agp - ok
20:20:59.0825 5392 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
20:20:59.0827 5392 O2FLASH - ok
20:20:59.0864 5392 O2MDGRDR (1b2e099223f16aab166e9602f7a5ecd4) C:\Windows\system32\DRIVERS\o2mdgx64.sys
20:20:59.0869 5392 O2MDGRDR - ok
20:20:59.0887 5392 O2SDGRDR (4c9c52d9f4ea5579ff70123004b9fd06) C:\Windows\system32\DRIVERS\o2sdgx64.sys
20:20:59.0892 5392 O2SDGRDR - ok
20:20:59.0925 5392 OEM13Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
20:20:59.0928 5392 OEM13Vfx - ok
20:20:59.0962 5392 OEM13Vid (10da4a1271f9790bcad5150f5d861655) C:\Windows\system32\DRIVERS\OEM13Vid.sys
20:20:59.0977 5392 OEM13Vid - ok
20:21:00.0005 5392 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:21:00.0010 5392 ohci1394 - ok
20:21:00.0061 5392 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:21:00.0110 5392 p2pimsvc - ok
20:21:00.0153 5392 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:21:00.0204 5392 p2psvc - ok
20:21:00.0228 5392 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:21:00.0234 5392 Parport - ok
20:21:00.0288 5392 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:21:00.0293 5392 partmgr - ok
20:21:00.0325 5392 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:21:00.0341 5392 PcaSvc - ok
20:21:00.0373 5392 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:21:00.0387 5392 pci - ok
20:21:00.0415 5392 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:21:00.0419 5392 pciide - ok
20:21:00.0452 5392 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:21:00.0469 5392 pcmcia - ok
20:21:00.0494 5392 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:21:00.0499 5392 pcw - ok
20:21:00.0551 5392 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:21:00.0589 5392 PEAUTH - ok
20:21:00.0701 5392 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:21:00.0755 5392 PeerDistSvc - ok
20:21:00.0844 5392 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:21:00.0849 5392 PerfHost - ok
20:21:01.0066 5392 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:21:01.0135 5392 pla - ok
20:21:01.0224 5392 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:21:01.0265 5392 PlugPlay - ok
20:21:01.0284 5392 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:21:01.0291 5392 PNRPAutoReg - ok
20:21:01.0336 5392 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:21:01.0343 5392 PNRPsvc - ok
20:21:01.0402 5392 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:21:01.0441 5392 PolicyAgent - ok
20:21:01.0477 5392 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:21:01.0495 5392 Power - ok
20:21:01.0571 5392 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:01.0585 5392 PptpMiniport - ok
20:21:01.0635 5392 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:21:01.0639 5392 Processor - ok
20:21:01.0692 5392 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
20:21:01.0708 5392 ProfSvc - ok
20:21:01.0753 5392 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:01.0756 5392 ProtectedStorage - ok
20:21:01.0786 5392 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:21:01.0791 5392 Psched - ok
20:21:01.0824 5392 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:21:01.0828 5392 PxHlpa64 - ok
20:21:01.0941 5392 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:21:02.0019 5392 ql2300 - ok
20:21:02.0153 5392 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:21:02.0158 5392 ql40xx - ok
20:21:02.0210 5392 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:21:02.0231 5392 QWAVE - ok
20:21:02.0249 5392 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:21:02.0251 5392 QWAVEdrv - ok
20:21:02.0270 5392 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:02.0274 5392 RasAcd - ok
20:21:02.0312 5392 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:21:02.0316 5392 RasAgileVpn - ok
20:21:02.0342 5392 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:21:02.0350 5392 RasAuto - ok
20:21:02.0374 5392 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:02.0379 5392 Rasl2tp - ok
20:21:02.0408 5392 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:21:02.0422 5392 RasMan - ok
20:21:02.0449 5392 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:02.0466 5392 RasPppoe - ok
20:21:02.0493 5392 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:02.0498 5392 RasSstp - ok
20:21:02.0533 5392 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:02.0551 5392 rdbss - ok
20:21:02.0570 5392 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:21:02.0575 5392 rdpbus - ok
20:21:02.0583 5392 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:02.0585 5392 RDPCDD - ok
20:21:02.0654 5392 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:21:02.0658 5392 RDPDR - ok
20:21:02.0685 5392 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:21:02.0687 5392 RDPENCDD - ok
20:21:02.0707 5392 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:21:02.0709 5392 RDPREFMP - ok
20:21:02.0800 5392 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
20:21:02.0815 5392 RDPWD - ok
20:21:02.0835 5392 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:21:02.0844 5392 rdyboost - ok
20:21:02.0982 5392 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:21:02.0995 5392 RegSrvc - ok
20:21:03.0035 5392 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:21:03.0053 5392 RemoteAccess - ok
20:21:03.0083 5392 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:21:03.0102 5392 RemoteRegistry - ok
20:21:03.0127 5392 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:21:03.0134 5392 RpcEptMapper - ok
20:21:03.0164 5392 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:21:03.0170 5392 RpcLocator - ok
20:21:03.0219 5392 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:21:03.0230 5392 RpcSs - ok
20:21:03.0292 5392 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:03.0296 5392 rspndr - ok
20:21:03.0338 5392 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:21:03.0542 5392 RTL8167 - ok
20:21:03.0603 5392 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:21:03.0608 5392 s3cap - ok
20:21:03.0666 5392 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:03.0669 5392 SamSs - ok
20:21:03.0694 5392 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:21:03.0705 5392 sbp2port - ok
20:21:03.0751 5392 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:21:03.0769 5392 SCardSvr - ok
20:21:03.0797 5392 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:21:03.0801 5392 scfilter - ok
20:21:03.0914 5392 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:21:03.0962 5392 Schedule - ok
20:21:03.0989 5392 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:21:03.0990 5392 SCPolicySvc - ok
20:21:04.0015 5392 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:21:04.0033 5392 SDRSVC - ok
20:21:04.0077 5392 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:21:04.0081 5392 secdrv - ok
20:21:04.0100 5392 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:21:04.0107 5392 seclogon - ok
20:21:04.0127 5392 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:21:04.0134 5392 SENS - ok
20:21:04.0155 5392 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:21:04.0163 5392 SensrSvc - ok
20:21:04.0192 5392 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:21:04.0197 5392 Serenum - ok
20:21:04.0233 5392 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:21:04.0239 5392 Serial - ok
20:21:04.0262 5392 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:21:04.0268 5392 sermouse - ok
20:21:04.0326 5392 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:21:04.0330 5392 SessionEnv - ok
20:21:04.0347 5392 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:04.0349 5392 sffdisk - ok
20:21:04.0355 5392 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:21:04.0357 5392 sffp_mmc - ok
20:21:04.0376 5392 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:04.0381 5392 sffp_sd - ok
20:21:04.0403 5392 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:21:04.0407 5392 sfloppy - ok
20:21:04.0448 5392 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:21:04.0461 5392 ShellHWDetection - ok
20:21:04.0480 5392 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:21:04.0485 5392 SiSRaid2 - ok
20:21:04.0509 5392 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:21:04.0515 5392 SiSRaid4 - ok
20:21:04.0611 5392 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
20:21:04.0616 5392 SmartDefragDriver - ok
20:21:04.0677 5392 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:21:04.0681 5392 Smb - ok
20:21:04.0724 5392 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:21:04.0731 5392 SNMPTRAP - ok
20:21:04.0754 5392 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:21:04.0758 5392 spldr - ok
20:21:04.0822 5392 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:21:04.0834 5392 Spooler - ok
20:21:05.0074 5392 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:21:05.0203 5392 sppsvc - ok
20:21:05.0344 5392 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:21:05.0355 5392 sppuinotify - ok
20:21:05.0434 5392 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:21:05.0487 5392 srv - ok
20:21:05.0527 5392 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:21:05.0546 5392 srv2 - ok
20:21:05.0595 5392 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:05.0611 5392 srvnet - ok
20:21:05.0653 5392 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:21:05.0671 5392 SSDPSRV - ok
20:21:05.0700 5392 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:21:05.0707 5392 SstpSvc - ok
20:21:05.0827 5392 STacSV (c270ea56966ad4474d5efe777405e876) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\STacSV64.exe
20:21:05.0832 5392 STacSV - ok
20:21:05.0903 5392 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:21:05.0907 5392 stexstor - ok
20:21:05.0959 5392 STHDA (b11becd8e9cae62b00c6b85ca712dd95) C:\Windows\system32\DRIVERS\stwrt64.sys
20:21:05.0976 5392 STHDA - ok
20:21:06.0042 5392 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:21:06.0103 5392 stisvc - ok
20:21:06.0168 5392 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:21:06.0182 5392 stllssvr - ok
20:21:06.0210 5392 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:21:06.0215 5392 storflt - ok
20:21:06.0246 5392 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:21:06.0253 5392 StorSvc - ok
20:21:06.0277 5392 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:21:06.0282 5392 storvsc - ok
20:21:06.0303 5392 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:21:06.0307 5392 swenum - ok
20:21:06.0376 5392 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:21:06.0415 5392 swprv - ok
20:21:06.0537 5392 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:21:06.0610 5392 SysMain - ok
20:21:06.0732 5392 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:21:06.0745 5392 TabletInputService - ok
20:21:06.0780 5392 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:21:06.0801 5392 TapiSrv - ok
20:21:06.0820 5392 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:21:06.0829 5392 TBS - ok
