[A] Svchost.exe trojan.agent + Rootkit.boot.Pihar.c

Inactive
By Dark_Weave
Jun 30, 2012
Topic Status:
Not open for further replies.
  1. Need help with this threat. I do not wish to delete important computer files.
    Malwarebytes picked this up asking me to either ignore or Quarantine.
    TDSS Killer picked up this asking me to cure and continue.
    Both Options + Progams Still running.
    Only working computer in the house unfortunately.
    ______________________________________________________________________________________________________________________________________________________

    Malwarebytes Anti-Malware found the svchost.exe trojan.agent
    TDSS found the Rootkit.boot.Pihar.c
    Physical drive: \Device\Harddisk0\DR0
    Malware object, High Risk

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,427   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    picture of a found item

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 46,427   +252

  5. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    Gmr is frozen at this file: C:\13e7c5c121ce82a898152841\5def402b371c8cbd619208c04806\1fd593c2a50e2d6
  6. Broni

    Broni Malware Annihilator Posts: 46,427   +252

    Try safe mode.
  7. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    I disconnected from the internet, this time it worked. Though it found nothing and left me with no log file.
    So I will move on to step 4.
    Thanks for the speedy responce.
  8. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    I had Malware quarantine the Svchost.exe Trojan.
    And Here is the DDS Log:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Lotus at 15:53:45 on 2012-06-30
    .
    ============== Running Processes ===============
    .
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    \\.\globalroot\systemroot\svchost.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\Lotus\Desktop\Fix!\antiviral stuff\TDSSKiller.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Lotus\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273601105635l03c4z115t48k2v600
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: btjunkie.com\www
    Trusted Zone: btjunkie.org\www
    Trusted Zone: evony.com\www
    Trusted Zone: ivytech.edu\www
    Trusted Zone: yahoo.com\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\24C61696E60216E6460274562796 : DhcpNameServer = 192.168.2.1 68.87.72.134 68.87.77.134
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\354565D27455543545 : DhcpNameServer = 192.168.232.53 192.168.232.52
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\44251474F4E4F5E4564777F627B6 : DhcpNameServer = 68.87.72.134 68.87.77.134
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\44271676F6E602755616675627 : DhcpNameServer = 68.87.72.134 68.87.77.134
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\94679702455636860275962756C6563737 : DhcpNameServer = 10.3.0.130 10.3.0.131
    TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{9BCA9776-5AB0-43D7-9DE4-C8335CE5CE19} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{9E25B191-B249-4EEC-9575-75D245A93718} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{D1CE37E8-56B6-454A-AFD6-9B15719143A0} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{DDECF472-6803-4EEC-861E-C63FDDA8E9EA} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Toolbar Registrar - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB-X64: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? fssfltr;fssfltr
    R? fsssvc;Windows Live Family Safety Service
    R? GamesAppService;GamesAppService
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
    R? MpNWMon;Microsoft Malware Protection Network Driver
    R? MWLService;MyWinLocker Service
    R? netr28ux;RT2870 USB Extensible Wireless LAN Card Driver
    R? NisDrv;Microsoft Network Inspection System
    R? NisSrv;Microsoft Network Inspection
    R? NTIBackupSvc;NTI Backup Now 5 Backup Service
    R? omtllipe;omtllipe
    R? PCTBD;PC Tools Browser Defender Driver
    R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
    R? RtsUIR;Realtek IR Driver
    R? SwitchBoard;Adobe SwitchBoard
    R? TfFsMon;TfFsMon
    R? TfNetMon;TfNetMon
    R? TFSysMon;TFSysMon
    R? WatAdminSvc;Windows Activation Technologies Service
    R? wlcrasvc;Windows Live Mesh remote connections service
    S? AMD External Events Utility;AMD External Events Utility
    S? AMD FUEL Service;AMD FUEL Service
    S? amdiox64;AMD IO Driver
    S? AtiHDAudioService;AMD Function Driver for HD Audio Service
    S? DsiWMIService;Dritek WMI Service
    S? ePowerSvc;Acer ePower Service
    S? Greg_Service;GRegService
    S? icsak;icsak
    S? ISWKL;ZoneAlarm ForceField ISWKL
    S? IswSvc;ZoneAlarm ForceField IswSvc
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? MpFilter;Microsoft Malware Protection Driver
    S? mwlPSDFilter;mwlPSDFilter
    S? mwlPSDNServ;mwlPSDNServ
    S? mwlPSDVDisk;mwlPSDVDisk
    S? NTI IScheduleSvc;NTI IScheduleSvc
    S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
    S? osppsvc;Office Software Protection Platform
    S? RS_Service;Raw Socket Service
    S? RTL8167;Realtek 8167 NT Driver
    S? Updater Service;Updater Service
    S? usbfilter;AMD USB Filter Driver
    S? vwififlt;Virtual WiFi Filter Driver
    S? vwifimp;Microsoft Virtual WiFi Miniport Service
    .
    =============== Created Last 30 ================
    .
    2012-06-30 16:46:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\offreg.dll
    2012-06-30 15:02:39 20480 ------w- C:\Windows\svchost.exe
    2012-06-30 15:01:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{509EEC17-537B-4979-A131-DE504F7BEC54}\gapaengine.dll
    2012-06-30 13:43:06 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1300BB39-F16E-4E5B-BD09-2F91EF1A8E56}\gapaengine.dll
    2012-06-29 07:08:53 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\mpengine.dll
    2012-06-27 22:18:22 -------- d-----w- C:\Users\Lotus\AppData\Roaming\Unity
    2012-06-27 22:16:15 -------- d-----w- C:\Users\Lotus\AppData\Roaming\.mono
    2012-06-27 22:16:15 -------- d-----w- C:\ProgramData\.mono
    2012-06-27 21:27:51 -------- d-----w- C:\Users\Lotus\AppData\Local\Unity
    2012-06-23 05:05:30 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-23 05:05:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-23 05:04:40 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-23 05:04:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-16 03:12:44 -------- d-----w- C:\Program Files (x86)\DIABLO MULE
    2012-06-14 13:44:56 -------- d-----w- C:\ProgramData\RELOADED
    2012-06-14 13:27:18 -------- d-----w- C:\Program Files (x86)\Sins of a Solar Empire Rebellion
    2012-06-14 11:35:26 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EC52D1D-4CE7-4FF4-AEB5-BE049540D265}\mpengine.dll
    2012-06-14 07:16:49 -------- d-----w- C:\Users\Lotus\AppData\Roaming\ApplicationData
    2012-06-14 06:02:40 -------- d-----w- C:\13e7c5c121ce82a898152841
    2012-06-13 01:04:37 -------- d-----w- C:\Windows\AutoKMS
    2012-06-12 22:27:11 -------- d-----w- C:\ProgramData\Kaspersky SDK
    2012-06-12 22:22:25 -------- d-----w- C:\Users\Lotus\AppData\Roaming\CheckPoint
    2012-06-12 22:22:13 -------- d-----w- C:\Users\Lotus\AppData\Roaming\MailFrontier
    2012-06-12 22:05:37 -------- d-----w- C:\Program Files\CheckPoint
    2012-06-12 22:05:25 72584 ----a-w- C:\Windows\zllsputility.exe
    2012-06-12 22:05:17 157712 ----a-w- C:\Windows\System32\drivers\kl1.sys
    2012-06-12 22:03:47 1238408 ----a-w- C:\Windows\SysWow64\zpeng25.dll
    2012-06-12 22:03:45 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
    2012-06-12 22:03:37 445640 ----a-w- C:\Windows\System32\drivers\~GLH0020.TMP
    2012-06-12 22:02:45 445640 ------w- C:\Windows\System32\drivers\vsdatant.sys
    2012-06-12 22:02:06 -------- d-----w- C:\Program Files (x86)\Zone Labs
    2012-06-12 22:01:52 -------- d-----w- C:\ProgramData\CheckPoint
    2012-06-12 22:01:45 -------- d-----w- C:\Windows\Internet Logs
    2012-06-12 21:52:51 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-12 21:52:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 21:52:49 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-12 21:52:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 21:52:47 208896 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-12 21:52:44 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-12 21:52:43 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-12 21:52:42 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-12 21:52:40 3144192 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-12 21:52:37 3213824 ----a-w- C:\Windows\System32\msi.dll
    2012-06-12 21:52:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-12 21:51:56 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-12 21:51:56 1460224 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-12 21:51:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-12 21:51:56 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-12 21:51:56 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-12 21:51:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-12 06:39:07 2387456 ----a-w- C:\Windows\explorer_backup_w7sbc.exe
    2012-06-12 06:38:50 2387456 ----a-w- C:\Windows\explorer_backup.exe
    2012-06-12 06:38:50 -------- d-----w- C:\ProgramData\Start Orb Manager
    2012-06-12 05:00:44 712704 ----a-w- C:\Windows\System32\netr28x.sys
    2012-06-12 05:00:08 -------- d-----w- C:\ProgramData\Ralink
    2012-06-12 04:57:07 1542656 ----a-w- C:\Windows\System32\athrx.sys
    2012-06-12 04:57:07 -------- d-----w- C:\Windows\Options
    2012-06-12 04:57:07 -------- d-----w- C:\Program Files (x86)\Atheros
    2012-06-12 04:56:26 -------- d-----w- C:\ProgramData\Atheros
    2012-06-11 22:33:01 -------- d-----w- C:\Program Files\CCleaner
    2012-06-10 09:15:55 2870272 ----a-w- C:\Windows\explorer_edit_w7sbc.exe
    2012-06-10 09:15:55 2387456 ----a-w- C:\Windows\explorer.exe
    2012-06-10 09:15:55 -------- d-----w- C:\Windows\W7SBC
    2012-06-10 08:21:28 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2012-06-10 03:07:05 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-06-10 00:17:33 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-06-10 00:15:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-06-09 05:44:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-09 01:23:21 -------- d-----w- C:\DriveKey
    2012-06-09 01:20:00 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-06-07 21:28:29 -------- d-----w- C:\Users\Lotus\AppData\Roaming\BabylonToolbar
    2012-06-07 21:27:47 -------- d-----w- C:\Users\Lotus\AppData\Roaming\Babylon
    2012-06-07 21:19:34 -------- d-----w- C:\Program Files\SmartPCFixer
    2012-06-07 11:19:13 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
    2012-06-06 06:02:47 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
    2012-06-06 06:02:47 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
    2012-06-06 06:02:12 336896 ----a-w- C:\Windows\System32\CNMLM9W.DLL
    2012-06-06 06:02:07 244736 ----a-w- C:\Windows\System32\CNMIU9W.DLL
    2012-06-04 22:52:55 -------- d-----w- C:\Users\Lotus\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    2012-06-04 11:51:07 -------- d-----w- C:\Users\Lotus\AppData\Roaming\YourFileDownloader
    .
    ==================== Find3M ====================
    .
    2012-06-16 03:27:58 94208 ----a-w- C:\Windows\DIIUnin.exe
    2012-06-16 03:27:58 2829 ----a-w- C:\Windows\DIIUnin.pif
    2012-06-14 08:29:46 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-06-14 08:29:44 175104 ----a-w- C:\Windows\System32\msclmd.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-03 02:55:52 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
    2012-05-03 02:55:52 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 15:59:16.68 ===============
  9. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    The Attach log:
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Acer Assist
    Acer Backup Manager
    Acer Crystal Eye webcam Ver:1.1.91.624
    Acer ePower Management
    Acer eRecovery Management
    Acer GridVista
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Action Replay Code Manager
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.5.1 MUI
    Adobe Shockwave Player 11.5
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Atheros Driver Installation Program
    Audacity 1.3.14 (Unicode)
    AVS Audio CD Creator version 3.8
    AVS Audio Converter version 6.2
    AVS Cover Editor 2.0.1.3
    AVS Disc Creator version 4.1
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.4
    BabylonObjectInstaller
    Backup Manager Basic
    Battle vs. Chess
    Bing Rewards Client Installer
    Broadcom Wireless LAN Driver Installation Program for Windows7
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help English
    Cisco Network Magic
    City of Heroes
    Comcast High-Speed Internet Install Wizard
    Command & Conquer 3
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    D2600
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dev-C++ 5 beta 9 release (4.9.9.2)
    DeviceDiscovery
    Diablo II
    DivX Setup
    DJ_SF_05_D2600_Software_Min
    DVD Shrink 3.2
    eSobi v2
    ForceBindIP
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Guitar Pro 6 Demo
    Hero Editor V1.04
    Hewlett-Packard ACLM.NET v1.1.0.0
    HP Product Detection
    HP Update
    HP USB Disk Storage Format Tool
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    ICCup Launcher
    Identity Card
    ImgBurn
    Impulse
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    jZip
    Launch Manager
    League of Legends
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft Default Manager
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML4 Parser
    MTX
    MTXExtractor
    MyWinLocker
    NCsoft Launcher
    Network Magic
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    Pando Media Booster
    PDF Settings CS5
    PhoTags Express
    Power Tab Editor 1.7
    PowerISO
    Programmer's Notepad 2
    Pure Networks Platform
    Ralink Wireless LAN v3.0.2.0 Installation Program for Windows7
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Sid Meier's Civilization V - Game of the Year Edition
    Sins of a Solar Empire Rebellion (c) Stardock version 1
    SolutionCenter
    Status
    Toolbox
    TrayApp
    Uniblue RegistryBooster
    Uninstall Dual Mode Camera
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    VGA Dual-Mode Camera
    V*****Maps Map Overlay
    VLC media player 1.0.5
    WebReg
    Welcome Center
    WildTangent Games App (Acer Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Xfire (remove only)
    Xilisoft AVI to DVD Converter
    Xvid Video Codec
    Zip Motion Block Video codec (Remove Only)
    ZoneAlarm Extreme Security
    .
    ==== End Of File ===========================
  10. Broni

