Inactive [A] Svchost.exe trojan.agent + Rootkit.boot.Pihar.c

[Dark_Weave]

Need help with this threat. I do not wish to delete important computer files.
Malwarebytes picked this up asking me to either ignore or Quarantine.
TDSS Killer picked up this asking me to cure and continue.
Both Options + Progams Still running.
Only working computer in the house unfortunately.
______________________________________________________________________________________________________________________________________________________

Malwarebytes Anti-Malware found the svchost.exe trojan.agent
TDSS found the Rootkit.boot.Pihar.c
Physical drive: \Device\Harddisk0\DR0
Malware object, High Risk

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Dark_Weave]

Picture of a found item

 

[Broni]

Read all of my instructions very carefully.

 

[Dark_Weave]

Gmr is frozen at this file: C:\13e7c5c121ce82a898152841\5def402b371c8cbd619208c04806\1fd593c2a50e2d6

 

[Broni]

Try safe mode.

 

[Dark_Weave]

I disconnected from the internet, this time it worked. Though it found nothing and left me with no log file.
So I will move on to step 4.
Thanks for the speedy responce.

 

[Dark_Weave]

I had Malware quarantine the Svchost.exe Trojan.
And Here is the DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Lotus at 15:53:45 on 2012-06-30
.
============== Running Processes ===============
.
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
\\.\globalroot\systemroot\svchost.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Lotus\Desktop\Fix!\antiviral stuff\TDSSKiller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Lotus\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273601105635l03c4z115t48k2v600
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: btjunkie.com\www
Trusted Zone: btjunkie.org\www
Trusted Zone: evony.com\www
Trusted Zone: ivytech.edu\www
Trusted Zone: yahoo.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\24C61696E60216E6460274562796 : DhcpNameServer = 192.168.2.1 68.87.72.134 68.87.77.134
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\354565D27455543545 : DhcpNameServer = 192.168.232.53 192.168.232.52
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\44251474F4E4F5E4564777F627B6 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\44271676F6E602755616675627 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\94679702455636860275962756C6563737 : DhcpNameServer = 10.3.0.130 10.3.0.131
TCP: Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9BCA9776-5AB0-43D7-9DE4-C8335CE5CE19} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9E25B191-B249-4EEC-9575-75D245A93718} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D1CE37E8-56B6-454A-AFD6-9B15719143A0} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DDECF472-6803-4EEC-861E-C63FDDA8E9EA} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {aac4043a-8832-4abe-9963-35377f30b8e6} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? GamesAppService;GamesAppService
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MpNWMon;Microsoft Malware Protection Network Driver
R? MWLService;MyWinLocker Service
R? netr28ux;RT2870 USB Extensible Wireless LAN Card Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? NTIBackupSvc;NTI Backup Now 5 Backup Service
R? omtllipe;omtllipe
R? PCTBD;PC Tools Browser Defender Driver
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RtsUIR;Realtek IR Driver
R? SwitchBoard;Adobe SwitchBoard
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TFSysMon;TFSysMon
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AMD External Events Utility;AMD External Events Utility
S? AMD FUEL Service;AMD FUEL Service
S? amdiox64;AMD IO Driver
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? DsiWMIService;Dritek WMI Service
S? ePowerSvc;Acer ePower Service
S? Greg_Service;GRegService
S? icsak;icsak
S? ISWKL;ZoneAlarm ForceField ISWKL
S? IswSvc;ZoneAlarm ForceField IswSvc
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? mwlPSDFilter;mwlPSDFilter
S? mwlPSDNServ;mwlPSDNServ
S? mwlPSDVDisk;mwlPSDVDisk
S? NTI IScheduleSvc;NTI IScheduleSvc
S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
S? osppsvc;Office Software Protection Platform
S? RS_Service;Raw Socket Service
S? RTL8167;Realtek 8167 NT Driver
S? Updater Service;Updater Service
S? usbfilter;AMD USB Filter Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2012-06-30 16:46:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\offreg.dll
2012-06-30 15:02:39 20480 ------w- C:\Windows\svchost.exe
2012-06-30 15:01:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{509EEC17-537B-4979-A131-DE504F7BEC54}\gapaengine.dll
2012-06-30 13:43:06 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1300BB39-F16E-4E5B-BD09-2F91EF1A8E56}\gapaengine.dll
2012-06-29 07:08:53 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\mpengine.dll
2012-06-27 22:18:22 -------- d-----w- C:\Users\Lotus\AppData\Roaming\Unity
2012-06-27 22:16:15 -------- d-----w- C:\Users\Lotus\AppData\Roaming\.mono
2012-06-27 22:16:15 -------- d-----w- C:\ProgramData\.mono
2012-06-27 21:27:51 -------- d-----w- C:\Users\Lotus\AppData\Local\Unity
2012-06-23 05:05:30 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 05:05:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 05:04:40 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 05:04:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-16 03:12:44 -------- d-----w- C:\Program Files (x86)\DIABLO MULE
2012-06-14 13:44:56 -------- d-----w- C:\ProgramData\RELOADED
2012-06-14 13:27:18 -------- d-----w- C:\Program Files (x86)\Sins of a Solar Empire Rebellion
2012-06-14 11:35:26 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EC52D1D-4CE7-4FF4-AEB5-BE049540D265}\mpengine.dll
2012-06-14 07:16:49 -------- d-----w- C:\Users\Lotus\AppData\Roaming\ApplicationData
2012-06-14 06:02:40 -------- d-----w- C:\13e7c5c121ce82a898152841
2012-06-13 01:04:37 -------- d-----w- C:\Windows\AutoKMS
2012-06-12 22:27:11 -------- d-----w- C:\ProgramData\Kaspersky SDK
2012-06-12 22:22:25 -------- d-----w- C:\Users\Lotus\AppData\Roaming\CheckPoint
2012-06-12 22:22:13 -------- d-----w- C:\Users\Lotus\AppData\Roaming\MailFrontier
2012-06-12 22:05:37 -------- d-----w- C:\Program Files\CheckPoint
2012-06-12 22:05:25 72584 ----a-w- C:\Windows\zllsputility.exe
2012-06-12 22:05:17 157712 ----a-w- C:\Windows\System32\drivers\kl1.sys
2012-06-12 22:03:47 1238408 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2012-06-12 22:03:45 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
2012-06-12 22:03:37 445640 ----a-w- C:\Windows\System32\drivers\~GLH0020.TMP
2012-06-12 22:02:45 445640 ------w- C:\Windows\System32\drivers\vsdatant.sys
2012-06-12 22:02:06 -------- d-----w- C:\Program Files (x86)\Zone Labs
2012-06-12 22:01:52 -------- d-----w- C:\ProgramData\CheckPoint
2012-06-12 22:01:45 -------- d-----w- C:\Windows\Internet Logs
2012-06-12 21:52:51 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 21:52:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 21:52:49 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 21:52:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 21:52:47 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 21:52:44 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 21:52:43 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 21:52:42 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 21:52:40 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 21:52:37 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 21:52:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 21:51:56 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 21:51:56 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 21:51:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 21:51:56 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 21:51:56 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 21:51:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 06:39:07 2387456 ----a-w- C:\Windows\explorer_backup_w7sbc.exe
2012-06-12 06:38:50 2387456 ----a-w- C:\Windows\explorer_backup.exe
2012-06-12 06:38:50 -------- d-----w- C:\ProgramData\Start Orb Manager
2012-06-12 05:00:44 712704 ----a-w- C:\Windows\System32\netr28x.sys
2012-06-12 05:00:08 -------- d-----w- C:\ProgramData\Ralink
2012-06-12 04:57:07 1542656 ----a-w- C:\Windows\System32\athrx.sys
2012-06-12 04:57:07 -------- d-----w- C:\Windows\Options
2012-06-12 04:57:07 -------- d-----w- C:\Program Files (x86)\Atheros
2012-06-12 04:56:26 -------- d-----w- C:\ProgramData\Atheros
2012-06-11 22:33:01 -------- d-----w- C:\Program Files\CCleaner
2012-06-10 09:15:55 2870272 ----a-w- C:\Windows\explorer_edit_w7sbc.exe
2012-06-10 09:15:55 2387456 ----a-w- C:\Windows\explorer.exe
2012-06-10 09:15:55 -------- d-----w- C:\Windows\W7SBC
2012-06-10 08:21:28 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-06-10 03:07:05 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-10 00:17:33 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-10 00:15:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-06-09 05:44:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-09 01:23:21 -------- d-----w- C:\DriveKey
2012-06-09 01:20:00 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-07 21:28:29 -------- d-----w- C:\Users\Lotus\AppData\Roaming\BabylonToolbar
2012-06-07 21:27:47 -------- d-----w- C:\Users\Lotus\AppData\Roaming\Babylon
2012-06-07 21:19:34 -------- d-----w- C:\Program Files\SmartPCFixer
2012-06-07 11:19:13 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-06-06 06:02:47 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2012-06-06 06:02:47 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2012-06-06 06:02:12 336896 ----a-w- C:\Windows\System32\CNMLM9W.DLL
2012-06-06 06:02:07 244736 ----a-w- C:\Windows\System32\CNMIU9W.DLL
2012-06-04 22:52:55 -------- d-----w- C:\Users\Lotus\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2012-06-04 11:51:07 -------- d-----w- C:\Users\Lotus\AppData\Roaming\YourFileDownloader
.
==================== Find3M ====================
.
2012-06-16 03:27:58 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-06-16 03:27:58 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-06-14 08:29:46 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-14 08:29:44 175104 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-03 02:55:52 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:55:52 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:59:16.68 ===============