20:21:07.0002 5392 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:21:07.0082 5392 Tcpip - ok
20:21:07.0316 5392 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:07.0342 5392 TCPIP6 - ok
20:21:07.0492 5392 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:21:07.0496 5392 tcpipreg - ok
20:21:07.0523 5392 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:21:07.0527 5392 TDPIPE - ok
20:21:07.0577 5392 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:21:07.0581 5392 TDTCP - ok
20:21:07.0604 5392 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:21:07.0609 5392 tdx - ok
20:21:07.0633 5392 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:21:07.0638 5392 TermDD - ok
20:21:07.0732 5392 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:21:07.0763 5392 TermService - ok
20:21:07.0780 5392 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:21:07.0788 5392 Themes - ok
20:21:07.0862 5392 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:21:07.0866 5392 THREADORDER - ok
20:21:07.0891 5392 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:21:07.0908 5392 TrkWks - ok
20:21:07.0965 5392 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:21:07.0980 5392 TrustedInstaller - ok
20:21:08.0005 5392 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:08.0007 5392 tssecsrv - ok
20:21:08.0047 5392 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:08.0059 5392 tunnel - ok
20:21:08.0081 5392 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:21:08.0086 5392 uagp35 - ok
20:21:08.0140 5392 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
20:21:08.0157 5392 udfs - ok
20:21:08.0198 5392 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:21:08.0202 5392 UI0Detect - ok
20:21:08.0237 5392 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:21:08.0240 5392 uliagpkx - ok
20:21:08.0266 5392 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:21:08.0271 5392 umbus - ok
20:21:08.0305 5392 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:21:08.0309 5392 UmPass - ok
20:21:08.0353 5392 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
20:21:08.0370 5392 UmRdpService - ok
20:21:08.0411 5392 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:21:08.0431 5392 upnphost - ok
20:21:08.0466 5392 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:21:08.0469 5392 usbbus - ok
20:21:08.0521 5392 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:08.0526 5392 usbccgp - ok
20:21:08.0563 5392 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:21:08.0568 5392 usbcir - ok
20:21:08.0590 5392 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:21:08.0592 5392 UsbDiag - ok
20:21:08.0639 5392 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
20:21:08.0643 5392 usbehci - ok
20:21:08.0666 5392 UsbGps (61e36c3af955cf027c898c997cbf4b32) C:\Windows\system32\DRIVERS\lgx64gps.sys
20:21:08.0670 5392 UsbGps - ok
20:21:08.0752 5392 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:08.0772 5392 usbhub - ok
20:21:08.0805 5392 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:21:08.0809 5392 USBModem - ok
20:21:08.0833 5392 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:21:08.0837 5392 usbohci - ok
20:21:08.0859 5392 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:08.0863 5392 usbprint - ok
20:21:08.0915 5392 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:21:08.0920 5392 usbscan - ok
20:21:08.0944 5392 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:08.0949 5392 USBSTOR - ok
20:21:09.0004 5392 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
20:21:09.0008 5392 usbuhci - ok
20:21:09.0052 5392 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:21:09.0067 5392 usbvideo - ok
20:21:09.0101 5392 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:21:09.0109 5392 UxSms - ok
20:21:09.0153 5392 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:21:09.0157 5392 VaultSvc - ok
20:21:09.0178 5392 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:21:09.0181 5392 vdrvroot - ok
20:21:09.0227 5392 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:21:09.0262 5392 vds - ok
20:21:09.0283 5392 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:09.0287 5392 vga - ok
20:21:09.0312 5392 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:21:09.0317 5392 VgaSave - ok
20:21:09.0352 5392 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:21:09.0367 5392 vhdmp - ok
20:21:09.0398 5392 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:21:09.0402 5392 viaide - ok
20:21:09.0442 5392 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:21:09.0458 5392 vmbus - ok
20:21:09.0481 5392 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:21:09.0485 5392 VMBusHID - ok
20:21:09.0512 5392 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:21:09.0517 5392 volmgr - ok
20:21:09.0554 5392 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:21:09.0574 5392 volmgrx - ok
20:21:09.0612 5392 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:21:09.0634 5392 volsnap - ok
20:21:09.0667 5392 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:21:09.0683 5392 vsmraid - ok
20:21:09.0833 5392 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:21:09.0897 5392 VSS - ok
20:21:10.0048 5392 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
20:21:10.0092 5392 vToolbarUpdater11.2.0 - ok
20:21:10.0225 5392 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:21:10.0229 5392 vwifibus - ok
20:21:10.0252 5392 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:21:10.0256 5392 vwififlt - ok
20:21:10.0307 5392 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:21:10.0343 5392 W32Time - ok
20:21:10.0370 5392 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:21:10.0375 5392 WacomPen - ok
20:21:10.0409 5392 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:10.0414 5392 WANARP - ok
20:21:10.0433 5392 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:10.0436 5392 Wanarpv6 - ok
20:21:10.0554 5392 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:21:10.0609 5392 WatAdminSvc - ok
20:21:10.0740 5392 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:21:10.0801 5392 wbengine - ok
20:21:10.0951 5392 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:21:10.0973 5392 WbioSrvc - ok
20:21:11.0037 5392 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:21:11.0090 5392 wcncsvc - ok
20:21:11.0115 5392 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:21:11.0123 5392 WcsPlugInService - ok
20:21:11.0159 5392 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:21:11.0163 5392 Wd - ok
20:21:11.0228 5392 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:21:11.0294 5392 Wdf01000 - ok
20:21:11.0316 5392 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:21:11.0328 5392 WdiServiceHost - ok
20:21:11.0336 5392 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:21:11.0342 5392 WdiSystemHost - ok
20:21:11.0416 5392 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:21:11.0437 5392 WebClient - ok
20:21:11.0466 5392 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:21:11.0487 5392 Wecsvc - ok
20:21:11.0509 5392 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:21:11.0513 5392 wercplsupport - ok
20:21:11.0545 5392 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:21:11.0549 5392 WerSvc - ok
20:21:11.0587 5392 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:21:11.0592 5392 WfpLwf - ok
20:21:11.0617 5392 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:21:11.0621 5392 WIMMount - ok
20:21:11.0637 5392 WinHttpAutoProxySvc - ok
20:21:11.0734 5392 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:21:11.0750 5392 Winmgmt - ok
20:21:11.0900 5392 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:21:11.0996 5392 WinRM - ok
20:21:12.0218 5392 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:21:12.0277 5392 Wlansvc - ok
20:21:12.0505 5392 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:21:12.0525 5392 wlidsvc - ok
20:21:12.0694 5392 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:21:12.0698 5392 WmiAcpi - ok
20:21:12.0763 5392 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:21:12.0781 5392 wmiApSrv - ok
20:21:12.0831 5392 WMPNetworkSvc - ok
20:21:12.0866 5392 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:21:12.0874 5392 WPCSvc - ok
20:21:12.0900 5392 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:21:12.0919 5392 WPDBusEnum - ok
20:21:12.0942 5392 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:21:12.0944 5392 ws2ifsl - ok
20:21:12.0954 5392 WSearch - ok
20:21:13.0147 5392 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:21:13.0223 5392 wuauserv - ok
20:21:13.0367 5392 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
20:21:13.0372 5392 WudfPf - ok
20:21:13.0412 5392 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:21:13.0428 5392 WUDFRd - ok
20:21:13.0451 5392 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
20:21:13.0463 5392 wudfsvc - ok
20:21:13.0506 5392 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:21:13.0522 5392 WwanSvc - ok
20:21:13.0583 5392 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:21:13.0615 5392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:21:13.0615 5392 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:21:13.0657 5392 Boot (0x1200) (ab9ee09435b14d703f9ae531b92f9658) \Device\Harddisk0\DR0\Partition0
20:21:13.0661 5392 \Device\Harddisk0\DR0\Partition0 - ok
20:21:13.0681 5392 Boot (0x1200) (683f1a8ee592b5a861ff6e3708b41932) \Device\Harddisk0\DR0\Partition1
20:21:13.0685 5392 \Device\Harddisk0\DR0\Partition1 - ok
20:21:13.0686 5392 ============================================================
20:21:13.0686 5392 Scan finished
20:21:13.0686 5392 ============================================================
20:21:13.0721 5416 Detected object count: 1
20:21:13.0721 5416 Actual detected object count: 1
20:21:19.0707 5416 \Device\Harddisk0\DR0\# - copied to quarantine
20:21:19.0709 5416 \Device\Harddisk0\DR0 - copied to quarantine
20:21:19.0854 5416 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:21:19.0862 5416 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:21:19.0903 5416 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:21:19.0930 5416 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:21:19.0933 5416 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:21:19.0936 5416 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:21:19.0940 5416 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:21:19.0947 5416 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:21:19.0954 5416 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:21:19.0958 5416 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:21:19.0961 5416 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:21:19.0964 5416 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:21:19.0998 5416 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:21:20.0004 5416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:21:20.0007 5416 \Device\Harddisk0\DR0 - ok
20:21:20.0066 5416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:21:28.0045 2984 Deinitialize success