    Broni Malware Annihilator Posts: 46,427   +252

    I need all logs to be posted.

    [​IMG]
  11. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    Be back in 3 hours or less.
     
  12. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    2012/06/30 05:26:46 -0400 DRAGON Lotus MESSAGE Starting protection
    2012/06/30 05:26:58 -0400 DRAGON Lotus MESSAGE Protection started successfully
    2012/06/30 05:27:01 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 05:27:11 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
    2012/06/30 05:32:44 -0400 DRAGON Lotus IP-BLOCK 212.113.46.142 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:41:52 -0400 DRAGON Lotus IP-BLOCK 89.28.80.233 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:42:50 -0400 DRAGON Lotus IP-BLOCK 31.133.47.225 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:58:03 -0400 DRAGON Lotus IP-BLOCK 222.65.156.107 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:59:01 -0400 DRAGON Lotus IP-BLOCK 89.28.46.208 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 10:00:46 -0400 DRAGON Lotus MESSAGE Starting protection
    2012/06/30 10:00:55 -0400 DRAGON Lotus MESSAGE Protection started successfully
    2012/06/30 10:00:58 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 10:01:07 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
    2012/06/30 11:06:23 -0400 DRAGON Lotus MESSAGE Starting protection
    2012/06/30 11:06:35 -0400 DRAGON Lotus MESSAGE Protection started successfully
    2012/06/30 11:06:38 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 11:06:46 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
    2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/30 15:16:34 -0400 DRAGON Lotus ERROR Quarantine failed: DeleteFile failed with error code 5
  13. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    12:57:47.0175 3104 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
    12:57:47.0611 3104 ============================================================
    12:57:47.0611 3104 Current date / time: 2012/06/30 12:57:47.0611
    12:57:47.0611 3104 SystemInfo:
    12:57:47.0611 3104
    12:57:47.0611 3104 OS Version: 6.1.7600 ServicePack: 0.0
    12:57:47.0611 3104 Product type: Workstation
    12:57:47.0611 3104 ComputerName: DRAGON
    12:57:47.0611 3104 UserName: Lotus
    12:57:47.0611 3104 Windows directory: C:\Windows
    12:57:47.0611 3104 System windows directory: C:\Windows
    12:57:47.0611 3104 Running under WOW64
    12:57:47.0611 3104 Processor architecture: Intel x64
    12:57:47.0611 3104 Number of processors: 2
    12:57:47.0611 3104 Page size: 0x1000
    12:57:47.0611 3104 Boot type: Normal boot
    12:57:47.0611 3104 ============================================================
    12:57:49.0468 3104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:57:49.0483 3104 ============================================================
    12:57:49.0483 3104 \Device\Harddisk0\DR0:
    12:57:49.0483 3104 MBR partitions:
    12:57:49.0483 3104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
    12:57:49.0483 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384
    12:57:49.0483 3104 ============================================================
    12:57:49.0515 3104 C: <-> \Device\Harddisk0\DR0\Partition1
    12:57:49.0515 3104 ============================================================
    12:57:49.0515 3104 Initialize success
    12:57:49.0515 3104 ============================================================
    12:58:04.0460 5528 ============================================================
    12:58:04.0460 5528 Scan started
    12:58:04.0460 5528 Mode: Manual;
    12:58:04.0460 5528 ============================================================
    12:58:10.0980 5528 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
    12:58:10.0996 5528 1394ohci - ok
    12:58:11.0074 5528 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
    12:58:11.0090 5528 ACPI - ok
    12:58:11.0136 5528 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
    12:58:11.0136 5528 AcpiPmi - ok
    12:58:11.0199 5528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    12:58:11.0214 5528 adp94xx - ok
    12:58:11.0261 5528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    12:58:11.0292 5528 adpahci - ok
    12:58:11.0324 5528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    12:58:11.0339 5528 adpu320 - ok
    12:58:11.0386 5528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    12:58:11.0402 5528 AeLookupSvc - ok
    12:58:11.0511 5528 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    12:58:11.0542 5528 AFD - ok
    12:58:11.0589 5528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    12:58:11.0604 5528 agp440 - ok
    12:58:11.0636 5528 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    12:58:11.0651 5528 ALG - ok
    12:58:11.0667 5528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    12:58:11.0667 5528 aliide - ok
    12:58:11.0714 5528 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
    12:58:11.0729 5528 AMD External Events Utility - ok
    12:58:11.0823 5528 AMD FUEL Service - ok
    12:58:11.0870 5528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    12:58:11.0870 5528 amdide - ok
    12:58:11.0901 5528 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    12:58:11.0916 5528 amdiox64 - ok
    12:58:11.0948 5528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    12:58:11.0963 5528 AmdK8 - ok
    12:58:11.0994 5528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    12:58:12.0010 5528 AmdPPM - ok
    12:58:12.0072 5528 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    12:58:12.0088 5528 amdsata - ok
    12:58:12.0119 5528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    12:58:12.0150 5528 amdsbs - ok
    12:58:12.0166 5528 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    12:58:12.0182 5528 amdxata - ok
    12:58:12.0244 5528 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    12:58:12.0244 5528 AppID - ok
    12:58:12.0275 5528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    12:58:12.0291 5528 AppIDSvc - ok
    12:58:12.0353 5528 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    12:58:12.0369 5528 Appinfo - ok
    12:58:12.0416 5528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    12:58:12.0431 5528 arc - ok
    12:58:12.0462 5528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    12:58:12.0478 5528 arcsas - ok
    12:58:12.0603 5528 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    12:58:12.0634 5528 aspnet_state - ok
    12:58:12.0696 5528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:58:12.0696 5528 AsyncMac - ok
    12:58:12.0728 5528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    12:58:12.0743 5528 atapi - ok
    12:58:12.0868 5528 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
    12:58:12.0915 5528 athr - ok
    12:58:13.0040 5528 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
    12:58:13.0055 5528 AtiHDAudioService - ok
    12:58:13.0133 5528 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
    12:58:13.0149 5528 AtiHdmiService - ok
    12:58:13.0523 5528 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
    12:58:13.0710 5528 atikmdag - ok
    12:58:13.0835 5528 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    12:58:13.0851 5528 AtiPcie - ok
    12:58:13.0929 5528 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    12:58:13.0944 5528 AudioEndpointBuilder - ok
    12:58:13.0960 5528 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    12:58:13.0976 5528 AudioSrv - ok
    12:58:14.0007 5528 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    12:58:14.0022 5528 AxInstSV - ok
    12:58:14.0085 5528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    12:58:14.0100 5528 b06bdrv - ok
    12:58:14.0132 5528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:58:14.0147 5528 b57nd60a - ok
    12:58:14.0194 5528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    12:58:14.0210 5528 BDESVC - ok
    12:58:14.0241 5528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    12:58:14.0256 5528 Beep - ok
    12:58:14.0350 5528 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    12:58:14.0366 5528 BFE - ok
    12:58:14.0475 5528 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    12:58:14.0553 5528 BITS - ok
    12:58:14.0615 5528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    12:58:14.0631 5528 blbdrive - ok
    12:58:14.0693 5528 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    12:58:14.0709 5528 bowser - ok
    12:58:14.0724 5528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:58:14.0740 5528 BrFiltLo - ok
    12:58:14.0756 5528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:58:14.0756 5528 BrFiltUp - ok
    12:58:14.0818 5528 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    12:58:14.0834 5528 BridgeMP - ok
    12:58:14.0912 5528 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    12:58:14.0927 5528 Browser - ok
    12:58:14.0958 5528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    12:58:14.0974 5528 Brserid - ok
    12:58:15.0005 5528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    12:58:15.0021 5528 BrSerWdm - ok
    12:58:15.0036 5528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:58:15.0036 5528 BrUsbMdm - ok
    12:58:15.0052 5528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    12:58:15.0052 5528 BrUsbSer - ok
    12:58:15.0068 5528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    12:58:15.0083 5528 BTHMODEM - ok
    12:58:15.0130 5528 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    12:58:15.0146 5528 bthserv - ok
    12:58:15.0192 5528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    12:58:15.0208 5528 cdfs - ok
    12:58:15.0255 5528 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
    12:58:15.0270 5528 cdrom - ok
    12:58:15.0333 5528 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    12:58:15.0348 5528 CertPropSvc - ok
    12:58:15.0380 5528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    12:58:15.0395 5528 circlass - ok
    12:58:15.0473 5528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    12:58:15.0489 5528 CLFS - ok
    12:58:15.0567 5528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:58:15.0582 5528 clr_optimization_v2.0.50727_32 - ok
    12:58:15.0645 5528 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:58:15.0676 5528 clr_optimization_v2.0.50727_64 - ok
    12:58:15.0723 5528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:58:15.0785 5528 clr_optimization_v4.0.30319_32 - ok
    12:58:15.0816 5528 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:58:15.0832 5528 clr_optimization_v4.0.30319_64 - ok
    12:58:15.0863 5528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    12:58:15.0879 5528 CmBatt - ok
    12:58:15.0941 5528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    12:58:15.0957 5528 cmdide - ok