 

[Dark_Weave]

The Attach log:
.
==== Installed Programs ======================
.
µTorrent
Acer Assist
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.91.624
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Action Replay Code Manager
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
AMD VISION Engine Control Center
Atheros Driver Installation Program
Audacity 1.3.14 (Unicode)
AVS Audio CD Creator version 3.8
AVS Audio Converter version 6.2
AVS Cover Editor 2.0.1.3
AVS Disc Creator version 4.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
BabylonObjectInstaller
Backup Manager Basic
Battle vs. Chess
Bing Rewards Client Installer
Broadcom Wireless LAN Driver Installation Program for Windows7
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Cisco Network Magic
City of Heroes
Comcast High-Speed Internet Install Wizard
Command & Conquer 3
Compatibility Pack for the 2007 Office system
Conduit Engine
D2600
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceDiscovery
Diablo II
DivX Setup
DJ_SF_05_D2600_Software_Min
DVD Shrink 3.2
eSobi v2
ForceBindIP
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Guitar Pro 6 Demo
Hero Editor V1.04
Hewlett-Packard ACLM.NET v1.1.0.0
HP Product Detection
HP Update
HP USB Disk Storage Format Tool
HPPhotoGadget
HPProductAssistant
HPSSupply
hpWLPGInstaller
ICCup Launcher
Identity Card
ImgBurn
Impulse
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
jZip
Launch Manager
League of Legends
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Default Manager
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MTX
MTXExtractor
MyWinLocker
NCsoft Launcher
Network Magic
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Pando Media Booster
PDF Settings CS5
PhoTags Express
Power Tab Editor 1.7
PowerISO
Programmer's Notepad 2
Pure Networks Platform
Ralink Wireless LAN v3.0.2.0 Installation Program for Windows7
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sid Meier's Civilization V - Game of the Year Edition
Sins of a Solar Empire Rebellion (c) Stardock version 1
SolutionCenter
Status
Toolbox
TrayApp
Uniblue RegistryBooster
Uninstall Dual Mode Camera
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VGA Dual-Mode Camera
V*****Maps Map Overlay
VLC media player 1.0.5
WebReg
Welcome Center
WildTangent Games App (Acer Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Xfire (remove only)
Xilisoft AVI to DVD Converter
Xvid Video Codec
Zip Motion Block Video codec (Remove Only)
ZoneAlarm Extreme Security
.
==== End Of File ===========================

 

[Broni]

I had Malware quarantine the Svchost.exe Trojan.

I need all logs to be posted.

 

[Dark_Weave]

Be back in 3 hours or less.

 

[Dark_Weave]

2012/06/30 05:26:46 -0400 DRAGON Lotus MESSAGE Starting protection
2012/06/30 05:26:58 -0400 DRAGON Lotus MESSAGE Protection started successfully
2012/06/30 05:27:01 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 05:27:11 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
2012/06/30 05:32:44 -0400 DRAGON Lotus IP-BLOCK 212.113.46.142 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:41:52 -0400 DRAGON Lotus IP-BLOCK 89.28.80.233 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:42:50 -0400 DRAGON Lotus IP-BLOCK 31.133.47.225 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:58:03 -0400 DRAGON Lotus IP-BLOCK 222.65.156.107 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:59:01 -0400 DRAGON Lotus IP-BLOCK 89.28.46.208 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 10:00:46 -0400 DRAGON Lotus MESSAGE Starting protection
2012/06/30 10:00:55 -0400 DRAGON Lotus MESSAGE Protection started successfully
2012/06/30 10:00:58 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 10:01:07 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
2012/06/30 11:06:23 -0400 DRAGON Lotus MESSAGE Starting protection
2012/06/30 11:06:35 -0400 DRAGON Lotus MESSAGE Protection started successfully
2012/06/30 11:06:38 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 11:06:46 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/30 15:16:34 -0400 DRAGON Lotus ERROR Quarantine failed: DeleteFile failed with error code 5

 

[Dark_Weave]