 

[Broni]

Good

Re-run MBAM and post new log.

 

[bloodlilly02]

MBAM log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.14.08
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Supreme Commander :: DAMIAN2 [administrator]
7/14/2012 8:52:26 PM
mbam-log-2012-07-14 (20-52-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234960
Time elapsed: 2 minute(s), 40 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3612 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

 

[Broni]

Post new Combofix log.

 

[bloodlilly02]

First time I tried to run combofix today, my computer crashed. This is the log when I ran it for a second time.
ComboFix Log
ComboFix 12-07-16.01 - Supreme Commander 07/17/2012 18:07:03.4.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4057.2716 [GMT -5:00]
Running from: c:\users\Supreme Commander\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 23:15 . 2012-07-17 23:15 -------- d-----w- c:\users\Mcx1-DAMIAN2\AppData\Local\temp
2012-07-17 23:15 . 2012-07-17 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 01:58 . 2010-11-27 00:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-15 01:21 . 2012-07-15 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 02:53 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:15 . 2012-07-17 22:24 -------- d-----w- c:\programdata\MFAData
2012-07-10 22:20 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:20 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:20 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 22:20 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 22:19 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:19 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 22:19 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 22:19 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:19 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 22:19 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 22:19 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 22:19 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 22:19 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 22:18 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 22:18 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-06-30 21:04 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 21:04 . 2012-07-15 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-30 18:54 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-06-30 18:54 . 2012-06-30 20:03 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Systweak
2012-06-30 18:54 . 2012-06-26 17:25 18856 ----a-w- c:\windows\system32\roboot64.exe
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Malwarebytes
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 00:23 . 2012-06-29 00:23 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 17:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 16:59 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 16:59 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 01:19 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 01:19 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 01:19 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 01:15 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 01:14 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 01:13 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 01:13 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 01:13 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 01:13 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 16:28 . 2010-05-07 20:10 65202064 ----a-w- c:\program files (x86)\Tri_Peaks_Solitaire_2-setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-10_22.57.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-28 18:52 . 2012-07-17 22:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-05-28 18:52 . 2012-07-10 22:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-05-28 21:11 . 2012-07-10 22:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-05-28 21:11 . 2012-07-14 22:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-16 17:49 . 2012-07-17 03:00 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071620120717\index.dat
- 2012-05-28 18:52 . 2012-07-10 22:09 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-05-28 18:52 . 2012-07-17 22:30 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-04-30 10:47 . 2012-07-17 22:38 51058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-17 23:00 47616 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-07 19:33 . 2012-07-17 23:00 16118 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3524355026-2606028294-2129067630-1000_UserData.bin
- 2010-05-06 22:26 . 2012-07-10 22:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-06 22:26 . 2012-07-17 22:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-06 22:26 . 2012-07-17 22:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-06 22:26 . 2012-07-10 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 22:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-10 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-29 16:45 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-07-14 21:58 84040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-06-27 22:35 84040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-06-29 16:45 . 2012-07-10 22:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-17 23:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-29 16:45 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-07 19:40 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 19:40 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 19:40 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-07 19:40 . 2012-07-10 22:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-16 18:00 . 2012-07-16 18:00 25600 c:\windows\Installer\11c1fd.msi
+ 2010-07-05 07:06 . 2012-07-11 02:54 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-07-05 07:06 . 2012-07-08 06:22 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-10 22:56 . 2012-07-10 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 23:17 . 2012-07-17 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-10 22:56 . 2012-07-10 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-17 23:17 . 2012-07-17 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-10 22:57 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-17 23:18 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-16 17:49 . 2012-07-16 17:48 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070920120716\index.dat
+ 2010-05-07 21:23 . 2012-07-15 23:19 303836 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:45 . 2012-06-23 16:52 344664 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-07-11 13:28 344664 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:12 . 2012-07-08 18:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-12 00:53 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-10 22:56 330852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-17 23:16 330852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-17 23:18 5292032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-10 22:57 5292032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 23:18 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-06-24 19:22 3871526 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-11 13:32 3871526 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-07-10 22:19 . 2012-06-09 04:46 12868608 c:\windows\SysWOW64\shell32.dll
+ 2009-07-14 02:34 . 2012-07-16 22:12 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-10 22:53 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-07-10 22:20 . 2012-06-09 05:30 14165504 c:\windows\system32\shell32.dll
+ 2010-06-09 22:53 . 2012-07-11 02:50 59701280 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Supreme Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-16 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]
.
c:\users\Supreme Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 53036103;53036103; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys [2007-08-28 213120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe [2009-03-02 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-17 215040]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2010-01-21 26624]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 309248]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://co115w.col115.mail.live.com/default.aspx?wa=wsignin1.0
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-07-17 18:31:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 23:31
ComboFix2.txt 2012-07-10 23:11
ComboFix3.txt 2012-07-07 16:49
.
Pre-Run: 159,537,090,560 bytes free
Post-Run: 159,498,952,704 bytes free
.
- - End Of File - - C35085E7097C7EA5BC35D1471F6F3515

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
53036103

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[bloodlilly02]