    12:58:16.0019 5528 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    12:58:16.0050 5528 CNG - ok
    12:58:16.0082 5528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    12:58:16.0097 5528 Compbatt - ok
    12:58:16.0144 5528 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
    12:58:16.0160 5528 CompositeBus - ok
    12:58:16.0175 5528 COMSysApp - ok
    12:58:16.0206 5528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    12:58:16.0222 5528 crcdisk - ok
    12:58:16.0284 5528 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    12:58:16.0300 5528 CryptSvc - ok
    12:58:16.0378 5528 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    12:58:16.0409 5528 DcomLaunch - ok
    12:58:16.0456 5528 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    12:58:16.0472 5528 defragsvc - ok
    12:58:16.0534 5528 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    12:58:16.0550 5528 DfsC - ok
    12:58:16.0612 5528 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    12:58:16.0628 5528 Dhcp - ok
    12:58:16.0659 5528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    12:58:16.0674 5528 discache - ok
    12:58:16.0690 5528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    12:58:16.0706 5528 Disk - ok
    12:58:16.0799 5528 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
    12:58:16.0815 5528 DKbFltr - ok
    12:58:16.0877 5528 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    12:58:16.0893 5528 Dnscache - ok
    12:58:16.0955 5528 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    12:58:16.0986 5528 dot3svc - ok
    12:58:17.0064 5528 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    12:58:17.0080 5528 Dot4 - ok
    12:58:17.0111 5528 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\drivers\Dot4Prt.sys
    12:58:17.0127 5528 Dot4Print - ok
    12:58:17.0142 5528 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    12:58:17.0158 5528 dot4usb - ok
    12:58:17.0205 5528 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    12:58:17.0236 5528 DPS - ok
    12:58:17.0283 5528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    12:58:17.0283 5528 drmkaud - ok
    12:58:17.0345 5528 DsiWMIService (edf7343acaab182c082f26ea97706e83) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    12:58:17.0361 5528 DsiWMIService - ok
    12:58:17.0501 5528 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    12:58:17.0517 5528 DXGKrnl - ok
    12:58:17.0564 5528 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    12:58:17.0579 5528 EapHost - ok
    12:58:17.0766 5528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    12:58:17.0829 5528 ebdrv - ok
    12:58:17.0922 5528 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    12:58:17.0938 5528 EFS - ok
    12:58:18.0047 5528 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    12:58:18.0063 5528 ehRecvr - ok
    12:58:18.0094 5528 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    12:58:18.0110 5528 ehSched - ok
    12:58:18.0219 5528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    12:58:18.0234 5528 elxstor - ok
    12:58:18.0359 5528 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    12:58:18.0375 5528 ePowerSvc - ok
    12:58:18.0500 5528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    12:58:18.0515 5528 ErrDev - ok
    12:58:18.0593 5528 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    12:58:18.0609 5528 EventSystem - ok
    12:58:18.0671 5528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    12:58:18.0687 5528 exfat - ok
    12:58:18.0734 5528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    12:58:18.0749 5528 fastfat - ok
    12:58:18.0827 5528 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    12:58:18.0843 5528 Fax - ok
    12:58:18.0858 5528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    12:58:18.0874 5528 fdc - ok
    12:58:18.0921 5528 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    12:58:18.0921 5528 fdPHost - ok
    12:58:18.0936 5528 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    12:58:18.0952 5528 FDResPub - ok
    12:58:18.0968 5528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    12:58:18.0983 5528 FileInfo - ok
    12:58:18.0999 5528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    12:58:19.0014 5528 Filetrace - ok
    12:58:19.0046 5528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:58:19.0061 5528 flpydisk - ok
    12:58:19.0124 5528 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    12:58:19.0139 5528 FltMgr - ok
    12:58:19.0233 5528 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
    12:58:19.0264 5528 FontCache - ok
    12:58:19.0342 5528 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:58:19.0358 5528 FontCache3.0.0.0 - ok
    12:58:19.0420 5528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    12:58:19.0436 5528 FsDepends - ok
    12:58:19.0498 5528 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    12:58:19.0514 5528 fssfltr - ok
    12:58:19.0685 5528 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    12:58:19.0716 5528 fsssvc - ok
    12:58:19.0810 5528 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    12:58:19.0826 5528 Fs_Rec - ok
    12:58:19.0888 5528 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    12:58:19.0904 5528 fvevol - ok
    12:58:19.0935 5528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:58:19.0950 5528 gagp30kx - ok
    12:58:20.0075 5528 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    12:58:20.0091 5528 GamesAppService - ok
    12:58:20.0247 5528 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    12:58:20.0262 5528 gpsvc - ok
    12:58:20.0372 5528 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    12:58:20.0387 5528 Greg_Service - ok
    12:58:20.0465 5528 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:58:20.0481 5528 gupdate - ok
    12:58:20.0512 5528 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:58:20.0528 5528 gupdatem - ok
    12:58:20.0559 5528 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    12:58:20.0606 5528 gusvc - ok
    12:58:20.0715 5528 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    12:58:20.0730 5528 hamachi - ok
    12:58:20.0762 5528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    12:58:20.0777 5528 hcw85cir - ok
    12:58:20.0855 5528 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    12:58:20.0871 5528 HdAudAddService - ok
    12:58:20.0933 5528 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
    12:58:20.0949 5528 HDAudBus - ok
    12:58:20.0996 5528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    12:58:21.0011 5528 HidBatt - ok
    12:58:21.0027 5528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    12:58:21.0042 5528 HidBth - ok
    12:58:21.0058 5528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    12:58:21.0074 5528 HidIr - ok
    12:58:21.0136 5528 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    12:58:21.0152 5528 hidserv - ok
    12:58:21.0198 5528 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
    12:58:21.0214 5528 HidUsb - ok
    12:58:21.0261 5528 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    12:58:21.0276 5528 hkmsvc - ok
    12:58:21.0308 5528 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    12:58:21.0323 5528 HomeGroupListener - ok
    12:58:21.0386 5528 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    12:58:21.0401 5528 HomeGroupProvider - ok
    12:58:21.0542 5528 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    12:58:21.0557 5528 hpqcxs08 - ok
    12:58:21.0604 5528 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    12:58:21.0620 5528 hpqddsvc - ok
    12:58:21.0666 5528 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
    12:58:21.0682 5528 HpSAMD - ok
    12:58:21.0791 5528 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    12:58:21.0807 5528 HTTP - ok
    12:58:21.0822 5528 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    12:58:21.0838 5528 hwpolicy - ok
    12:58:21.0869 5528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    12:58:21.0885 5528 i8042prt - ok
    12:58:21.0963 5528 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    12:58:21.0978 5528 iaStorV - ok
    12:58:22.0103 5528 icsak (c22ec5ec1df8867815aff044604011be) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
    12:58:22.0119 5528 icsak - ok
    12:58:22.0228 5528 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    12:58:22.0259 5528 IDriverT - ok
    12:58:22.0431 5528 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:58:22.0462 5528 idsvc - ok
    12:58:22.0556 5528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    12:58:22.0571 5528 iirsp - ok
    12:58:22.0665 5528 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    12:58:22.0696 5528 IKEEXT - ok
    12:58:22.0836 5528 IntcAzAudAddService (d8bce8176cb1084c6f5830c019d47166) C:\Windows\system32\drivers\RTKVHD64.sys
    12:58:22.0883 5528 IntcAzAudAddService - ok
    12:58:22.0992 5528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    12:58:23.0008 5528 intelide - ok
    12:58:23.0039 5528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    12:58:23.0055 5528 intelppm - ok
    12:58:23.0102 5528 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    12:58:23.0117 5528 IPBusEnum - ok
    12:58:23.0195 5528 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:58:23.0211 5528 IpFilterDriver - ok
    12:58:23.0289 5528 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    12:58:23.0304 5528 iphlpsvc - ok
    12:58:23.0351 5528 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
    12:58:23.0367 5528 IPMIDRV - ok
    12:58:23.0414 5528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    12:58:23.0429 5528 IPNAT - ok
    12:58:23.0460 5528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    12:58:23.0476 5528 IRENUM - ok
    12:58:23.0507 5528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    12:58:23.0523 5528 isapnp - ok
    12:58:23.0601 5528 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
    12:58:23.0616 5528 iScsiPrt - ok
    12:58:23.0741 5528 ISWKL (50a9a9567acf3ab947e7c8673e935030) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    12:58:23.0757 5528 ISWKL - ok
    12:58:23.0804 5528 IswSvc (351d183865622834dba09aa6de8b64e1) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    12:58:23.0819 5528 IswSvc - ok
    12:58:23.0850 5528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    12:58:23.0866 5528 kbdclass - ok
    12:58:23.0913 5528 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
    12:58:23.0928 5528 kbdhid - ok
    12:58:23.0960 5528 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:58:23.0960 5528 KeyIso - ok
    12:58:24.0069 5528 kl1 (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\kl1.sys
    12:58:24.0084 5528 kl1 - ok
    12:58:24.0162 5528 KLIF (340dd771b79f5b6eb88c4eafece3dd3f) C:\Windows\system32\DRIVERS\klif.sys
    12:58:24.0178 5528 KLIF - ok