12:57:47.0175 3104 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:57:47.0611 3104 ============================================================
12:57:47.0611 3104 Current date / time: 2012/06/30 12:57:47.0611
12:57:47.0611 3104 SystemInfo:
12:57:47.0611 3104
12:57:47.0611 3104 OS Version: 6.1.7600 ServicePack: 0.0
12:57:47.0611 3104 Product type: Workstation
12:57:47.0611 3104 ComputerName: DRAGON
12:57:47.0611 3104 UserName: Lotus
12:57:47.0611 3104 Windows directory: C:\Windows
12:57:47.0611 3104 System windows directory: C:\Windows
12:57:47.0611 3104 Running under WOW64
12:57:47.0611 3104 Processor architecture: Intel x64
12:57:47.0611 3104 Number of processors: 2
12:57:47.0611 3104 Page size: 0x1000
12:57:47.0611 3104 Boot type: Normal boot
12:57:47.0611 3104 ============================================================
12:57:49.0468 3104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:57:49.0483 3104 ============================================================
12:57:49.0483 3104 \Device\Harddisk0\DR0:
12:57:49.0483 3104 MBR partitions:
12:57:49.0483 3104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
12:57:49.0483 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384
12:57:49.0483 3104 ============================================================
12:57:49.0515 3104 C: <-> \Device\Harddisk0\DR0\Partition1
12:57:49.0515 3104 ============================================================
12:57:49.0515 3104 Initialize success
12:57:49.0515 3104 ============================================================
12:58:04.0460 5528 ============================================================
12:58:04.0460 5528 Scan started
12:58:04.0460 5528 Mode: Manual;
12:58:04.0460 5528 ============================================================
12:58:10.0980 5528 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
12:58:10.0996 5528 1394ohci - ok
12:58:11.0074 5528 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
12:58:11.0090 5528 ACPI - ok
12:58:11.0136 5528 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
12:58:11.0136 5528 AcpiPmi - ok
12:58:11.0199 5528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:58:11.0214 5528 adp94xx - ok
12:58:11.0261 5528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:58:11.0292 5528 adpahci - ok
12:58:11.0324 5528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:58:11.0339 5528 adpu320 - ok
12:58:11.0386 5528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:58:11.0402 5528 AeLookupSvc - ok
12:58:11.0511 5528 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:58:11.0542 5528 AFD - ok
12:58:11.0589 5528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:58:11.0604 5528 agp440 - ok
12:58:11.0636 5528 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:58:11.0651 5528 ALG - ok
12:58:11.0667 5528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:58:11.0667 5528 aliide - ok
12:58:11.0714 5528 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
12:58:11.0729 5528 AMD External Events Utility - ok
12:58:11.0823 5528 AMD FUEL Service - ok
12:58:11.0870 5528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:58:11.0870 5528 amdide - ok
12:58:11.0901 5528 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
12:58:11.0916 5528 amdiox64 - ok
12:58:11.0948 5528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:58:11.0963 5528 AmdK8 - ok
12:58:11.0994 5528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:58:12.0010 5528 AmdPPM - ok
12:58:12.0072 5528 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:58:12.0088 5528 amdsata - ok
12:58:12.0119 5528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:58:12.0150 5528 amdsbs - ok
12:58:12.0166 5528 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:58:12.0182 5528 amdxata - ok
12:58:12.0244 5528 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:58:12.0244 5528 AppID - ok
12:58:12.0275 5528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:58:12.0291 5528 AppIDSvc - ok
12:58:12.0353 5528 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:58:12.0369 5528 Appinfo - ok
12:58:12.0416 5528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:58:12.0431 5528 arc - ok
12:58:12.0462 5528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:58:12.0478 5528 arcsas - ok
12:58:12.0603 5528 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:58:12.0634 5528 aspnet_state - ok
12:58:12.0696 5528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:58:12.0696 5528 AsyncMac - ok
12:58:12.0728 5528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:58:12.0743 5528 atapi - ok
12:58:12.0868 5528 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
12:58:12.0915 5528 athr - ok
12:58:13.0040 5528 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
12:58:13.0055 5528 AtiHDAudioService - ok
12:58:13.0133 5528 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
12:58:13.0149 5528 AtiHdmiService - ok
12:58:13.0523 5528 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:58:13.0710 5528 atikmdag - ok
12:58:13.0835 5528 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:58:13.0851 5528 AtiPcie - ok
12:58:13.0929 5528 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:58:13.0944 5528 AudioEndpointBuilder - ok
12:58:13.0960 5528 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:58:13.0976 5528 AudioSrv - ok
12:58:14.0007 5528 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:58:14.0022 5528 AxInstSV - ok
12:58:14.0085 5528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:58:14.0100 5528 b06bdrv - ok
12:58:14.0132 5528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:58:14.0147 5528 b57nd60a - ok
12:58:14.0194 5528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:58:14.0210 5528 BDESVC - ok
12:58:14.0241 5528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:58:14.0256 5528 Beep - ok
12:58:14.0350 5528 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
12:58:14.0366 5528 BFE - ok
12:58:14.0475 5528 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
12:58:14.0553 5528 BITS - ok
12:58:14.0615 5528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:58:14.0631 5528 blbdrive - ok
12:58:14.0693 5528 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:58:14.0709 5528 bowser - ok
12:58:14.0724 5528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:58:14.0740 5528 BrFiltLo - ok
12:58:14.0756 5528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:58:14.0756 5528 BrFiltUp - ok
12:58:14.0818 5528 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:58:14.0834 5528 BridgeMP - ok
12:58:14.0912 5528 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:58:14.0927 5528 Browser - ok
12:58:14.0958 5528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:58:14.0974 5528 Brserid - ok
12:58:15.0005 5528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:58:15.0021 5528 BrSerWdm - ok
12:58:15.0036 5528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:58:15.0036 5528 BrUsbMdm - ok
12:58:15.0052 5528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:58:15.0052 5528 BrUsbSer - ok
12:58:15.0068 5528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:58:15.0083 5528 BTHMODEM - ok
12:58:15.0130 5528 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:58:15.0146 5528 bthserv - ok
12:58:15.0192 5528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:58:15.0208 5528 cdfs - ok
12:58:15.0255 5528 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
12:58:15.0270 5528 cdrom - ok
12:58:15.0333 5528 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:58:15.0348 5528 CertPropSvc - ok
12:58:15.0380 5528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:58:15.0395 5528 circlass - ok
12:58:15.0473 5528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:58:15.0489 5528 CLFS - ok
12:58:15.0567 5528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:58:15.0582 5528 clr_optimization_v2.0.50727_32 - ok
12:58:15.0645 5528 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:58:15.0676 5528 clr_optimization_v2.0.50727_64 - ok
12:58:15.0723 5528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:58:15.0785 5528 clr_optimization_v4.0.30319_32 - ok
12:58:15.0816 5528 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:58:15.0832 5528 clr_optimization_v4.0.30319_64 - ok
12:58:15.0863 5528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:58:15.0879 5528 CmBatt - ok
12:58:15.0941 5528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:58:15.0957 5528 cmdide - ok
12:58:16.0019 5528 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:58:16.0050 5528 CNG - ok
12:58:16.0082 5528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:58:16.0097 5528 Compbatt - ok
12:58:16.0144 5528 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
12:58:16.0160 5528 CompositeBus - ok
12:58:16.0175 5528 COMSysApp - ok
12:58:16.0206 5528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:58:16.0222 5528 crcdisk - ok
12:58:16.0284 5528 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
12:58:16.0300 5528 CryptSvc - ok
12:58:16.0378 5528 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:58:16.0409 5528 DcomLaunch - ok