Combo Fix Log
ComboFix 12-07-16.01 - Supreme Commander 07/18/2012 18:55:38.8.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4057.3277 [GMT -5:00]
Running from: c:\users\Supreme Commander\Desktop\ComboFix.exe
Command switches used :: c:\users\Supreme Commander\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 00:03 . 2012-07-19 00:03 -------- d-----w- c:\users\Mcx1-DAMIAN2\AppData\Local\temp
2012-07-19 00:03 . 2012-07-19 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 23:35 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D58877B3-9B97-42C3-83D7-9F825CEC002F}\mpengine.dll
2012-07-15 01:58 . 2010-11-27 00:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-15 01:21 . 2012-07-15 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 02:53 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:15 . 2012-07-18 22:31 -------- d-----w- c:\programdata\MFAData
2012-07-10 22:20 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:20 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:20 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 22:20 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 22:19 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:19 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 22:19 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 22:19 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:19 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 22:19 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 22:19 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 22:19 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 22:19 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 22:18 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 22:18 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-06-30 21:04 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 21:04 . 2012-07-15 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-30 18:54 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-06-30 18:54 . 2012-06-30 20:03 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Systweak
2012-06-30 18:54 . 2012-06-26 17:25 18856 ----a-w- c:\windows\system32\roboot64.exe
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\users\Supreme Commander\AppData\Roaming\Malwarebytes
2012-06-30 16:56 . 2012-06-30 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 00:23 . 2012-06-29 00:23 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 17:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 16:59 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 16:59 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 01:19 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 01:19 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 01:19 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 01:15 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 01:14 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 01:13 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 01:13 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 01:13 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 01:13 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 01:13 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-19 01:13 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 17:25 . 2010-12-17 00:52 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-17_23.17.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-28 18:52 . 2012-07-17 22:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-28 18:52 . 2012-07-18 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-18 00:10 . 2012-07-17 23:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071720120718\index.dat
+ 2012-05-28 18:52 . 2012-07-18 22:17 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-05-28 18:52 . 2012-07-17 22:30 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-04-30 10:47 . 2012-07-18 22:41 51638 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-18 23:40 47772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-07 19:33 . 2012-07-18 23:40 16366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3524355026-2606028294-2129067630-1000_UserData.bin
- 2009-07-14 05:30 . 2011-12-03 21:31 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-17 23:38 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-23 06:03 . 2011-05-23 06:03 48992 c:\windows\system32\DriverStore\FileRepository\avgfwfd6.inf_amd64_neutral_ae1e76d52507ef34\avgfwd6a.sys
+ 2010-05-06 22:26 . 2012-07-18 22:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-06 22:26 . 2012-07-17 22:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-06 22:26 . 2012-07-18 22:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-06 22:26 . 2012-07-17 22:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-18 22:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 22:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-18 23:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-29 16:45 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-29 16:45 . 2012-07-18 23:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-29 16:45 . 2012-07-17 23:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-29 16:45 . 2012-07-18 23:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-29 16:45 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-07 19:40 . 2012-07-18 23:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-07 19:40 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-07 19:40 . 2012-07-18 23:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-07 19:40 . 2012-07-17 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-05 07:06 . 2012-07-11 02:54 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-07-05 07:06 . 2012-07-17 23:41 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-17 23:17 . 2012-07-17 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-19 00:04 . 2012-07-19 00:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-19 00:04 . 2012-07-19 00:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-17 23:17 . 2012-07-17 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-17 23:18 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-19 00:05 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:30 . 2011-12-03 21:31 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-17 23:38 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-03 21:31 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-17 23:38 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-07-17 23:16 330852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-18 22:54 330852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-17 23:18 5292032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-19 00:05 5292032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 23:18 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-19 00:05 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-17 23:35 . 2012-07-17 23:35 8452608 c:\windows\Installer\12ceba.msi
+ 2012-07-17 23:36 . 2012-07-17 23:36 2871808 c:\windows\Installer\12ceb6.msi
- 2009-07-14 02:34 . 2012-07-16 22:12 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-18 22:53 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Supreme Commander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-16 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]
.
c:\users\Supreme Commander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\DRIVERS\kwusb2k.sys [2007-08-28 213120]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe [2009-03-02 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-17 215040]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2010-01-21 26624]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 309248]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]
"combofix"="c:\combofix\CF26193.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://co115w.col115.mail.live.com/default.aspx?wa=wsignin1.0
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3524355026-2606028294-2129067630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-18 19:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 00:11
ComboFix2.txt 2012-07-18 23:09
ComboFix3.txt 2012-07-17 23:31
ComboFix4.txt 2012-07-10 23:11
ComboFix5.txt 2012-07-18 23:29
.
Pre-Run: 158,091,120,640 bytes free
Post-Run: 158,037,897,216 bytes free
.
- - End Of File - - 943D81C9201B9959E04D179EAE473BEB

 

[Broni]

Please re-run TDSSKiller one more time.

 

[bloodlilly02]