    12:58:24.0225 5528 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    12:58:24.0256 5528 KSecDD - ok
    12:58:24.0272 5528 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    12:58:24.0287 5528 KSecPkg - ok
    12:58:24.0318 5528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    12:58:24.0334 5528 ksthunk - ok
    12:58:24.0396 5528 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    12:58:24.0428 5528 KtmRm - ok
    12:58:24.0490 5528 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    12:58:24.0506 5528 LanmanServer - ok
    12:58:24.0568 5528 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    12:58:24.0599 5528 LanmanWorkstation - ok
    12:58:24.0630 5528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    12:58:24.0646 5528 lltdio - ok
    12:58:24.0693 5528 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    12:58:24.0724 5528 lltdsvc - ok
    12:58:24.0740 5528 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    12:58:24.0755 5528 lmhosts - ok
    12:58:24.0755 5528 lmimirr - ok
    12:58:24.0802 5528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:58:24.0818 5528 LSI_FC - ok
    12:58:24.0833 5528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:58:24.0849 5528 LSI_SAS - ok
    12:58:24.0864 5528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:58:24.0880 5528 LSI_SAS2 - ok
    12:58:24.0911 5528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:58:24.0927 5528 LSI_SCSI - ok
    12:58:24.0989 5528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    12:58:25.0005 5528 luafv - ok
    12:58:25.0067 5528 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    12:58:25.0083 5528 MBAMProtector - ok
    12:58:25.0208 5528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    12:58:25.0223 5528 MBAMService - ok
    12:58:25.0301 5528 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    12:58:25.0317 5528 mcdbus - ok
    12:58:25.0395 5528 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    12:58:25.0410 5528 Mcx2Svc - ok
    12:58:25.0442 5528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    12:58:25.0457 5528 megasas - ok
    12:58:25.0488 5528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    12:58:25.0504 5528 MegaSR - ok
    12:58:25.0629 5528 Microsoft SharePoint Workspace Audit Service - ok
    12:58:25.0676 5528 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    12:58:25.0691 5528 MMCSS - ok
    12:58:25.0707 5528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    12:58:25.0722 5528 Modem - ok
    12:58:25.0769 5528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    12:58:25.0785 5528 monitor - ok
    12:58:25.0816 5528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    12:58:25.0832 5528 mouclass - ok
    12:58:25.0894 5528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    12:58:25.0910 5528 mouhid - ok
    12:58:26.0066 5528 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    12:58:26.0081 5528 mountmgr - ok
    12:58:26.0128 5528 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    12:58:26.0159 5528 MpFilter - ok
    12:58:26.0253 5528 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
    12:58:26.0268 5528 mpio - ok
    12:58:26.0300 5528 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    12:58:26.0315 5528 MpNWMon - ok
    12:58:26.0346 5528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    12:58:26.0362 5528 mpsdrv - ok
    12:58:26.0456 5528 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    12:58:26.0487 5528 MpsSvc - ok
    12:58:26.0534 5528 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    12:58:26.0549 5528 MRxDAV - ok
    12:58:26.0612 5528 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:58:26.0627 5528 mrxsmb - ok
    12:58:26.0705 5528 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:58:26.0721 5528 mrxsmb10 - ok
    12:58:26.0752 5528 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:58:26.0768 5528 mrxsmb20 - ok
    12:58:26.0814 5528 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
    12:58:26.0830 5528 msahci - ok
    12:58:26.0908 5528 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
    12:58:26.0924 5528 msdsm - ok
    12:58:26.0970 5528 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    12:58:27.0002 5528 MSDTC - ok
    12:58:27.0064 5528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    12:58:27.0080 5528 Msfs - ok
    12:58:27.0095 5528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    12:58:27.0095 5528 mshidkmdf - ok
    12:58:27.0142 5528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    12:58:27.0142 5528 msisadrv - ok
    12:58:27.0220 5528 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    12:58:27.0236 5528 MSiSCSI - ok
    12:58:27.0251 5528 msiserver - ok
    12:58:27.0314 5528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    12:58:27.0314 5528 MSKSSRV - ok
    12:58:27.0407 5528 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    12:58:27.0407 5528 MsMpSvc - ok
    12:58:27.0423 5528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:58:27.0423 5528 MSPCLOCK - ok
    12:58:27.0438 5528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    12:58:27.0438 5528 MSPQM - ok
    12:58:27.0516 5528 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    12:58:27.0548 5528 MsRPC - ok
    12:58:27.0579 5528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    12:58:27.0594 5528 mssmbios - ok
    12:58:27.0641 5528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    12:58:27.0657 5528 MSTEE - ok
    12:58:27.0672 5528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    12:58:27.0672 5528 MTConfig - ok
    12:58:27.0704 5528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    12:58:27.0719 5528 Mup - ok
    12:58:27.0750 5528 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    12:58:27.0766 5528 mwlPSDFilter - ok
    12:58:27.0797 5528 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    12:58:27.0813 5528 mwlPSDNServ - ok
    12:58:27.0828 5528 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    12:58:27.0844 5528 mwlPSDVDisk - ok
    12:58:28.0000 5528 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    12:58:28.0016 5528 MWLService - ok
    12:58:28.0078 5528 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    12:58:28.0109 5528 napagent - ok
    12:58:28.0156 5528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    12:58:28.0172 5528 NativeWifiP - ok
    12:58:28.0281 5528 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    12:58:28.0312 5528 NDIS - ok
    12:58:28.0328 5528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    12:58:28.0343 5528 NdisCap - ok
    12:58:28.0374 5528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:58:28.0390 5528 NdisTapi - ok
    12:58:28.0406 5528 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:58:28.0421 5528 Ndisuio - ok
    12:58:28.0499 5528 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:58:28.0515 5528 NdisWan - ok
    12:58:28.0546 5528 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    12:58:28.0562 5528 NDProxy - ok
    12:58:28.0624 5528 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    12:58:28.0655 5528 Net Driver HPZ12 - ok
    12:58:28.0702 5528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    12:58:28.0718 5528 NetBIOS - ok
    12:58:28.0780 5528 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    12:58:28.0796 5528 NetBT - ok
    12:58:28.0827 5528 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:58:28.0827 5528 Netlogon - ok
    12:58:28.0889 5528 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    12:58:28.0905 5528 Netman - ok
    12:58:28.0998 5528 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:58:29.0014 5528 NetMsmqActivator - ok
    12:58:29.0045 5528 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:58:29.0045 5528 NetPipeActivator - ok
    12:58:29.0092 5528 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    12:58:29.0123 5528 netprofm - ok
    12:58:29.0232 5528 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
    12:58:29.0248 5528 netr28ux - ok
    12:58:29.0357 5528 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:58:29.0357 5528 NetTcpActivator - ok
    12:58:29.0388 5528 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:58:29.0388 5528 NetTcpPortSharing - ok
    12:58:29.0435 5528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    12:58:29.0451 5528 nfrd960 - ok
    12:58:29.0482 5528 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    12:58:29.0498 5528 NisDrv - ok
    12:58:29.0591 5528 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    12:58:29.0607 5528 NisSrv - ok
    12:58:29.0700 5528 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    12:58:29.0716 5528 NlaSvc - ok
    12:58:29.0841 5528 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    12:58:29.0856 5528 nmservice - ok
    12:58:29.0934 5528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    12:58:29.0950 5528 Npfs - ok
    12:58:29.0981 5528 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    12:58:29.0997 5528 nsi - ok
    12:58:30.0012 5528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    12:58:30.0028 5528 nsiproxy - ok
    12:58:30.0215 5528 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    12:58:30.0262 5528 Ntfs - ok
    12:58:30.0356 5528 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)
  14. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    \NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    12:58:30.0371 5528 NTI IScheduleSvc - ok
    12:58:30.0418 5528 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    12:58:30.0434 5528 NTIBackupSvc - ok
    12:58:30.0543 5528 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    12:58:30.0558 5528 NTIDrvr - ok
    12:58:30.0590 5528 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    12:58:30.0621 5528 NTISchedulerSvc - ok
    12:58:30.0652 5528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    12:58:30.0668 5528 Null - ok
    12:58:30.0746 5528 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    12:58:30.0761 5528 nvraid - ok
    12:58:30.0808 5528 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    12:58:30.0824 5528 nvstor - ok
    12:58:30.0870 5528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    12:58:30.0886 5528 nv_agp - ok
    12:58:30.0917 5528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    12:58:30.0933 5528 ohci1394 - ok
    12:58:30.0964 5528 omtllipe - ok
    12:58:31.0073 5528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:58:31.0089 5528 ose - ok
    12:58:31.0479 5528 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    12:58:31.0588 5528 osppsvc - ok
    12:58:31.0713 5528 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    12:58:31.0744 5528 p2pimsvc - ok
    12:58:31.0791 5528 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    12:58:31.0822 5528 p2psvc - ok