12:58:16.0456 5528 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:58:16.0472 5528 defragsvc - ok
12:58:16.0534 5528 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:58:16.0550 5528 DfsC - ok
12:58:16.0612 5528 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:58:16.0628 5528 Dhcp - ok
12:58:16.0659 5528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:58:16.0674 5528 discache - ok
12:58:16.0690 5528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:58:16.0706 5528 Disk - ok
12:58:16.0799 5528 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
12:58:16.0815 5528 DKbFltr - ok
12:58:16.0877 5528 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
12:58:16.0893 5528 Dnscache - ok
12:58:16.0955 5528 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:58:16.0986 5528 dot3svc - ok
12:58:17.0064 5528 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:58:17.0080 5528 Dot4 - ok
12:58:17.0111 5528 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\drivers\Dot4Prt.sys
12:58:17.0127 5528 Dot4Print - ok
12:58:17.0142 5528 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:58:17.0158 5528 dot4usb - ok
12:58:17.0205 5528 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:58:17.0236 5528 DPS - ok
12:58:17.0283 5528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:58:17.0283 5528 drmkaud - ok
12:58:17.0345 5528 DsiWMIService (edf7343acaab182c082f26ea97706e83) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:58:17.0361 5528 DsiWMIService - ok
12:58:17.0501 5528 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:58:17.0517 5528 DXGKrnl - ok
12:58:17.0564 5528 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:58:17.0579 5528 EapHost - ok
12:58:17.0766 5528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:58:17.0829 5528 ebdrv - ok
12:58:17.0922 5528 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
12:58:17.0938 5528 EFS - ok
12:58:18.0047 5528 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
12:58:18.0063 5528 ehRecvr - ok
12:58:18.0094 5528 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:58:18.0110 5528 ehSched - ok
12:58:18.0219 5528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:58:18.0234 5528 elxstor - ok
12:58:18.0359 5528 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:58:18.0375 5528 ePowerSvc - ok
12:58:18.0500 5528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:58:18.0515 5528 ErrDev - ok
12:58:18.0593 5528 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:58:18.0609 5528 EventSystem - ok
12:58:18.0671 5528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:58:18.0687 5528 exfat - ok
12:58:18.0734 5528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:58:18.0749 5528 fastfat - ok
12:58:18.0827 5528 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:58:18.0843 5528 Fax - ok
12:58:18.0858 5528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:58:18.0874 5528 fdc - ok
12:58:18.0921 5528 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:58:18.0921 5528 fdPHost - ok
12:58:18.0936 5528 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:58:18.0952 5528 FDResPub - ok
12:58:18.0968 5528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:58:18.0983 5528 FileInfo - ok
12:58:18.0999 5528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:58:19.0014 5528 Filetrace - ok
12:58:19.0046 5528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:58:19.0061 5528 flpydisk - ok
12:58:19.0124 5528 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:58:19.0139 5528 FltMgr - ok
12:58:19.0233 5528 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
12:58:19.0264 5528 FontCache - ok
12:58:19.0342 5528 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:58:19.0358 5528 FontCache3.0.0.0 - ok
12:58:19.0420 5528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:58:19.0436 5528 FsDepends - ok
12:58:19.0498 5528 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:58:19.0514 5528 fssfltr - ok
12:58:19.0685 5528 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:58:19.0716 5528 fsssvc - ok
12:58:19.0810 5528 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
12:58:19.0826 5528 Fs_Rec - ok
12:58:19.0888 5528 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:58:19.0904 5528 fvevol - ok
12:58:19.0935 5528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:58:19.0950 5528 gagp30kx - ok
12:58:20.0075 5528 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:58:20.0091 5528 GamesAppService - ok
12:58:20.0247 5528 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:58:20.0262 5528 gpsvc - ok
12:58:20.0372 5528 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
12:58:20.0387 5528 Greg_Service - ok
12:58:20.0465 5528 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:58:20.0481 5528 gupdate - ok
12:58:20.0512 5528 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:58:20.0528 5528 gupdatem - ok
12:58:20.0559 5528 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:58:20.0606 5528 gusvc - ok
12:58:20.0715 5528 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:58:20.0730 5528 hamachi - ok
12:58:20.0762 5528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:58:20.0777 5528 hcw85cir - ok
12:58:20.0855 5528 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:58:20.0871 5528 HdAudAddService - ok
12:58:20.0933 5528 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
12:58:20.0949 5528 HDAudBus - ok
12:58:20.0996 5528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:58:21.0011 5528 HidBatt - ok
12:58:21.0027 5528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:58:21.0042 5528 HidBth - ok
12:58:21.0058 5528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:58:21.0074 5528 HidIr - ok
12:58:21.0136 5528 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:58:21.0152 5528 hidserv - ok
12:58:21.0198 5528 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
12:58:21.0214 5528 HidUsb - ok
12:58:21.0261 5528 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:58:21.0276 5528 hkmsvc - ok
12:58:21.0308 5528 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:58:21.0323 5528 HomeGroupListener - ok
12:58:21.0386 5528 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:58:21.0401 5528 HomeGroupProvider - ok
12:58:21.0542 5528 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:58:21.0557 5528 hpqcxs08 - ok
12:58:21.0604 5528 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:58:21.0620 5528 hpqddsvc - ok
12:58:21.0666 5528 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
12:58:21.0682 5528 HpSAMD - ok
12:58:21.0791 5528 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:58:21.0807 5528 HTTP - ok
12:58:21.0822 5528 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:58:21.0838 5528 hwpolicy - ok
12:58:21.0869 5528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:58:21.0885 5528 i8042prt - ok
12:58:21.0963 5528 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:58:21.0978 5528 iaStorV - ok
12:58:22.0103 5528 icsak (c22ec5ec1df8867815aff044604011be) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
12:58:22.0119 5528 icsak - ok
12:58:22.0228 5528 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:58:22.0259 5528 IDriverT - ok
12:58:22.0431 5528 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:58:22.0462 5528 idsvc - ok
12:58:22.0556 5528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:58:22.0571 5528 iirsp - ok
12:58:22.0665 5528 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:58:22.0696 5528 IKEEXT - ok
12:58:22.0836 5528 IntcAzAudAddService (d8bce8176cb1084c6f5830c019d47166) C:\Windows\system32\drivers\RTKVHD64.sys
12:58:22.0883 5528 IntcAzAudAddService - ok
12:58:22.0992 5528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:58:23.0008 5528 intelide - ok
12:58:23.0039 5528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:58:23.0055 5528 intelppm - ok
12:58:23.0102 5528 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:58:23.0117 5528 IPBusEnum - ok
12:58:23.0195 5528 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:58:23.0211 5528 IpFilterDriver - ok
12:58:23.0289 5528 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
12:58:23.0304 5528 iphlpsvc - ok
12:58:23.0351 5528 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
12:58:23.0367 5528 IPMIDRV - ok
12:58:23.0414 5528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:58:23.0429 5528 IPNAT - ok
12:58:23.0460 5528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:58:23.0476 5528 IRENUM - ok
12:58:23.0507 5528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:58:23.0523 5528 isapnp - ok
12:58:23.0601 5528 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
12:58:23.0616 5528 iScsiPrt - ok
12:58:23.0741 5528 ISWKL (50a9a9567acf3ab947e7c8673e935030) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
12:58:23.0757 5528 ISWKL - ok
12:58:23.0804 5528 IswSvc (351d183865622834dba09aa6de8b64e1) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
12:58:23.0819 5528 IswSvc - ok
12:58:23.0850 5528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:58:23.0866 5528 kbdclass - ok
12:58:23.0913 5528 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