TDSS Log Pt 1
20:04:35.0911 3076 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:04:36.0815 3076 ============================================================
20:04:36.0815 3076 Current date / time: 2012/07/18 20:04:36.0815
20:04:36.0815 3076 SystemInfo:
20:04:36.0815 3076
20:04:36.0815 3076 OS Version: 6.1.7600 ServicePack: 0.0
20:04:36.0815 3076 Product type: Workstation
20:04:36.0815 3076 ComputerName: DAMIAN2
20:04:36.0815 3076 UserName: Supreme Commander
20:04:36.0815 3076 Windows directory: C:\Windows
20:04:36.0815 3076 System windows directory: C:\Windows
20:04:36.0815 3076 Running under WOW64
20:04:36.0815 3076 Processor architecture: Intel x64
20:04:36.0815 3076 Number of processors: 2
20:04:36.0815 3076 Page size: 0x1000
20:04:36.0815 3076 Boot type: Normal boot
20:04:36.0815 3076 ============================================================
20:04:37.0580 3076 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:04:37.0595 3076 ============================================================
20:04:37.0595 3076 \Device\Harddisk0\DR0:
20:04:37.0595 3076 MBR partitions:
20:04:37.0595 3076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:04:37.0595 3076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
20:04:37.0595 3076 ============================================================
20:04:37.0658 3076 C: <-> \Device\Harddisk0\DR0\Partition1
20:04:37.0658 3076 ============================================================
20:04:37.0658 3076 Initialize success
20:04:37.0658 3076 ============================================================
20:04:39.0655 5412 ============================================================
20:04:39.0655 5412 Scan started
20:04:39.0655 5412 Mode: Manual;
20:04:39.0655 5412 ============================================================
20:04:40.0918 5412 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:04:40.0918 5412 1394ohci - ok
20:04:40.0981 5412 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:04:40.0981 5412 ACPI - ok
20:04:41.0027 5412 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:04:41.0043 5412 AcpiPmi - ok
20:04:41.0121 5412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:41.0152 5412 adp94xx - ok
20:04:41.0199 5412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:04:41.0215 5412 adpahci - ok
20:04:41.0246 5412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:04:41.0261 5412 adpu320 - ok
20:04:41.0277 5412 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:04:41.0277 5412 AeLookupSvc - ok
20:04:41.0449 5412 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\AESTSr64.exe
20:04:41.0449 5412 AESTFilters - ok
20:04:41.0527 5412 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:04:41.0573 5412 AFD - ok
20:04:41.0620 5412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:04:41.0651 5412 agp440 - ok
20:04:41.0714 5412 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:04:41.0714 5412 ALG - ok
20:04:41.0761 5412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:04:41.0776 5412 aliide - ok
20:04:41.0807 5412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:04:41.0823 5412 amdide - ok
20:04:41.0870 5412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:04:41.0885 5412 AmdK8 - ok
20:04:41.0917 5412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:04:41.0948 5412 AmdPPM - ok
20:04:42.0041 5412 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:04:42.0073 5412 amdsata - ok
20:04:42.0307 5412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:04:42.0338 5412 amdsbs - ok
20:04:42.0369 5412 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:04:42.0400 5412 amdxata - ok
20:04:42.0494 5412 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:04:42.0525 5412 ApfiltrService - ok
20:04:42.0587 5412 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:04:42.0603 5412 AppID - ok
20:04:42.0697 5412 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:04:42.0728 5412 AppIDSvc - ok
20:04:42.0790 5412 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:04:42.0790 5412 Appinfo - ok
20:04:42.0931 5412 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:42.0931 5412 Apple Mobile Device - ok
20:04:42.0993 5412 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:04:43.0024 5412 AppMgmt - ok
20:04:43.0071 5412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:04:43.0087 5412 arc - ok
20:04:43.0149 5412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:04:43.0180 5412 arcsas - ok
20:04:43.0227 5412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:43.0258 5412 AsyncMac - ok
20:04:43.0321 5412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:04:43.0336 5412 atapi - ok
20:04:43.0414 5412 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
20:04:43.0445 5412 atksgt - ok
20:04:43.0539 5412 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:04:43.0570 5412 AudioEndpointBuilder - ok
20:04:43.0586 5412 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:04:43.0601 5412 AudioSrv - ok
20:04:43.0804 5412 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
20:04:43.0804 5412 AVP - ok
20:04:43.0882 5412 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:04:43.0898 5412 AxInstSV - ok
20:04:44.0023 5412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:04:44.0116 5412 b06bdrv - ok
20:04:44.0194 5412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:44.0225 5412 b57nd60a - ok
20:04:44.0303 5412 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:04:44.0335 5412 BDESVC - ok
20:04:44.0350 5412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:04:44.0366 5412 Beep - ok
20:04:44.0475 5412 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:04:44.0522 5412 BFE - ok
20:04:44.0740 5412 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:04:44.0771 5412 BITS - ok
20:04:44.0849 5412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:04:44.0865 5412 blbdrive - ok
20:04:45.0146 5412 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:04:45.0161 5412 Bonjour Service - ok
20:04:45.0208 5412 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:04:45.0255 5412 bowser - ok
20:04:45.0302 5412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:04:45.0333 5412 BrFiltLo - ok
20:04:45.0349 5412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:04:45.0364 5412 BrFiltUp - ok
20:04:45.0427 5412 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:04:45.0442 5412 BridgeMP - ok
20:04:45.0598 5412 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:04:45.0598 5412 Browser - ok
20:04:45.0676 5412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:04:45.0723 5412 Brserid - ok
20:04:45.0739 5412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:45.0739 5412 BrSerWdm - ok
20:04:45.0785 5412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:45.0801 5412 BrUsbMdm - ok
20:04:45.0832 5412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:45.0848 5412 BrUsbSer - ok
20:04:45.0863 5412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:04:45.0879 5412 BTHMODEM - ok
20:04:45.0973 5412 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:04:46.0004 5412 bthserv - ok
20:04:46.0066 5412 catchme - ok
20:04:46.0097 5412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:04:46.0129 5412 cdfs - ok
20:04:46.0207 5412 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:04:46.0238 5412 cdrom - ok
20:04:46.0300 5412 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:04:46.0316 5412 CertPropSvc - ok
20:04:46.0363 5412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:04:46.0363 5412 circlass - ok
20:04:46.0394 5412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:04:46.0441 5412 CLFS - ok
20:04:46.0519 5412 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:46.0550 5412 clr_optimization_v2.0.50727_32 - ok
20:04:46.0706 5412 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:04:46.0721 5412 clr_optimization_v2.0.50727_64 - ok
20:04:46.0846 5412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:46.0846 5412 clr_optimization_v4.0.30319_32 - ok
20:04:46.0909 5412 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:04:46.0909 5412 clr_optimization_v4.0.30319_64 - ok
20:04:46.0971 5412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:04:46.0987 5412 CmBatt - ok
20:04:47.0002 5412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:04:47.0018 5412 cmdide - ok
20:04:47.0143 5412 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
20:04:47.0221 5412 CNG - ok
20:04:47.0299 5412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:04:47.0314 5412 Compbatt - ok
20:04:47.0377 5412 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:04:47.0392 5412 CompositeBus - ok
20:04:47.0408 5412 COMSysApp - ok
20:04:47.0501 5412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:04:47.0517 5412 crcdisk - ok
20:04:47.0579 5412 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
20:04:47.0579 5412 CryptSvc - ok
20:04:47.0704 5412 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:04:47.0751 5412 CSC - ok
20:04:48.0203 5412 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
20:04:48.0235 5412 CscService - ok
20:04:48.0313 5412 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:04:48.0344 5412 CtClsFlt - ok
20:04:48.0437 5412 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:04:48.0500 5412 DcomLaunch - ok
20:04:48.0547 5412 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:04:48.0593 5412 defragsvc - ok
20:04:48.0640 5412 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:04:48.0671 5412 DfsC - ok
20:04:48.0734 5412 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:04:48.0781 5412 Dhcp - ok
20:04:48.0796 5412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:04:48.0827 5412 discache - ok
20:04:48.0890 5412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:04:48.0921 5412 Disk - ok
20:04:49.0124 5412 dleeCATSCustConnectService (6955872bed7981571d4bcbe31ca4e3f8) C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe
20:04:49.0186 5412 dleeCATSCustConnectService - ok
20:04:49.0233 5412 dlee_device - ok
20:04:49.0280 5412 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:04:49.0295 5412 Dnscache - ok
20:04:49.0327 5412 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:04:49.0358 5412 dot3svc - ok
20:04:49.0405 5412 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:04:49.0405 5412 DPS - ok
20:04:49.0451 5412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:04:49.0483 5412 drmkaud - ok
20:04:49.0654 5412 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:04:49.0717 5412 DXGKrnl - ok
20:04:49.0763 5412 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:04:49.0763 5412 EapHost - ok