    12:58:31.0884 5528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    12:58:31.0900 5528 Parport - ok
    12:58:31.0962 5528 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    12:58:31.0978 5528 partmgr - ok
    12:58:32.0009 5528 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    12:58:32.0040 5528 PcaSvc - ok
    12:58:32.0072 5528 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
    12:58:32.0087 5528 pci - ok
    12:58:32.0134 5528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    12:58:32.0134 5528 pciide - ok
    12:58:32.0196 5528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    12:58:32.0212 5528 pcmcia - ok
    12:58:32.0259 5528 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
    12:58:32.0274 5528 PCTBD - ok
    12:58:32.0290 5528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    12:58:32.0306 5528 pcw - ok
    12:58:32.0368 5528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    12:58:32.0384 5528 PEAUTH - ok
    12:58:32.0462 5528 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    12:58:32.0477 5528 PerfHost - ok
    12:58:32.0664 5528 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    12:58:32.0696 5528 pla - ok
    12:58:32.0758 5528 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    12:58:32.0789 5528 PlugPlay - ok
    12:58:32.0867 5528 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    12:58:32.0883 5528 Pml Driver HPZ12 - ok
    12:58:32.0930 5528 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
    12:58:32.0945 5528 pnarp - ok
    12:58:32.0976 5528 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    12:58:32.0992 5528 PNRPAutoReg - ok
    12:58:33.0039 5528 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    12:58:33.0039 5528 PNRPsvc - ok
    12:58:33.0132 5528 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    12:58:33.0148 5528 PolicyAgent - ok
    12:58:33.0195 5528 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    12:58:33.0226 5528 Power - ok
    12:58:33.0273 5528 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    12:58:33.0288 5528 PptpMiniport - ok
    12:58:33.0320 5528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    12:58:33.0335 5528 Processor - ok
    12:58:33.0382 5528 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
    12:58:33.0413 5528 ProfSvc - ok
    12:58:33.0444 5528 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:58:33.0444 5528 ProtectedStorage - ok
    12:58:33.0460 5528 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    12:58:33.0491 5528 Psched - ok
    12:58:33.0538 5528 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
    12:58:33.0554 5528 purendis - ok
    12:58:33.0663 5528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    12:58:33.0694 5528 ql2300 - ok
    12:58:33.0819 5528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    12:58:33.0834 5528 ql40xx - ok
    12:58:33.0881 5528 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    12:58:33.0912 5528 QWAVE - ok
    12:58:33.0944 5528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    12:58:33.0959 5528 QWAVEdrv - ok
    12:58:33.0975 5528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    12:58:33.0975 5528 RasAcd - ok
    12:58:34.0006 5528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:58:34.0022 5528 RasAgileVpn - ok
    12:58:34.0037 5528 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    12:58:34.0053 5528 RasAuto - ok
    12:58:34.0115 5528 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:58:34.0131 5528 Rasl2tp - ok
    12:58:34.0209 5528 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    12:58:34.0224 5528 RasMan - ok
    12:58:34.0287 5528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:58:34.0302 5528 RasPppoe - ok
    12:58:34.0334 5528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    12:58:34.0349 5528 RasSstp - ok
    12:58:34.0458 5528 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    12:58:34.0474 5528 rdbss - ok
    12:58:34.0505 5528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    12:58:34.0521 5528 rdpbus - ok
    12:58:34.0552 5528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:58:34.0552 5528 RDPCDD - ok
    12:58:34.0583 5528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    12:58:34.0583 5528 RDPENCDD - ok
    12:58:34.0614 5528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    12:58:34.0614 5528 RDPREFMP - ok
    12:58:34.0661 5528 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    12:58:34.0692 5528 RDPWD - ok
    12:58:34.0770 5528 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    12:58:34.0786 5528 rdyboost - ok
    12:58:34.0848 5528 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    12:58:34.0864 5528 RemoteAccess - ok
    12:58:34.0895 5528 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    12:58:34.0911 5528 RemoteRegistry - ok
    12:58:34.0958 5528 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
    12:58:34.0973 5528 RMCAST - ok
    12:58:35.0004 5528 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    12:58:35.0020 5528 RpcEptMapper - ok
    12:58:35.0051 5528 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    12:58:35.0051 5528 RpcLocator - ok
    12:58:35.0114 5528 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    12:58:35.0129 5528 RpcSs - ok
    12:58:35.0176 5528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    12:58:35.0192 5528 rspndr - ok
    12:58:35.0238 5528 RSUSBSTOR (b1d04ed92d148b54169499d9568a3c55) C:\Windows\System32\Drivers\RtsUStor.sys
    12:58:35.0254 5528 RSUSBSTOR - ok
    12:58:35.0332 5528 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    12:58:35.0348 5528 RS_Service - ok
    12:58:35.0394 5528 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
    12:58:35.0410 5528 RTHDMIAzAudService - ok
    12:58:35.0457 5528 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    12:58:35.0488 5528 RTL8167 - ok
    12:58:35.0504 5528 RtsUIR - ok
    12:58:35.0550 5528 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:58:35.0550 5528 SamSs - ok
    12:58:35.0597 5528 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
    12:58:35.0613 5528 sbp2port - ok
    12:58:35.0660 5528 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    12:58:35.0691 5528 SCardSvr - ok
    12:58:35.0738 5528 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
    12:58:35.0769 5528 SCDEmu - ok
    12:58:35.0816 5528 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    12:58:35.0831 5528 scfilter - ok
    12:58:35.0956 5528 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    12:58:35.0987 5528 Schedule - ok
    12:58:36.0034 5528 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    12:58:36.0050 5528 SCPolicySvc - ok
    12:58:36.0065 5528 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    12:58:36.0096 5528 SDRSVC - ok
    12:58:36.0143 5528 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    12:58:36.0174 5528 seclogon - ok
    12:58:36.0237 5528 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    12:58:36.0252 5528 SENS - ok
    12:58:36.0284 5528 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    12:58:36.0299 5528 SensrSvc - ok
    12:58:36.0346 5528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    12:58:36.0362 5528 Serenum - ok
    12:58:36.0393 5528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    12:58:36.0408 5528 Serial - ok
    12:58:36.0440 5528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    12:58:36.0455 5528 sermouse - ok
    12:58:36.0564 5528 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    12:58:36.0580 5528 SessionEnv - ok
    12:58:36.0611 5528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    12:58:36.0611 5528 sffdisk - ok
    12:58:36.0642 5528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    12:58:36.0642 5528 sffp_mmc - ok
    12:58:36.0658 5528 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
    12:58:36.0658 5528 sffp_sd - ok
    12:58:36.0705 5528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:58:36.0720 5528 sfloppy - ok
    12:58:36.0814 5528 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    12:58:36.0830 5528 SharedAccess - ok
    12:58:36.0923 5528 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    12:58:36.0939 5528 ShellHWDetection - ok
    12:58:36.0986 5528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:58:37.0001 5528 SiSRaid2 - ok
    12:58:37.0032 5528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    12:58:37.0048 5528 SiSRaid4 - ok
    12:58:37.0079 5528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    12:58:37.0110 5528 Smb - ok
    12:58:37.0173 5528 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    12:58:37.0188 5528 SNMPTRAP - ok
    12:58:37.0220 5528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    12:58:37.0235 5528 spldr - ok
    12:58:37.0329 5528 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    12:58:37.0344 5528 Spooler - ok
    12:58:37.0578 5528 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    12:58:37.0641 5528 sppsvc - ok
    12:58:37.0750 5528 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    12:58:37.0766 5528 sppuinotify - ok
    12:58:37.0906 5528 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    12:58:37.0937 5528 srv - ok
    12:58:38.0046 5528 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    12:58:38.0062 5528 srv2 - ok
    12:58:38.0140 5528 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    12:58:38.0156 5528 srvnet - ok
    12:58:38.0234 5528 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    12:58:38.0249 5528 SSDPSRV - ok
    12:58:38.0296 5528 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    12:58:38.0312 5528 SstpSvc - ok
    12:58:38.0327 5528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    12:58:38.0343 5528 stexstor - ok
    12:58:38.0436 5528 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    12:58:38.0452 5528 stisvc - ok
    12:58:38.0483 5528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    12:58:38.0483 5528 swenum - ok
    12:58:38.0639 5528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    12:58:38.0655 5528 SwitchBoard - ok
    12:58:38.0733 5528 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    12:58:38.0748 5528 swprv - ok
    12:58:38.0795 5528 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
    12:58:38.0811 5528 SynTP - ok
    12:58:38.0967 5528 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    12:58:39.0014 5528 SysMain - ok
    12:58:39.0123 5528 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    12:58:39.0154 5528 TabletInputService - ok
    12:58:39.0185 5528 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    12:58:39.0216 5528 TapiSrv - ok
    12:58:39.0248 5528 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    12:58:39.0279 5528 TBS - ok
    12:58:39.0450 5528 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    12:58:39.0497 5528 Tcpip - ok