12:58:23.0928 5528 kbdhid - ok
12:58:23.0960 5528 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:58:23.0960 5528 KeyIso - ok
12:58:24.0069 5528 kl1 (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\kl1.sys
12:58:24.0084 5528 kl1 - ok
12:58:24.0162 5528 KLIF (340dd771b79f5b6eb88c4eafece3dd3f) C:\Windows\system32\DRIVERS\klif.sys
12:58:24.0178 5528 KLIF - ok
12:58:24.0225 5528 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:58:24.0256 5528 KSecDD - ok
12:58:24.0272 5528 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:58:24.0287 5528 KSecPkg - ok
12:58:24.0318 5528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:58:24.0334 5528 ksthunk - ok
12:58:24.0396 5528 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:58:24.0428 5528 KtmRm - ok
12:58:24.0490 5528 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
12:58:24.0506 5528 LanmanServer - ok
12:58:24.0568 5528 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:58:24.0599 5528 LanmanWorkstation - ok
12:58:24.0630 5528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:58:24.0646 5528 lltdio - ok
12:58:24.0693 5528 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:58:24.0724 5528 lltdsvc - ok
12:58:24.0740 5528 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:58:24.0755 5528 lmhosts - ok
12:58:24.0755 5528 lmimirr - ok
12:58:24.0802 5528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:58:24.0818 5528 LSI_FC - ok
12:58:24.0833 5528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:58:24.0849 5528 LSI_SAS - ok
12:58:24.0864 5528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:58:24.0880 5528 LSI_SAS2 - ok
12:58:24.0911 5528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:58:24.0927 5528 LSI_SCSI - ok
12:58:24.0989 5528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:58:25.0005 5528 luafv - ok
12:58:25.0067 5528 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:58:25.0083 5528 MBAMProtector - ok
12:58:25.0208 5528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:58:25.0223 5528 MBAMService - ok
12:58:25.0301 5528 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
12:58:25.0317 5528 mcdbus - ok
12:58:25.0395 5528 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:58:25.0410 5528 Mcx2Svc - ok
12:58:25.0442 5528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:58:25.0457 5528 megasas - ok
12:58:25.0488 5528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:58:25.0504 5528 MegaSR - ok
12:58:25.0629 5528 Microsoft SharePoint Workspace Audit Service - ok
12:58:25.0676 5528 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:58:25.0691 5528 MMCSS - ok
12:58:25.0707 5528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:58:25.0722 5528 Modem - ok
12:58:25.0769 5528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:58:25.0785 5528 monitor - ok
12:58:25.0816 5528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:58:25.0832 5528 mouclass - ok
12:58:25.0894 5528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:58:25.0910 5528 mouhid - ok
12:58:26.0066 5528 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:58:26.0081 5528 mountmgr - ok
12:58:26.0128 5528 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
12:58:26.0159 5528 MpFilter - ok
12:58:26.0253 5528 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
12:58:26.0268 5528 mpio - ok
12:58:26.0300 5528 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:58:26.0315 5528 MpNWMon - ok
12:58:26.0346 5528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:58:26.0362 5528 mpsdrv - ok
12:58:26.0456 5528 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
12:58:26.0487 5528 MpsSvc - ok
12:58:26.0534 5528 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:58:26.0549 5528 MRxDAV - ok
12:58:26.0612 5528 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:26.0627 5528 mrxsmb - ok
12:58:26.0705 5528 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:26.0721 5528 mrxsmb10 - ok
12:58:26.0752 5528 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:26.0768 5528 mrxsmb20 - ok
12:58:26.0814 5528 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
12:58:26.0830 5528 msahci - ok
12:58:26.0908 5528 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
12:58:26.0924 5528 msdsm - ok
12:58:26.0970 5528 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:58:27.0002 5528 MSDTC - ok
12:58:27.0064 5528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:58:27.0080 5528 Msfs - ok
12:58:27.0095 5528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:58:27.0095 5528 mshidkmdf - ok
12:58:27.0142 5528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:58:27.0142 5528 msisadrv - ok
12:58:27.0220 5528 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:58:27.0236 5528 MSiSCSI - ok
12:58:27.0251 5528 msiserver - ok
12:58:27.0314 5528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:58:27.0314 5528 MSKSSRV - ok
12:58:27.0407 5528 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:58:27.0407 5528 MsMpSvc - ok
12:58:27.0423 5528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:27.0423 5528 MSPCLOCK - ok
12:58:27.0438 5528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:58:27.0438 5528 MSPQM - ok
12:58:27.0516 5528 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:58:27.0548 5528 MsRPC - ok
12:58:27.0579 5528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:58:27.0594 5528 mssmbios - ok
12:58:27.0641 5528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:58:27.0657 5528 MSTEE - ok
12:58:27.0672 5528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:58:27.0672 5528 MTConfig - ok
12:58:27.0704 5528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:58:27.0719 5528 Mup - ok
12:58:27.0750 5528 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:58:27.0766 5528 mwlPSDFilter - ok
12:58:27.0797 5528 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:58:27.0813 5528 mwlPSDNServ - ok
12:58:27.0828 5528 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:58:27.0844 5528 mwlPSDVDisk - ok
12:58:28.0000 5528 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
12:58:28.0016 5528 MWLService - ok
12:58:28.0078 5528 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:58:28.0109 5528 napagent - ok
12:58:28.0156 5528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:58:28.0172 5528 NativeWifiP - ok
12:58:28.0281 5528 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:58:28.0312 5528 NDIS - ok
12:58:28.0328 5528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:58:28.0343 5528 NdisCap - ok
12:58:28.0374 5528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:28.0390 5528 NdisTapi - ok
12:58:28.0406 5528 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:28.0421 5528 Ndisuio - ok
12:58:28.0499 5528 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:28.0515 5528 NdisWan - ok
12:58:28.0546 5528 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:58:28.0562 5528 NDProxy - ok
12:58:28.0624 5528 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
12:58:28.0655 5528 Net Driver HPZ12 - ok
12:58:28.0702 5528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:58:28.0718 5528 NetBIOS - ok
12:58:28.0780 5528 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:58:28.0796 5528 NetBT - ok
12:58:28.0827 5528 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:58:28.0827 5528 Netlogon - ok
12:58:28.0889 5528 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:58:28.0905 5528 Netman - ok
12:58:28.0998 5528 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:58:29.0014 5528 NetMsmqActivator - ok
12:58:29.0045 5528 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:58:29.0045 5528 NetPipeActivator - ok
12:58:29.0092 5528 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:58:29.0123 5528 netprofm - ok
12:58:29.0232 5528 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
12:58:29.0248 5528 netr28ux - ok
12:58:29.0357 5528 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:58:29.0357 5528 NetTcpActivator - ok
12:58:29.0388 5528 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:58:29.0388 5528 NetTcpPortSharing - ok
12:58:29.0435 5528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:58:29.0451 5528 nfrd960 - ok
12:58:29.0482 5528 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:58:29.0498 5528 NisDrv - ok
12:58:29.0591 5528 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
12:58:29.0607 5528 NisSrv - ok
12:58:29.0700 5528 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:58:29.0716 5528 NlaSvc - ok
12:58:29.0841 5528 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
12:58:29.0856 5528 nmservice - ok
12:58:29.0934 5528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:58:29.0950 5528 Npfs - ok
12:58:29.0981 5528 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:58:29.0997 5528 nsi - ok
12:58:30.0012 5528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:58:30.0028 5528 nsiproxy - ok
12:58:30.0215 5528 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:58:30.0262 5528 Ntfs - ok
12:58:30.0356 5528 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)