20:04:50.0699 5412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:04:50.0824 5412 ebdrv - ok
20:04:50.0996 5412 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:04:50.0996 5412 EFS - ok
20:04:51.0323 5412 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:04:51.0401 5412 ehRecvr - ok
20:04:51.0433 5412 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:04:51.0448 5412 ehSched - ok
20:04:51.0557 5412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:04:51.0635 5412 elxstor - ok
20:04:51.0698 5412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:04:51.0713 5412 ErrDev - ok
20:04:51.0838 5412 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:04:51.0885 5412 EventSystem - ok
20:04:52.0181 5412 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:04:52.0181 5412 EvtEng - ok
20:04:52.0400 5412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:04:52.0415 5412 exfat - ok
20:04:52.0431 5412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:04:52.0447 5412 fastfat - ok
20:04:52.0556 5412 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:04:52.0587 5412 Fax - ok
20:04:52.0618 5412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:04:52.0634 5412 fdc - ok
20:04:52.0665 5412 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:04:52.0665 5412 fdPHost - ok
20:04:52.0681 5412 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:04:52.0681 5412 FDResPub - ok
20:04:52.0696 5412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:04:52.0712 5412 FileInfo - ok
20:04:52.0727 5412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:04:52.0743 5412 Filetrace - ok
20:04:52.0774 5412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:04:52.0805 5412 flpydisk - ok
20:04:52.0837 5412 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:04:52.0868 5412 FltMgr - ok
20:04:53.0305 5412 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:04:53.0336 5412 FontCache - ok
20:04:53.0398 5412 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:04:53.0398 5412 FontCache3.0.0.0 - ok
20:04:53.0507 5412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:04:53.0523 5412 FsDepends - ok
20:04:53.0585 5412 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:04:53.0617 5412 Fs_Rec - ok
20:04:53.0710 5412 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:04:53.0757 5412 fvevol - ok
20:04:53.0804 5412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:04:53.0835 5412 gagp30kx - ok
20:04:53.0929 5412 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:04:53.0944 5412 GEARAspiWDM - ok
20:04:54.0100 5412 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:04:54.0147 5412 gpsvc - ok
20:04:54.0303 5412 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:54.0303 5412 gupdate - ok
20:04:54.0365 5412 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:54.0365 5412 gupdatem - ok
20:04:54.0397 5412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:04:54.0412 5412 hcw85cir - ok
20:04:54.0443 5412 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:04:54.0443 5412 HDAudBus - ok
20:04:54.0459 5412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:04:54.0475 5412 HidBatt - ok
20:04:54.0490 5412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:04:54.0506 5412 HidBth - ok
20:04:54.0521 5412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:04:54.0537 5412 HidIr - ok
20:04:54.0553 5412 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:04:54.0553 5412 hidserv - ok
20:04:54.0615 5412 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:04:54.0631 5412 HidUsb - ok
20:04:54.0709 5412 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:04:54.0724 5412 hkmsvc - ok
20:04:54.0755 5412 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:04:54.0755 5412 HomeGroupListener - ok
20:04:54.0849 5412 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:04:54.0849 5412 HomeGroupProvider - ok
20:04:54.0911 5412 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:04:54.0927 5412 HpSAMD - ok
20:04:55.0005 5412 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:04:55.0099 5412 HTTP - ok
20:04:55.0161 5412 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:04:55.0177 5412 hwpolicy - ok
20:04:55.0239 5412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:04:55.0255 5412 i8042prt - ok
20:04:55.0348 5412 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:04:55.0348 5412 iaStor - ok
20:04:55.0442 5412 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:04:55.0520 5412 iaStorV - ok
20:04:55.0613 5412 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:04:55.0629 5412 IDriverT - ok
20:04:55.0754 5412 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:04:55.0941 5412 idsvc - ok
20:04:59.0170 5412 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:04:59.0498 5412 igfx - ok
20:04:59.0779 5412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:04:59.0841 5412 iirsp - ok
20:05:00.0403 5412 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:05:00.0418 5412 IKEEXT - ok
20:05:00.0465 5412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:05:00.0465 5412 intelide - ok
20:05:00.0512 5412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:05:00.0512 5412 intelppm - ok
20:05:00.0574 5412 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:05:00.0574 5412 IPBusEnum - ok
20:05:00.0605 5412 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:05:00.0621 5412 IpFilterDriver - ok
20:05:00.0777 5412 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:05:00.0808 5412 iphlpsvc - ok
20:05:00.0824 5412 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:05:00.0855 5412 IPMIDRV - ok
20:05:00.0980 5412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:05:01.0011 5412 IPNAT - ok
20:05:01.0183 5412 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files (x86)\iPod\bin\iPodService.exe
20:05:01.0198 5412 iPod Service - ok
20:05:01.0245 5412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:05:01.0261 5412 IRENUM - ok
20:05:01.0276 5412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:05:01.0292 5412 isapnp - ok
20:05:01.0323 5412 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:05:01.0339 5412 iScsiPrt - ok
20:05:01.0370 5412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:05:01.0385 5412 kbdclass - ok
20:05:01.0432 5412 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:05:01.0432 5412 kbdhid - ok
20:05:01.0479 5412 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:05:01.0479 5412 KeyIso - ok
20:05:01.0588 5412 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
20:05:01.0619 5412 KL1 - ok
20:05:01.0635 5412 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
20:05:01.0651 5412 kl2 - ok
20:05:01.0775 5412 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
20:05:01.0838 5412 KLIF - ok
20:05:01.0900 5412 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
20:05:01.0900 5412 KLIM6 - ok
20:05:01.0931 5412 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
20:05:01.0931 5412 klmouflt - ok
20:05:01.0978 5412 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
20:05:01.0994 5412 KSecDD - ok
20:05:02.0025 5412 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
20:05:02.0041 5412 KSecPkg - ok
20:05:02.0087 5412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:05:02.0103 5412 ksthunk - ok
20:05:02.0165 5412 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:05:02.0197 5412 KtmRm - ok
20:05:02.0259 5412 kwkxusb (37fac632eea358aea230b44ddac6e0a7) C:\Windows\system32\DRIVERS\kwusb2k.sys
20:05:02.0290 5412 kwkxusb - ok
20:05:02.0353 5412 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
20:05:02.0353 5412 LanmanServer - ok
20:05:02.0415 5412 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:05:02.0415 5412 LanmanWorkstation - ok
20:05:02.0571 5412 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
20:05:02.0587 5412 lirsgt - ok
20:05:02.0633 5412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:05:02.0665 5412 lltdio - ok
20:05:02.0743 5412 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:05:02.0789 5412 lltdsvc - ok
20:05:02.0805 5412 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:05:02.0821 5412 lmhosts - ok
20:05:02.0883 5412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:05:02.0945 5412 LSI_FC - ok
20:05:03.0226 5412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:05:03.0257 5412 LSI_SAS - ok
20:05:03.0320 5412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:05:03.0351 5412 LSI_SAS2 - ok
20:05:03.0382 5412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:05:03.0429 5412 LSI_SCSI - ok
20:05:03.0632 5412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:05:03.0647 5412 luafv - ok
20:05:03.0694 5412 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:05:03.0710 5412 Mcx2Svc - ok
20:05:03.0725 5412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:05:03.0741 5412 megasas - ok
20:05:03.0772 5412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:05:03.0803 5412 MegaSR - ok
20:05:03.0850 5412 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:05:03.0850 5412 MMCSS - ok
20:05:03.0866 5412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:05:03.0881 5412 Modem - ok
20:05:03.0928 5412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:05:03.0928 5412 monitor - ok
20:05:03.0991 5412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:05:04.0006 5412 mouclass - ok
20:05:04.0069 5412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:05:04.0084 5412 mouhid - ok
20:05:04.0100 5412 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:05:04.0131 5412 mountmgr - ok
20:05:04.0178 5412 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:05:04.0193 5412 mpio - ok
20:05:04.0209 5412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:05:04.0240 5412 mpsdrv - ok
20:05:04.0755 5412 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:05:04.0771 5412 MpsSvc - ok
20:05:04.0817 5412 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:05:04.0833 5412 MRxDAV - ok
20:05:04.0880 5412 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:05:04.0911 5412 mrxsmb - ok
20:05:04.0958 5412 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:05:05.0005 5412 mrxsmb10 - ok
20:05:05.0083 5412 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:05:05.0114 5412 mrxsmb20 - ok
20:05:05.0145 5412 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
20:05:05.0176 5412 msahci - ok
20:05:05.0207 5412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:05:05.0239 5412 msdsm - ok
20:05:05.0270 5412 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:05:05.0332 5412 MSDTC - ok
20:05:05.0395 5412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:05:05.0426 5412 Msfs - ok