    12:58:39.0747 5528 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    12:58:39.0778 5528 TCPIP6 - ok
    12:58:39.0934 5528 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    12:58:39.0950 5528 tcpipreg - ok
    12:58:40.0012 5528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    12:58:40.0012 5528 TDPIPE - ok
    12:58:40.0059 5528 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    12:58:40.0074 5528 TDTCP - ok
    12:58:40.0121 5528 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    12:58:40.0137 5528 tdx - ok
    12:58:40.0215 5528 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
    12:58:40.0230 5528 TermDD - ok
    12:58:40.0324 5528 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    12:58:40.0340 5528 TermService - ok
    12:58:40.0418 5528 TfFsMon - ok
    12:58:40.0433 5528 TfNetMon - ok
    12:58:40.0464 5528 TFSysMon - ok
    12:58:40.0511 5528 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    12:58:40.0527 5528 Themes - ok
    12:58:40.0574 5528 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    12:58:40.0589 5528 THREADORDER - ok
    12:58:40.0620 5528 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    12:58:40.0636 5528 TrkWks - ok
    12:58:40.0730 5528 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    12:58:40.0745 5528 TrustedInstaller - ok
    12:58:40.0761 5528 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:58:40.0776 5528 tssecsrv - ok
    12:58:40.0823 5528 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    12:58:40.0839 5528 tunnel - ok
    12:58:40.0901 5528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    12:58:40.0917 5528 uagp35 - ok
    12:58:40.0964 5528 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    12:58:40.0979 5528 UBHelper - ok
    12:58:41.0057 5528 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    12:58:41.0088 5528 udfs - ok
    12:58:41.0151 5528 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    12:58:41.0166 5528 UI0Detect - ok
    12:58:41.0198 5528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    12:58:41.0213 5528 uliagpkx - ok
    12:58:41.0260 5528 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
    12:58:41.0260 5528 umbus - ok
    12:58:41.0307 5528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    12:58:41.0307 5528 UmPass - ok
    12:58:41.0400 5528 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    12:58:41.0416 5528 Updater Service - ok
    12:58:41.0478 5528 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    12:58:41.0494 5528 upnphost - ok
    12:58:41.0572 5528 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    12:58:41.0588 5528 usbaudio - ok
    12:58:41.0650 5528 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:58:41.0666 5528 usbccgp - ok
    12:58:41.0681 5528 USBCCID - ok
    12:58:41.0712 5528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    12:58:41.0744 5528 usbcir - ok
    12:58:41.0790 5528 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    12:58:41.0806 5528 usbehci - ok
    12:58:41.0837 5528 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
    12:58:41.0853 5528 usbfilter - ok
    12:58:41.0884 5528 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    12:58:41.0931 5528 usbhub - ok
    12:58:41.0978 5528 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
    12:58:41.0993 5528 usbohci - ok
    12:58:42.0040 5528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    12:58:42.0056 5528 usbprint - ok
    12:58:42.0102 5528 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    12:58:42.0118 5528 USBSTOR - ok
    12:58:42.0165 5528 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
    12:58:42.0180 5528 usbuhci - ok
    12:58:42.0274 5528 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    12:58:42.0290 5528 usbvideo - ok
    12:58:42.0336 5528 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    12:58:42.0352 5528 UxSms - ok
    12:58:42.0383 5528 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:58:42.0399 5528 VaultSvc - ok
    12:58:42.0446 5528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    12:58:42.0461 5528 vdrvroot - ok
    12:58:42.0539 5528 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    12:58:42.0555 5528 vds - ok
    12:58:42.0695 5528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:58:42.0742 5528 vga - ok
    12:58:42.0773 5528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    12:58:42.0789 5528 VgaSave - ok
    12:58:42.0882 5528 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
    12:58:42.0898 5528 vhdmp - ok
    12:58:42.0945 5528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    12:58:42.0960 5528 viaide - ok
    12:58:43.0023 5528 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
    12:58:43.0038 5528 volmgr - ok
    12:58:43.0116 5528 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    12:58:43.0148 5528 volmgrx - ok
    12:58:43.0194 5528 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
    12:58:43.0210 5528 volsnap - ok
    12:58:43.0288 5528 Vsdatant (d203181902342ab09d615f4b1474f9aa) C:\Windows\system32\DRIVERS\vsdatant.sys
    12:58:43.0319 5528 Vsdatant - ok
    12:58:43.0382 5528 vsmon - ok
    12:58:43.0444 5528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    12:58:43.0460 5528 vsmraid - ok
    12:58:43.0600 5528 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    12:58:43.0631 5528 VSS - ok
    12:58:43.0756 5528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    12:58:43.0772 5528 vwifibus - ok
    12:58:43.0803 5528 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    12:58:43.0818 5528 vwififlt - ok
    12:58:43.0850 5528 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    12:58:43.0865 5528 vwifimp - ok
    12:58:43.0959 5528 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    12:58:43.0974 5528 W32Time - ok
    12:58:44.0021 5528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    12:58:44.0037 5528 WacomPen - ok
    12:58:44.0099 5528 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    12:58:44.0115 5528 WANARP - ok
    12:58:44.0130 5528 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    12:58:44.0130 5528 Wanarpv6 - ok
    12:58:44.0286 5528 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    12:58:44.0318 5528 WatAdminSvc - ok
    12:58:44.0442 5528 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    12:58:44.0474 5528 wbengine - ok
    12:58:44.0598 5528 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    12:58:44.0630 5528 WbioSrvc - ok
    12:58:44.0708 5528 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    12:58:44.0739 5528 wcncsvc - ok
    12:58:44.0770 5528 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    12:58:44.0801 5528 WcsPlugInService - ok
    12:58:44.0848 5528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    12:58:44.0864 5528 Wd - ok
    12:58:44.0942 5528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    12:58:44.0957 5528 Wdf01000 - ok
    12:58:44.0988 5528 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    12:58:45.0004 5528 WdiServiceHost - ok
    12:58:45.0020 5528 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    12:58:45.0035 5528 WdiSystemHost - ok
    12:58:45.0082 5528 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    12:58:45.0113 5528 WebClient - ok
    12:58:45.0144 5528 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    12:58:45.0176 5528 Wecsvc - ok
    12:58:45.0191 5528 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    12:58:45.0222 5528 wercplsupport - ok
    12:58:45.0254 5528 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    12:58:45.0269 5528 WerSvc - ok
    12:58:45.0332 5528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:58:45.0332 5528 WfpLwf - ok
    12:58:45.0363 5528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    12:58:45.0378 5528 WIMMount - ok
    12:58:45.0441 5528 WinDefend - ok
    12:58:45.0519 5528 WinHttpAutoProxySvc - ok
    12:58:45.0581 5528 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    12:58:45.0597 5528 Winmgmt - ok
    12:58:45.0753 5528 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    12:58:45.0800 5528 WinRM - ok
    12:58:46.0002 5528 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    12:58:46.0034 5528 Wlansvc - ok
    12:58:46.0112 5528 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    12:58:46.0143 5528 wlcrasvc - ok
    12:58:46.0392 5528 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    12:58:46.0439 5528 wlidsvc - ok
    12:58:46.0580 5528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    12:58:46.0580 5528 WmiAcpi - ok
    12:58:46.0658 5528 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    12:58:46.0673 5528 wmiApSrv - ok
    12:58:46.0736 5528 WMPNetworkSvc - ok
    12:58:46.0782 5528 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    12:58:46.0798 5528 WPCSvc - ok
    12:58:46.0845 5528 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    12:58:46.0860 5528 WPDBusEnum - ok
    12:58:46.0923 5528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    12:58:46.0938 5528 ws2ifsl - ok
    12:58:47.0048 5528 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    12:58:47.0079 5528 wscsvc - ok
    12:58:47.0094 5528 WSearch - ok
    12:58:47.0313 5528 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    12:58:47.0360 5528 wuauserv - ok
    12:58:47.0531 5528 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    12:58:47.0547 5528 WudfPf - ok
    12:58:47.0609 5528 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:58:47.0625 5528 WUDFRd - ok
    12:58:47.0687 5528 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    12:58:47.0718 5528 wudfsvc - ok
    12:58:47.0796 5528 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    12:58:47.0859 5528 WwanSvc - ok
    12:58:47.0952 5528 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    12:58:47.0968 5528 xusb21 - ok
    12:58:48.0296 5528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    12:58:48.0311 5528 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    12:58:48.0311 5528 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    12:58:48.0342 5528 Boot (0x1200) (f381f3c9f65433075b4d8727bb92d17a) \Device\Harddisk0\DR0\Partition0
    12:58:48.0342 5528 \Device\Harddisk0\DR0\Partition0 - ok
    12:58:48.0374 5528 Boot (0x1200) (a380bc52fd4c865a312cd49e75ba943e) \Device\Harddisk0\DR0\Partition1
    12:58:48.0374 5528 \Device\Harddisk0\DR0\Partition1 - ok
    12:58:48.0374 5528 ============================================================
    12:58:48.0374 5528 Scan finished
    12:58:48.0374 5528 ============================================================
    12:58:48.0389 4880 Detected object count: 1
    12:58:48.0389 4880 Actual detected object count: 1
  15. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    k, Ill be back within the next 3 hours. I have to run to a friends house. He needs some help with his guitar.
  16. Broni