 

[Dark_Weave]

\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:58:30.0371 5528 NTI IScheduleSvc - ok
12:58:30.0418 5528 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:58:30.0434 5528 NTIBackupSvc - ok
12:58:30.0543 5528 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:58:30.0558 5528 NTIDrvr - ok
12:58:30.0590 5528 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:58:30.0621 5528 NTISchedulerSvc - ok
12:58:30.0652 5528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:58:30.0668 5528 Null - ok
12:58:30.0746 5528 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:58:30.0761 5528 nvraid - ok
12:58:30.0808 5528 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:58:30.0824 5528 nvstor - ok
12:58:30.0870 5528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:58:30.0886 5528 nv_agp - ok
12:58:30.0917 5528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:58:30.0933 5528 ohci1394 - ok
12:58:30.0964 5528 omtllipe - ok
12:58:31.0073 5528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:58:31.0089 5528 ose - ok
12:58:31.0479 5528 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:58:31.0588 5528 osppsvc - ok
12:58:31.0713 5528 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:58:31.0744 5528 p2pimsvc - ok
12:58:31.0791 5528 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:58:31.0822 5528 p2psvc - ok
12:58:31.0884 5528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:58:31.0900 5528 Parport - ok
12:58:31.0962 5528 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
12:58:31.0978 5528 partmgr - ok
12:58:32.0009 5528 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:58:32.0040 5528 PcaSvc - ok
12:58:32.0072 5528 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
12:58:32.0087 5528 pci - ok
12:58:32.0134 5528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:58:32.0134 5528 pciide - ok
12:58:32.0196 5528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:58:32.0212 5528 pcmcia - ok
12:58:32.0259 5528 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
12:58:32.0274 5528 PCTBD - ok
12:58:32.0290 5528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:58:32.0306 5528 pcw - ok
12:58:32.0368 5528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:58:32.0384 5528 PEAUTH - ok
12:58:32.0462 5528 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:58:32.0477 5528 PerfHost - ok
12:58:32.0664 5528 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:58:32.0696 5528 pla - ok
12:58:32.0758 5528 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
12:58:32.0789 5528 PlugPlay - ok
12:58:32.0867 5528 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
12:58:32.0883 5528 Pml Driver HPZ12 - ok
12:58:32.0930 5528 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
12:58:32.0945 5528 pnarp - ok
12:58:32.0976 5528 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:58:32.0992 5528 PNRPAutoReg - ok
12:58:33.0039 5528 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:58:33.0039 5528 PNRPsvc - ok
12:58:33.0132 5528 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:58:33.0148 5528 PolicyAgent - ok
12:58:33.0195 5528 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:58:33.0226 5528 Power - ok
12:58:33.0273 5528 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:58:33.0288 5528 PptpMiniport - ok
12:58:33.0320 5528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:58:33.0335 5528 Processor - ok
12:58:33.0382 5528 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
12:58:33.0413 5528 ProfSvc - ok
12:58:33.0444 5528 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:58:33.0444 5528 ProtectedStorage - ok
12:58:33.0460 5528 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:58:33.0491 5528 Psched - ok
12:58:33.0538 5528 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
12:58:33.0554 5528 purendis - ok
12:58:33.0663 5528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:58:33.0694 5528 ql2300 - ok
12:58:33.0819 5528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:58:33.0834 5528 ql40xx - ok
12:58:33.0881 5528 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:58:33.0912 5528 QWAVE - ok
12:58:33.0944 5528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:58:33.0959 5528 QWAVEdrv - ok
12:58:33.0975 5528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:58:33.0975 5528 RasAcd - ok
12:58:34.0006 5528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:58:34.0022 5528 RasAgileVpn - ok
12:58:34.0037 5528 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:58:34.0053 5528 RasAuto - ok
12:58:34.0115 5528 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:34.0131 5528 Rasl2tp - ok
12:58:34.0209 5528 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:58:34.0224 5528 RasMan - ok
12:58:34.0287 5528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:34.0302 5528 RasPppoe - ok
12:58:34.0334 5528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:58:34.0349 5528 RasSstp - ok
12:58:34.0458 5528 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:58:34.0474 5528 rdbss - ok
12:58:34.0505 5528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:58:34.0521 5528 rdpbus - ok
12:58:34.0552 5528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:34.0552 5528 RDPCDD - ok
12:58:34.0583 5528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:58:34.0583 5528 RDPENCDD - ok
12:58:34.0614 5528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:58:34.0614 5528 RDPREFMP - ok
12:58:34.0661 5528 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
12:58:34.0692 5528 RDPWD - ok
12:58:34.0770 5528 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:58:34.0786 5528 rdyboost - ok
12:58:34.0848 5528 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:58:34.0864 5528 RemoteAccess - ok
12:58:34.0895 5528 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:58:34.0911 5528 RemoteRegistry - ok
12:58:34.0958 5528 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
12:58:34.0973 5528 RMCAST - ok
12:58:35.0004 5528 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:58:35.0020 5528 RpcEptMapper - ok
12:58:35.0051 5528 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:58:35.0051 5528 RpcLocator - ok
12:58:35.0114 5528 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:58:35.0129 5528 RpcSs - ok
12:58:35.0176 5528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:58:35.0192 5528 rspndr - ok
12:58:35.0238 5528 RSUSBSTOR (b1d04ed92d148b54169499d9568a3c55) C:\Windows\System32\Drivers\RtsUStor.sys
12:58:35.0254 5528 RSUSBSTOR - ok
12:58:35.0332 5528 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
12:58:35.0348 5528 RS_Service - ok
12:58:35.0394 5528 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
12:58:35.0410 5528 RTHDMIAzAudService - ok
12:58:35.0457 5528 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:58:35.0488 5528 RTL8167 - ok
12:58:35.0504 5528 RtsUIR - ok
12:58:35.0550 5528 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:58:35.0550 5528 SamSs - ok
12:58:35.0597 5528 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
12:58:35.0613 5528 sbp2port - ok