 

[bloodlilly02]

TDSS Log Pt 2
05.0457 5412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:05:05.0488 5412 mshidkmdf - ok
20:05:05.0519 5412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:05:05.0535 5412 msisadrv - ok
20:05:05.0582 5412 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:05:05.0613 5412 MSiSCSI - ok
20:05:05.0629 5412 msiserver - ok
20:05:05.0660 5412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:05:05.0675 5412 MSKSSRV - ok
20:05:05.0691 5412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:05:05.0722 5412 MSPCLOCK - ok
20:05:05.0753 5412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:05:05.0769 5412 MSPQM - ok
20:05:05.0878 5412 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:05:05.0909 5412 MsRPC - ok
20:05:06.0050 5412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:05:06.0050 5412 mssmbios - ok
20:05:06.0081 5412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:05:06.0097 5412 MSTEE - ok
20:05:06.0143 5412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:05:06.0159 5412 MTConfig - ok
20:05:06.0175 5412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:05:06.0206 5412 Mup - ok
20:05:06.0268 5412 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:05:06.0315 5412 napagent - ok
20:05:06.0409 5412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:05:06.0440 5412 NativeWifiP - ok
20:05:06.0611 5412 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:05:06.0627 5412 NDIS - ok
20:05:06.0674 5412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:05:06.0705 5412 NdisCap - ok
20:05:06.0752 5412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:05:06.0783 5412 NdisTapi - ok
20:05:06.0799 5412 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:05:06.0814 5412 Ndisuio - ok
20:05:06.0845 5412 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:05:06.0877 5412 NdisWan - ok
20:05:06.0955 5412 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:05:06.0970 5412 NDProxy - ok
20:05:07.0001 5412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:05:07.0017 5412 NetBIOS - ok
20:05:07.0048 5412 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:05:07.0079 5412 NetBT - ok
20:05:07.0111 5412 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:05:07.0111 5412 Netlogon - ok
20:05:07.0204 5412 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:05:07.0235 5412 Netman - ok
20:05:07.0298 5412 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:05:07.0313 5412 netprofm - ok
20:05:07.0391 5412 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:05:07.0407 5412 NetTcpPortSharing - ok
20:05:08.0764 5412 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:05:09.0092 5412 NETw5s64 - ok
20:05:10.0402 5412 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:05:10.0683 5412 NETw5v64 - ok
20:05:10.0886 5412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:05:10.0901 5412 nfrd960 - ok
20:05:10.0979 5412 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:05:10.0995 5412 NlaSvc - ok
20:05:11.0011 5412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:05:11.0042 5412 Npfs - ok
20:05:11.0073 5412 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:05:11.0073 5412 nsi - ok
20:05:11.0089 5412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:05:11.0104 5412 nsiproxy - ok
20:05:11.0759 5412 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:05:11.0837 5412 Ntfs - ok
20:05:12.0680 5412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:05:12.0695 5412 Null - ok
20:05:12.0914 5412 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:05:12.0945 5412 nvraid - ok
20:05:12.0992 5412 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:05:13.0023 5412 nvstor - ok
20:05:13.0101 5412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:05:13.0132 5412 nv_agp - ok
20:05:13.0210 5412 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
20:05:13.0210 5412 O2FLASH - ok
20:05:13.0241 5412 O2MDGRDR (1b2e099223f16aab166e9602f7a5ecd4) C:\Windows\system32\DRIVERS\o2mdgx64.sys
20:05:13.0257 5412 O2MDGRDR - ok
20:05:13.0351 5412 O2SDGRDR (4c9c52d9f4ea5579ff70123004b9fd06) C:\Windows\system32\DRIVERS\o2sdgx64.sys
20:05:13.0366 5412 O2SDGRDR - ok
20:05:13.0444 5412 OEM13Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
20:05:13.0460 5412 OEM13Vfx - ok
20:05:13.0507 5412 OEM13Vid (10da4a1271f9790bcad5150f5d861655) C:\Windows\system32\DRIVERS\OEM13Vid.sys
20:05:13.0538 5412 OEM13Vid - ok
20:05:13.0569 5412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:05:13.0585 5412 ohci1394 - ok
20:05:13.0741 5412 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:05:13.0741 5412 p2pimsvc - ok
20:05:13.0943 5412 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:05:13.0959 5412 p2psvc - ok
20:05:13.0990 5412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:05:14.0021 5412 Parport - ok
20:05:14.0177 5412 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:05:14.0209 5412 partmgr - ok
20:05:14.0380 5412 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:05:14.0396 5412 PcaSvc - ok
20:05:14.0677 5412 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:05:14.0708 5412 pci - ok
20:05:14.0786 5412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:05:14.0801 5412 pciide - ok
20:05:14.0848 5412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:05:14.0895 5412 pcmcia - ok
20:05:14.0973 5412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:05:15.0129 5412 pcw - ok
20:05:15.0519 5412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:05:15.0613 5412 PEAUTH - ok
20:05:16.0299 5412 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:05:16.0377 5412 PeerDistSvc - ok
20:05:16.0767 5412 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:05:16.0814 5412 PerfHost - ok
20:05:17.0438 5412 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:05:17.0516 5412 pla - ok
20:05:17.0609 5412 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:05:17.0656 5412 PlugPlay - ok
20:05:17.0687 5412 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:05:17.0719 5412 PNRPAutoReg - ok
20:05:17.0797 5412 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:05:17.0797 5412 PNRPsvc - ok
20:05:17.0890 5412 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:05:17.0937 5412 PolicyAgent - ok
20:05:17.0984 5412 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:05:17.0984 5412 Power - ok
20:05:18.0077 5412 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:05:18.0124 5412 PptpMiniport - ok
20:05:18.0171 5412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:05:18.0187 5412 Processor - ok
20:05:18.0265 5412 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
20:05:18.0265 5412 ProfSvc - ok
20:05:18.0327 5412 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:05:18.0343 5412 ProtectedStorage - ok
20:05:18.0405 5412 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:05:18.0436 5412 Psched - ok
20:05:18.0467 5412 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:05:18.0483 5412 PxHlpa64 - ok
20:05:18.0639 5412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:05:18.0733 5412 ql2300 - ok
20:05:19.0091 5412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:05:19.0185 5412 ql40xx - ok
20:05:19.0403 5412 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:05:19.0450 5412 QWAVE - ok
20:05:19.0466 5412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:05:19.0481 5412 QWAVEdrv - ok
20:05:19.0528 5412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:05:19.0544 5412 RasAcd - ok
20:05:19.0637 5412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:05:19.0669 5412 RasAgileVpn - ok
20:05:19.0700 5412 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:05:19.0715 5412 RasAuto - ok
20:05:19.0731 5412 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:05:19.0747 5412 Rasl2tp - ok
20:05:19.0778 5412 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:05:19.0793 5412 RasMan - ok
20:05:19.0809 5412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:05:19.0825 5412 RasPppoe - ok
20:05:19.0825 5412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:05:19.0840 5412 RasSstp - ok
20:05:19.0871 5412 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:05:19.0887 5412 rdbss - ok
20:05:19.0903 5412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:05:19.0918 5412 rdpbus - ok
20:05:19.0918 5412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:05:19.0934 5412 RDPCDD - ok
20:05:19.0965 5412 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:05:19.0981 5412 RDPDR - ok
20:05:20.0027 5412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:05:20.0043 5412 RDPENCDD - ok
20:05:20.0074 5412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:05:20.0090 5412 RDPREFMP - ok
20:05:20.0168 5412 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
20:05:20.0199 5412 RDPWD - ok
20:05:20.0246 5412 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:05:20.0277 5412 rdyboost - ok
20:05:20.0417 5412 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:05:20.0433 5412 RegSrvc - ok
20:05:20.0495 5412 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:05:20.0527 5412 RemoteAccess - ok
20:05:20.0589 5412 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:05:20.0620 5412 RemoteRegistry - ok
20:05:20.0698 5412 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:05:20.0714 5412 RpcEptMapper - ok
20:05:20.0745 5412 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:05:20.0776 5412 RpcLocator - ok
20:05:20.0870 5412 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:05:20.0870 5412 RpcSs - ok
20:05:20.0948 5412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:05:20.0979 5412 rspndr - ok
20:05:21.0041 5412 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:05:21.0057 5412 RTL8167 - ok
20:05:21.0119 5412 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:05:21.0135 5412 s3cap - ok
20:05:21.0197 5412 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:05:21.0197 5412 SamSs - ok
20:05:21.0229 5412 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:05:21.0244 5412 sbp2port - ok
20:05:21.0275 5412 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:05:21.0307 5412 SCardSvr - ok
20:05:21.0322 5412 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:05:21.0338 5412 scfilter - ok
20:05:21.0447 5412 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:05:21.0509 5412 Schedule - ok
20:05:21.0541 5412 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:05:21.0541 5412 SCPolicySvc - ok
20:05:21.0572 5412 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:05:21.0619 5412 SDRSVC - ok
20:05:21.0681 5412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:05:21.0697 5412 secdrv - ok
20:05:21.0712 5412 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:05:21.0712 5412 seclogon - ok
20:05:21.0759 5412 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:05:21.0759 5412 SENS - ok
20:05:21.0775 5412 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:05:21.0790 5412 SensrSvc - ok
20:05:21.0853 5412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:05:21.0884 5412 Serenum - ok
20:05:21.0899 5412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:05:21.0931 5412 Serial - ok
20:05:21.0962 5412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:05:21.0993 5412 sermouse - ok
20:05:22.0055 5412 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:05:22.0055 5412 SessionEnv - ok
20:05:22.0071 5412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:05:22.0071 5412 sffdisk - ok
20:05:22.0087 5412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:05:22.0102 5412 sffp_mmc - ok
20:05:22.0133 5412 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:05:22.0165 5412 sffp_sd - ok
20:05:22.0211 5412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:05:22.0243 5412 sfloppy - ok
20:05:22.0352 5412 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:05:22.0414 5412 SharedAccess - ok
20:05:22.0445 5412 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:05:22.0461 5412 ShellHWDetection - ok
20:05:22.0492 5412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:05:22.0492 5412 SiSRaid2 - ok
20:05:22.0523 5412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:05:22.0539 5412 SiSRaid4 - ok
20:05:22.0586 5412 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
20:05:22.0601 5412 SmartDefragDriver - ok
20:05:22.0679 5412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:05:22.0711 5412 Smb - ok
20:05:22.0773 5412 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:05:22.0773 5412 SNMPTRAP - ok
20:05:22.0789 5412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:05:22.0804 5412 spldr - ok
20:05:22.0867 5412 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:05:22.0882 5412 Spooler - ok
20:05:23.0116 5412 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:05:23.0225 5412 sppsvc - ok
20:05:23.0413 5412 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:05:23.0444 5412 sppuinotify - ok
20:05:23.0569 5412 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:05:23.0631 5412 srv - ok