    Broni Malware Annihilator Posts: 46,427   +252

    I didn't ask for TDSSKiller log.

    MBAM log is incorrect.

    One more time:

    [​IMG]
  17. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    Sorry for the wait, I'm back.
  18. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    MBAM LOG:
    2012/06/30 05:26:46 -0400 DRAGON Lotus MESSAGE Starting protection
    2012/06/30 05:26:58 -0400 DRAGON Lotus MESSAGE Protection started successfully
    2012/06/30 05:27:01 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 05:27:11 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
    2012/06/30 05:32:44 -0400 DRAGON Lotus IP-BLOCK 212.113.46.142 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:41:52 -0400 DRAGON Lotus IP-BLOCK 89.28.80.233 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:42:50 -0400 DRAGON Lotus IP-BLOCK 31.133.47.225 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:58:03 -0400 DRAGON Lotus IP-BLOCK 222.65.156.107 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 05:59:01 -0400 DRAGON Lotus IP-BLOCK 89.28.46.208 (Type: outgoing, Port: 63346, Process: utorrent.exe)
    2012/06/30 10:00:46 -0400 DRAGON Lotus MESSAGE Starting protection
    2012/06/30 10:00:55 -0400 DRAGON Lotus MESSAGE Protection started successfully
    2012/06/30 10:00:58 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 10:01:07 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
    2012/06/30 11:06:23 -0400 DRAGON Lotus MESSAGE Starting protection
    2012/06/30 11:06:35 -0400 DRAGON Lotus MESSAGE Protection started successfully
    2012/06/30 11:06:38 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 11:06:46 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
    2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/30 15:16:34 -0400 DRAGON Lotus ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/06/30 16:19:08 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/30 16:29:18 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/30 16:57:32 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/30 18:55:44 -0400 DRAGON Lotus MESSAGE Executing scheduled update: Daily
    2012/06/30 18:56:05 -0400 DRAGON Lotus MESSAGE Scheduled update executed successfully: database updated from version v2012.06.29.11 to version v2012.06.30.07
    2012/06/30 18:56:06 -0400 DRAGON Lotus MESSAGE Starting database refresh
    2012/06/30 18:56:06 -0400 DRAGON Lotus MESSAGE Stopping IP protection
    2012/06/30 19:03:08 -0400 DRAGON Lotus MESSAGE IP Protection stopped
    2012/06/30 19:03:16 -0400 DRAGON Lotus MESSAGE Database refreshed successfully
    2012/06/30 19:03:16 -0400 DRAGON Lotus MESSAGE Starting IP protection
    2012/06/30 19:03:25 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
  19. Broni

    Broni Malware Annihilator Posts: 46,427   +252

    This is not correct MBAM log.
    Please re-read instructions how to run it.
  20. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    No. This is correct Log. I read instructions. Performed a quick scan, located file. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-06-30
    Want me to quarantine the Virus? Then Scan again?
  21. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

  22. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    Ran full scan with Zone alarm- it found nothing. So here is the txt file.. you requested in the instructions.

    Attached Files:

  23. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    I quarantined the virus and ran another scan. Here is the text file that popped up after the scan was finnished.
    __________________________________________________________________________
    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.30.07
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Lotus :: DRAGON [administrator]
    Protection: Enabled
    7/1/2012 12:33:08 AM
    mbam-log-2012-07-01 (00-42-34).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 274517
    Time elapsed: 9 minute(s), 14 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3652 -> No action taken.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    (end) Mbam Scan 2.jpg

    Attached Files:

  24. Broni

    Broni Malware Annihilator Posts: 46,427   +252

    Now you posted correct log.

    Please observe my rules:
    ====================================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  25. Dark_Weave