12:58:35.0660 5528 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:58:35.0691 5528 SCardSvr - ok
12:58:35.0738 5528 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
12:58:35.0769 5528 SCDEmu - ok
12:58:35.0816 5528 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:58:35.0831 5528 scfilter - ok
12:58:35.0956 5528 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:58:35.0987 5528 Schedule - ok
12:58:36.0034 5528 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:58:36.0050 5528 SCPolicySvc - ok
12:58:36.0065 5528 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:58:36.0096 5528 SDRSVC - ok
12:58:36.0143 5528 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:58:36.0174 5528 seclogon - ok
12:58:36.0237 5528 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:58:36.0252 5528 SENS - ok
12:58:36.0284 5528 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:58:36.0299 5528 SensrSvc - ok
12:58:36.0346 5528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:58:36.0362 5528 Serenum - ok
12:58:36.0393 5528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:58:36.0408 5528 Serial - ok
12:58:36.0440 5528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:58:36.0455 5528 sermouse - ok
12:58:36.0564 5528 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:58:36.0580 5528 SessionEnv - ok
12:58:36.0611 5528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:58:36.0611 5528 sffdisk - ok
12:58:36.0642 5528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:58:36.0642 5528 sffp_mmc - ok
12:58:36.0658 5528 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
12:58:36.0658 5528 sffp_sd - ok
12:58:36.0705 5528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:58:36.0720 5528 sfloppy - ok
12:58:36.0814 5528 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:58:36.0830 5528 SharedAccess - ok
12:58:36.0923 5528 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:58:36.0939 5528 ShellHWDetection - ok
12:58:36.0986 5528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:58:37.0001 5528 SiSRaid2 - ok
12:58:37.0032 5528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:58:37.0048 5528 SiSRaid4 - ok
12:58:37.0079 5528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:58:37.0110 5528 Smb - ok
12:58:37.0173 5528 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:58:37.0188 5528 SNMPTRAP - ok
12:58:37.0220 5528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:58:37.0235 5528 spldr - ok
12:58:37.0329 5528 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:58:37.0344 5528 Spooler - ok
12:58:37.0578 5528 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:58:37.0641 5528 sppsvc - ok
12:58:37.0750 5528 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:58:37.0766 5528 sppuinotify - ok
12:58:37.0906 5528 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:58:37.0937 5528 srv - ok
12:58:38.0046 5528 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:58:38.0062 5528 srv2 - ok
12:58:38.0140 5528 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:58:38.0156 5528 srvnet - ok
12:58:38.0234 5528 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:58:38.0249 5528 SSDPSRV - ok
12:58:38.0296 5528 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:58:38.0312 5528 SstpSvc - ok
12:58:38.0327 5528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:58:38.0343 5528 stexstor - ok
12:58:38.0436 5528 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:58:38.0452 5528 stisvc - ok
12:58:38.0483 5528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:58:38.0483 5528 swenum - ok
12:58:38.0639 5528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:58:38.0655 5528 SwitchBoard - ok
12:58:38.0733 5528 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:58:38.0748 5528 swprv - ok
12:58:38.0795 5528 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
12:58:38.0811 5528 SynTP - ok
12:58:38.0967 5528 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:58:39.0014 5528 SysMain - ok
12:58:39.0123 5528 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:58:39.0154 5528 TabletInputService - ok
12:58:39.0185 5528 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:58:39.0216 5528 TapiSrv - ok
12:58:39.0248 5528 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:58:39.0279 5528 TBS - ok
12:58:39.0450 5528 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
12:58:39.0497 5528 Tcpip - ok
12:58:39.0747 5528 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
12:58:39.0778 5528 TCPIP6 - ok
12:58:39.0934 5528 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:58:39.0950 5528 tcpipreg - ok
12:58:40.0012 5528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:58:40.0012 5528 TDPIPE - ok
12:58:40.0059 5528 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
12:58:40.0074 5528 TDTCP - ok
12:58:40.0121 5528 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:58:40.0137 5528 tdx - ok
12:58:40.0215 5528 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
12:58:40.0230 5528 TermDD - ok
12:58:40.0324 5528 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:58:40.0340 5528 TermService - ok
12:58:40.0418 5528 TfFsMon - ok
12:58:40.0433 5528 TfNetMon - ok
12:58:40.0464 5528 TFSysMon - ok
12:58:40.0511 5528 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:58:40.0527 5528 Themes - ok
12:58:40.0574 5528 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:58:40.0589 5528 THREADORDER - ok
12:58:40.0620 5528 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:58:40.0636 5528 TrkWks - ok
12:58:40.0730 5528 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:58:40.0745 5528 TrustedInstaller - ok
12:58:40.0761 5528 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:58:40.0776 5528 tssecsrv - ok
12:58:40.0823 5528 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:58:40.0839 5528 tunnel - ok
12:58:40.0901 5528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:58:40.0917 5528 uagp35 - ok
12:58:40.0964 5528 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:58:40.0979 5528 UBHelper - ok
12:58:41.0057 5528 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:58:41.0088 5528 udfs - ok
12:58:41.0151 5528 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:58:41.0166 5528 UI0Detect - ok
12:58:41.0198 5528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:58:41.0213 5528 uliagpkx - ok
12:58:41.0260 5528 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
12:58:41.0260 5528 umbus - ok
12:58:41.0307 5528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:58:41.0307 5528 UmPass - ok
12:58:41.0400 5528 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:58:41.0416 5528 Updater Service - ok
12:58:41.0478 5528 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:58:41.0494 5528 upnphost - ok
12:58:41.0572 5528 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
12:58:41.0588 5528 usbaudio - ok
12:58:41.0650 5528 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
12:58:41.0666 5528 usbccgp - ok
12:58:41.0681 5528 USBCCID - ok
12:58:41.0712 5528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:58:41.0744 5528 usbcir - ok