20:05:23.0678 5412 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:05:23.0725 5412 srv2 - ok
20:05:23.0772 5412 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:05:23.0818 5412 srvnet - ok
20:05:23.0881 5412 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:05:23.0896 5412 SSDPSRV - ok
20:05:23.0943 5412 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:05:23.0943 5412 SstpSvc - ok
20:05:24.0084 5412 STacSV (c270ea56966ad4474d5efe777405e876) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_5a0a40f129797e65\STacSV64.exe
20:05:24.0084 5412 STacSV - ok
20:05:24.0115 5412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:05:24.0146 5412 stexstor - ok
20:05:24.0224 5412 STHDA (b11becd8e9cae62b00c6b85ca712dd95) C:\Windows\system32\DRIVERS\stwrt64.sys
20:05:24.0286 5412 STHDA - ok
20:05:24.0380 5412 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:05:24.0411 5412 stisvc - ok
20:05:24.0474 5412 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:05:24.0505 5412 stllssvr - ok
20:05:24.0567 5412 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:05:24.0583 5412 storflt - ok
20:05:24.0645 5412 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:05:24.0676 5412 StorSvc - ok
20:05:24.0723 5412 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:05:24.0754 5412 storvsc - ok
20:05:24.0817 5412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:05:24.0832 5412 swenum - ok
20:05:24.0942 5412 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:05:24.0973 5412 swprv - ok
20:05:25.0066 5412 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:05:25.0113 5412 SysMain - ok
20:05:25.0222 5412 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:05:25.0254 5412 TabletInputService - ok
20:05:25.0285 5412 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:05:25.0316 5412 TapiSrv - ok
20:05:25.0332 5412 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:05:25.0363 5412 TBS - ok
20:05:25.0550 5412 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:05:25.0659 5412 Tcpip - ok
20:05:25.0940 5412 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:05:25.0971 5412 TCPIP6 - ok
20:05:26.0049 5412 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:05:26.0065 5412 tcpipreg - ok
20:05:26.0096 5412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:05:26.0112 5412 TDPIPE - ok
20:05:26.0158 5412 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:05:26.0158 5412 TDTCP - ok
20:05:26.0190 5412 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:05:26.0205 5412 tdx - ok
20:05:26.0221 5412 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:05:26.0236 5412 TermDD - ok
20:05:26.0299 5412 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:05:26.0314 5412 TermService - ok
20:05:26.0346 5412 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:05:26.0361 5412 Themes - ok
20:05:26.0392 5412 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:05:26.0408 5412 THREADORDER - ok
20:05:26.0424 5412 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:05:26.0439 5412 TrkWks - ok
20:05:26.0486 5412 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:05:26.0502 5412 TrustedInstaller - ok
20:05:26.0517 5412 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:05:26.0548 5412 tssecsrv - ok
20:05:26.0595 5412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:05:26.0642 5412 tunnel - ok
20:05:26.0658 5412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:05:26.0673 5412 uagp35 - ok
20:05:26.0720 5412 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
20:05:26.0798 5412 udfs - ok
20:05:26.0829 5412 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:05:26.0845 5412 UI0Detect - ok
20:05:26.0892 5412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:05:26.0923 5412 uliagpkx - ok
20:05:26.0970 5412 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:05:26.0985 5412 umbus - ok
20:05:27.0032 5412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:05:27.0048 5412 UmPass - ok
20:05:27.0094 5412 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
20:05:27.0110 5412 UmRdpService - ok
20:05:27.0141 5412 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:05:27.0172 5412 upnphost - ok
20:05:27.0219 5412 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:05:27.0250 5412 usbbus - ok
20:05:27.0297 5412 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:05:27.0328 5412 usbccgp - ok
20:05:27.0360 5412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:05:27.0391 5412 usbcir - ok
20:05:27.0422 5412 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:05:27.0438 5412 UsbDiag - ok
20:05:27.0484 5412 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
20:05:27.0500 5412 usbehci - ok
20:05:27.0547 5412 UsbGps (61e36c3af955cf027c898c997cbf4b32) C:\Windows\system32\DRIVERS\lgx64gps.sys
20:05:27.0578 5412 UsbGps - ok
20:05:27.0640 5412 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:05:27.0687 5412 usbhub - ok
20:05:27.0750 5412 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:05:27.0765 5412 USBModem - ok
20:05:27.0781 5412 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:05:27.0796 5412 usbohci - ok
20:05:27.0812 5412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:05:27.0812 5412 usbprint - ok
20:05:27.0890 5412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:05:27.0906 5412 usbscan - ok
20:05:27.0937 5412 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:05:27.0968 5412 USBSTOR - ok
20:05:27.0999 5412 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
20:05:27.0999 5412 usbuhci - ok
20:05:28.0046 5412 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:05:28.0077 5412 usbvideo - ok
20:05:28.0124 5412 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:05:28.0124 5412 UxSms - ok
20:05:28.0171 5412 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:05:28.0171 5412 VaultSvc - ok
20:05:28.0233 5412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:05:28.0249 5412 vdrvroot - ok
20:05:28.0296 5412 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:05:28.0374 5412 vds - ok
20:05:28.0389 5412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:05:28.0420 5412 vga - ok
20:05:28.0436 5412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:05:28.0452 5412 VgaSave - ok
20:05:28.0498 5412 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:05:28.0530 5412 vhdmp - ok
20:05:28.0561 5412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:05:28.0592 5412 viaide - ok
20:05:28.0623 5412 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:05:28.0654 5412 vmbus - ok
20:05:28.0686 5412 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:05:28.0717 5412 VMBusHID - ok
20:05:28.0779 5412 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:05:28.0810 5412 volmgr - ok
20:05:28.0857 5412 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:05:28.0904 5412 volmgrx - ok
20:05:28.0935 5412 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:05:28.0951 5412 volsnap - ok
20:05:28.0998 5412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:05:29.0044 5412 vsmraid - ok
20:05:29.0169 5412 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:05:29.0216 5412 VSS - ok
20:05:29.0341 5412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:05:29.0356 5412 vwifibus - ok
20:05:29.0403 5412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:05:29.0434 5412 vwififlt - ok
20:05:29.0481 5412 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:05:29.0497 5412 W32Time - ok
20:05:29.0528 5412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:05:29.0544 5412 WacomPen - ok
20:05:29.0606 5412 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:05:29.0637 5412 WANARP - ok
20:05:29.0653 5412 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:05:29.0653 5412 Wanarpv6 - ok
20:05:29.0809 5412 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:05:29.0918 5412 WatAdminSvc - ok
20:05:30.0043 5412 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:05:30.0136 5412 wbengine - ok
20:05:30.0246 5412 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:05:30.0292 5412 WbioSrvc - ok
20:05:30.0370 5412 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:05:30.0386 5412 wcncsvc - ok
20:05:30.0417 5412 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:05:30.0448 5412 WcsPlugInService - ok
20:05:30.0480 5412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:05:30.0511 5412 Wd - ok
20:05:30.0573 5412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:05:30.0620 5412 Wdf01000 - ok
20:05:30.0651 5412 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:05:30.0667 5412 WdiServiceHost - ok
20:05:30.0667 5412 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:05:30.0667 5412 WdiSystemHost - ok
20:05:30.0714 5412 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:05:30.0760 5412 WebClient - ok
20:05:30.0823 5412 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:05:30.0870 5412 Wecsvc - ok
20:05:30.0901 5412 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:05:30.0916 5412 wercplsupport - ok
20:05:30.0979 5412 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:05:30.0979 5412 WerSvc - ok
20:05:31.0072 5412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:05:31.0104 5412 WfpLwf - ok
20:05:31.0135 5412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:05:31.0150 5412 WIMMount - ok
20:05:31.0182 5412 WinDefend - ok
20:05:31.0182 5412 WinHttpAutoProxySvc - ok
20:05:31.0260 5412 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:05:31.0260 5412 Winmgmt - ok
20:05:31.0369 5412 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:05:31.0447 5412 WinRM - ok
20:05:31.0603 5412 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:05:31.0634 5412 Wlansvc - ok
20:05:31.0899 5412 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:05:31.0930 5412 wlidsvc - ok
20:05:32.0086 5412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:05:32.0102 5412 WmiAcpi - ok
20:05:32.0180 5412 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:05:32.0227 5412 wmiApSrv - ok
20:05:32.0274 5412 WMPNetworkSvc - ok
20:05:32.0305 5412 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:05:32.0320 5412 WPCSvc - ok
20:05:32.0352 5412 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:05:32.0352 5412 WPDBusEnum - ok
20:05:32.0367 5412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:05:32.0367 5412 ws2ifsl - ok
20:05:32.0445 5412 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
20:05:32.0461 5412 wscsvc - ok
20:05:32.0476 5412 WSearch - ok
20:05:32.0632 5412 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:05:32.0710 5412 wuauserv - ok
20:05:32.0866 5412 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
20:05:32.0898 5412 WudfPf - ok
20:05:32.0976 5412 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:05:33.0007 5412 WUDFRd - ok
20:05:33.0022 5412 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
20:05:33.0022 5412 wudfsvc - ok
20:05:33.0069 5412 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:05:33.0116 5412 WwanSvc - ok
20:05:33.0163 5412 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:05:33.0194 5412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:05:33.0194 5412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:05:33.0272 5412 Boot (0x1200) (ab9ee09435b14d703f9ae531b92f9658) \Device\Harddisk0\DR0\Partition0
20:05:33.0272 5412 \Device\Harddisk0\DR0\Partition0 - ok
20:05:33.0303 5412 Boot (0x1200) (683f1a8ee592b5a861ff6e3708b41932) \Device\Harddisk0\DR0\Partition1
20:05:33.0319 5412 \Device\Harddisk0\DR0\Partition1 - ok
20:05:33.0319 5412 ============================================================
20:05:33.0319 5412 Scan finished
20:05:33.0319 5412 ============================================================
20:05:33.0334 2204 Detected object count: 1
20:05:33.0334 2204 Actual detected object count: 1
20:05:40.0635 2204 \Device\Harddisk0\DR0\# - copied to quarantine
20:05:40.0635 2204 \Device\Harddisk0\DR0 - copied to quarantine
20:05:40.0885 2204 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:05:40.0885 2204 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:05:41.0025 2204 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:05:41.0056 2204 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:05:41.0056 2204 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:05:41.0056 2204 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:05:41.0056 2204 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:05:41.0072 2204 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:05:41.0072 2204 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:05:41.0072 2204 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:05:41.0088 2204 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:05:41.0119 2204 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:05:41.0150 2204 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:05:41.0181 2204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:05:41.0197 2204 \Device\Harddisk0\DR0 - ok
20:05:41.0197 2204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:05:44.0535 4176 Deinitialize success