    Dark_Weave Newcomer, in training Topic Starter Posts: 30

    ComboFix 12-06-30.01 - Lotus 07/01/2012 1:42.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1852 [GMT -4:00]
    Running from: c:\users\Lotus\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    FW: ZoneAlarm Extreme Security Firewall *Disabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\yfl\AppData\Local\temp
    2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\Mcx1-DRAGON\AppData\Local\temp
    2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-07-01 05:09 . 2012-07-01 05:09 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-30 16:46 . 2012-06-30 16:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\offreg.dll
    2012-06-30 15:01 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{509EEC17-537B-4979-A131-DE504F7BEC54}\gapaengine.dll
    2012-06-30 13:43 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1300BB39-F16E-4E5B-BD09-2F91EF1A8E56}\gapaengine.dll
    2012-06-29 07:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\mpengine.dll
    2012-06-27 22:18 . 2012-06-27 22:18 -------- d-----w- c:\users\Lotus\AppData\Roaming\Unity
    2012-06-27 22:16 . 2012-06-27 22:16 -------- d-----w- c:\users\Lotus\AppData\Roaming\.mono
    2012-06-27 22:16 . 2012-06-27 22:16 -------- d-----w- c:\programdata\.mono
    2012-06-27 21:27 . 2012-06-27 21:27 -------- d-----w- c:\users\Lotus\AppData\Local\Unity
    2012-06-23 05:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 05:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 05:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 05:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 05:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 05:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 05:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 05:04 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 05:04 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-16 03:12 . 2012-06-18 07:49 -------- d-----w- c:\program files (x86)\DIABLO MULE
    2012-06-16 02:51 . 2012-06-16 02:52 -------- d-----w- c:\users\DIABLO II
    2012-06-14 13:44 . 2012-06-14 13:44 -------- d-----w- c:\programdata\RELOADED
    2012-06-14 13:27 . 2012-06-14 13:44 -------- d-----w- c:\program files (x86)\Sins of a Solar Empire Rebellion
    2012-06-14 11:35 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EC52D1D-4CE7-4FF4-AEB5-BE049540D265}\mpengine.dll
    2012-06-14 07:16 . 2012-06-14 07:35 -------- d-----w- c:\users\Lotus\AppData\Roaming\ApplicationData
    2012-06-14 06:02 . 2012-06-14 06:03 -------- d-----w- C:\13e7c5c121ce82a898152841
    2012-06-13 01:04 . 2012-06-14 01:04 -------- d-----w- c:\windows\AutoKMS
    2012-06-12 22:27 . 2012-06-12 22:27 -------- d-----w- c:\programdata\Kaspersky SDK
    2012-06-12 22:22 . 2012-06-12 22:22 -------- d-----w- c:\users\Lotus\AppData\Roaming\CheckPoint
    2012-06-12 22:22 . 2012-06-12 22:22 -------- d-----w- c:\users\Lotus\AppData\Roaming\MailFrontier
    2012-06-12 22:05 . 2012-06-12 22:05 -------- d-----w- c:\program files\CheckPoint
    2012-06-12 22:05 . 2009-10-17 04:39 72584 ----a-w- c:\windows\zllsputility.exe
    2012-06-12 22:05 . 2009-10-12 22:15 157712 ----a-w- c:\windows\system32\drivers\kl1.sys
    2012-06-12 22:04 . 2009-10-17 04:39 69000 ----a-w- c:\windows\SysWow64\zlcomm.dll
    2012-06-12 22:04 . 2009-10-17 04:39 103816 ----a-w- c:\windows\SysWow64\zlcommdb.dll
    2012-06-12 22:03 . 2009-10-17 04:39 1238408 ----a-w- c:\windows\SysWow64\zpeng25.dll
    2012-06-12 22:03 . 2012-06-13 02:17 -------- d-----w- c:\windows\SysWow64\ZoneLabs
    2012-06-12 22:03 . 2009-10-17 04:41 445640 ----a-w- c:\windows\system32\drivers\~GLH0020.TMP
    2012-06-12 22:02 . 2009-10-17 04:41 445640 ------w- c:\windows\system32\drivers\vsdatant.sys
    2012-06-12 22:02 . 2012-06-12 22:02 -------- d-----w- c:\program files (x86)\Zone Labs
    2012-06-12 22:01 . 2012-06-12 22:01 -------- d-----w- c:\programdata\CheckPoint
    2012-06-12 22:01 . 2012-07-01 05:01 -------- d-----w- c:\windows\Internet Logs
    2012-06-12 21:53 . 2012-05-18 01:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-12 21:52 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-12 21:52 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 21:52 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-12 21:52 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-12 21:52 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-12 21:52 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-12 21:52 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-12 21:52 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-12 21:52 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
    2012-06-12 21:52 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
    2012-06-12 21:52 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-12 21:51 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 21:51 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 21:51 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 21:51 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-12 21:51 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-12 21:51 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-12 06:39 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer_backup_w7sbc.exe
    2012-06-12 06:38 . 2012-06-12 06:38 -------- d-----w- c:\programdata\Start Orb Manager
    2012-06-12 06:38 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer_backup.exe
    2012-06-12 05:00 . 2009-06-19 19:56 712704 ----a-w- c:\windows\system32\netr28x.sys
    2012-06-12 05:00 . 2012-06-12 05:00 -------- d-----w- c:\programdata\Ralink
    2012-06-12 04:57 . 2012-06-12 04:57 -------- d-----w- c:\windows\Options
    2012-06-12 04:57 . 2012-06-12 04:57 -------- d-----w- c:\program files (x86)\Atheros
    2012-06-12 04:57 . 2009-10-05 13:34 1542656 ----a-w- c:\windows\system32\athrx.sys
    2012-06-12 04:56 . 2012-06-12 04:57 -------- d-----w- c:\programdata\Atheros
    2012-06-11 22:33 . 2012-06-11 22:33 -------- d-----w- c:\program files\CCleaner
    2012-06-10 09:15 . 2012-06-10 09:17 -------- d-----w- c:\windows\W7SBC
    2012-06-10 09:15 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer_edit_w7sbc.exe
    2012-06-10 09:15 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer.exe
    2012-06-10 08:31 . 2012-06-10 08:31 -------- d-----w- c:\programdata\NVIDIA
    2012-06-10 08:21 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2012-06-10 03:07 . 2012-06-10 03:07 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
    2012-06-10 03:05 . 2012-06-10 03:05 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
    2012-06-10 01:00 . 2012-06-10 01:00 -------- d-----w- c:\users\Lotus\AppData\Roaming\Yahoo!
    2012-06-10 00:17 . 2012-06-10 00:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-06-10 00:15 . 2012-06-10 00:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2012-06-10 00:12 . 2012-06-10 00:12 -------- d-----r- C:\MSOCache
    2012-06-09 05:44 . 2012-06-09 05:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-09 01:23 . 2012-06-09 01:23 -------- d-----w- C:\DriveKey
    2012-06-09 01:20 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-06-07 21:27 . 2012-06-07 21:27 -------- d-----w- c:\users\Lotus\AppData\Roaming\Babylon
    2012-06-07 21:19 . 2012-06-07 23:10 -------- d-----w- c:\program files\SmartPCFixer
    2012-06-07 11:19 . 2011-09-28 17:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-06-06 06:02 . 2012-06-06 06:02 -------- d--h--w- c:\programdata\CanonBJ
    2012-06-06 06:02 . 2010-04-24 09:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
    2012-06-06 06:02 . 2010-04-24 09:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
    2012-06-06 06:02 . 2012-06-06 06:02 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2012-06-06 06:02 . 2010-04-24 09:00 336896 ----a-w- c:\windows\system32\CNMLM9W.DLL
    2012-06-06 06:02 . 2009-03-18 13:10 244736 ----a-w- c:\windows\system32\CNMIU9W.DLL
    2012-06-06 06:01 . 2012-06-06 06:01 -------- d--h--w- c:\program files\CanonBJ
    2012-06-04 22:52 . 2012-06-04 22:56 -------- d-----w- c:\users\Lotus\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    2012-06-04 22:51 . 2012-06-04 22:51 -------- d--h--r- c:\users\Lotus\AppData\Roaming\SecuROM
    2012-06-04 22:39 . 2012-06-04 22:39 -------- d-----w- c:\program files (x86)\Electronic Arts
    2012-06-04 11:51 . 2012-06-04 11:51 -------- d-----w- c:\users\Lotus\AppData\Roaming\YourFileDownloader
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-16 03:27 . 2011-09-05 14:27 2829 ----a-w- c:\windows\DIIUnin.pif
    2012-06-16 03:27 . 2011-09-05 14:27 94208 ----a-w- c:\windows\DIIUnin.exe
    2012-06-15 20:30 . 2011-03-07 02:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-06-15 20:27 . 2011-03-07 02:13 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-06-15 20:26 . 2011-03-07 02:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-06-14 08:29 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-06-14 08:29 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
    2012-06-09 22:41 . 2011-04-10 03:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-06-09 22:40 . 2011-04-10 03:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-06-09 22:40 . 2011-04-10 03:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-05-23 10:04 . 2011-03-07 02:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-05-08 17:02 . 2011-09-02 21:24 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
    2012-04-20 20:18 . 2011-04-10 03:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-04-04 19:56 . 2010-01-30 11:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [-] 2011-02-26 . CA19B463CA3CACC5E0F3ADF494B2E815 . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
    [7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
    [7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 16:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-01 1157128]
    "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
    .
    c:\users\Lotus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-7-28 576000]
    ubisoft register.lnk - c:\program files (x86)\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-21 708608]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    R1 omtllipe;omtllipe;c:\windows\system32\drivers\omtllipe.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2011-09-28 70760]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-26 219136]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]
    R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
    S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
    S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-10-14 44664]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 37170695
    *Deregistered* - 37170695
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-06-13 01:04]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 05:46]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 05:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-30 200704]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273601105635l03c4z115t48k2v600
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: btjunkie.com\www
    Trusted Zone: btjunkie.org\www
    Trusted Zone: evony.com\www
    Trusted Zone: ivytech.edu\www
    Trusted Zone: yahoo.com\www
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{DDECF472-6803-4EEC-861E-C63FDDA8E9EA}: DhcpNameServer = 75.75.75.75 75.75.76.76
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    BHO-{aac4043a-8832-4abe-9963-35377f30b8e6} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{aac4043a-8832-4abe-9963-35377f30b8e6} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    HKLM-Run-PCHealthBoost - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe
    AddRemove-CohMapPack - c:\program files (x86)\NCsoft\City of Heroes\uninstall_vm_mappack_i21.exe
    AddRemove-NCsoft-CityOfHeroes - c:\program files (x86)\ncsoft\launcher\NCLauncher.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1228520339-2595029199-2838376600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1228520339-2595029199-2838376600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-01 03:48:22
    ComboFix-quarantined-files.txt 2012-07-01 07:48
    ComboFix2.txt 2012-05-31 15:17
    .
    Pre-Run: 101,443,813,376 bytes free
    Post-Run: 101,710,548,992 bytes free
    .
    - - End Of File - - C0B29D4C93483D235376072E238516B2
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.