12:58:41.0790 5528 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
12:58:41.0806 5528 usbehci - ok
12:58:41.0837 5528 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
12:58:41.0853 5528 usbfilter - ok
12:58:41.0884 5528 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
12:58:41.0931 5528 usbhub - ok
12:58:41.0978 5528 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
12:58:41.0993 5528 usbohci - ok
12:58:42.0040 5528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:58:42.0056 5528 usbprint - ok
12:58:42.0102 5528 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
12:58:42.0118 5528 USBSTOR - ok
12:58:42.0165 5528 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
12:58:42.0180 5528 usbuhci - ok
12:58:42.0274 5528 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
12:58:42.0290 5528 usbvideo - ok
12:58:42.0336 5528 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:58:42.0352 5528 UxSms - ok
12:58:42.0383 5528 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:58:42.0399 5528 VaultSvc - ok
12:58:42.0446 5528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:58:42.0461 5528 vdrvroot - ok
12:58:42.0539 5528 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:58:42.0555 5528 vds - ok
12:58:42.0695 5528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:42.0742 5528 vga - ok
12:58:42.0773 5528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:58:42.0789 5528 VgaSave - ok
12:58:42.0882 5528 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
12:58:42.0898 5528 vhdmp - ok
12:58:42.0945 5528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:58:42.0960 5528 viaide - ok
12:58:43.0023 5528 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
12:58:43.0038 5528 volmgr - ok
12:58:43.0116 5528 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:58:43.0148 5528 volmgrx - ok
12:58:43.0194 5528 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
12:58:43.0210 5528 volsnap - ok
12:58:43.0288 5528 Vsdatant (d203181902342ab09d615f4b1474f9aa) C:\Windows\system32\DRIVERS\vsdatant.sys
12:58:43.0319 5528 Vsdatant - ok
12:58:43.0382 5528 vsmon - ok
12:58:43.0444 5528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:58:43.0460 5528 vsmraid - ok
12:58:43.0600 5528 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:58:43.0631 5528 VSS - ok
12:58:43.0756 5528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:58:43.0772 5528 vwifibus - ok
12:58:43.0803 5528 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:58:43.0818 5528 vwififlt - ok
12:58:43.0850 5528 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:58:43.0865 5528 vwifimp - ok
12:58:43.0959 5528 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:58:43.0974 5528 W32Time - ok
12:58:44.0021 5528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:58:44.0037 5528 WacomPen - ok
12:58:44.0099 5528 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:44.0115 5528 WANARP - ok
12:58:44.0130 5528 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:44.0130 5528 Wanarpv6 - ok
12:58:44.0286 5528 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:58:44.0318 5528 WatAdminSvc - ok
12:58:44.0442 5528 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:58:44.0474 5528 wbengine - ok
12:58:44.0598 5528 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:58:44.0630 5528 WbioSrvc - ok
12:58:44.0708 5528 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
12:58:44.0739 5528 wcncsvc - ok
12:58:44.0770 5528 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:58:44.0801 5528 WcsPlugInService - ok
12:58:44.0848 5528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:58:44.0864 5528 Wd - ok
12:58:44.0942 5528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:58:44.0957 5528 Wdf01000 - ok
12:58:44.0988 5528 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:58:45.0004 5528 WdiServiceHost - ok
12:58:45.0020 5528 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:58:45.0035 5528 WdiSystemHost - ok
12:58:45.0082 5528 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
12:58:45.0113 5528 WebClient - ok
12:58:45.0144 5528 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:58:45.0176 5528 Wecsvc - ok
12:58:45.0191 5528 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:58:45.0222 5528 wercplsupport - ok
12:58:45.0254 5528 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:58:45.0269 5528 WerSvc - ok
12:58:45.0332 5528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:58:45.0332 5528 WfpLwf - ok
12:58:45.0363 5528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:58:45.0378 5528 WIMMount - ok
12:58:45.0441 5528 WinDefend - ok
12:58:45.0519 5528 WinHttpAutoProxySvc - ok
12:58:45.0581 5528 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:58:45.0597 5528 Winmgmt - ok
12:58:45.0753 5528 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:58:45.0800 5528 WinRM - ok
12:58:46.0002 5528 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:58:46.0034 5528 Wlansvc - ok
12:58:46.0112 5528 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:58:46.0143 5528 wlcrasvc - ok
12:58:46.0392 5528 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:58:46.0439 5528 wlidsvc - ok
12:58:46.0580 5528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:58:46.0580 5528 WmiAcpi - ok
12:58:46.0658 5528 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:58:46.0673 5528 wmiApSrv - ok
12:58:46.0736 5528 WMPNetworkSvc - ok
12:58:46.0782 5528 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:58:46.0798 5528 WPCSvc - ok
12:58:46.0845 5528 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:58:46.0860 5528 WPDBusEnum - ok
12:58:46.0923 5528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:58:46.0938 5528 ws2ifsl - ok
12:58:47.0048 5528 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
12:58:47.0079 5528 wscsvc - ok
12:58:47.0094 5528 WSearch - ok
12:58:47.0313 5528 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:58:47.0360 5528 wuauserv - ok
12:58:47.0531 5528 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:58:47.0547 5528 WudfPf - ok
12:58:47.0609 5528 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:47.0625 5528 WUDFRd - ok
12:58:47.0687 5528 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
12:58:47.0718 5528 wudfsvc - ok
12:58:47.0796 5528 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:58:47.0859 5528 WwanSvc - ok
12:58:47.0952 5528 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
12:58:47.0968 5528 xusb21 - ok
12:58:48.0296 5528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:58:48.0311 5528 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:58:48.0311 5528 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:58:48.0342 5528 Boot (0x1200) (f381f3c9f65433075b4d8727bb92d17a) \Device\Harddisk0\DR0\Partition0
12:58:48.0342 5528 \Device\Harddisk0\DR0\Partition0 - ok
12:58:48.0374 5528 Boot (0x1200) (a380bc52fd4c865a312cd49e75ba943e) \Device\Harddisk0\DR0\Partition1
12:58:48.0374 5528 \Device\Harddisk0\DR0\Partition1 - ok
12:58:48.0374 5528 ============================================================
12:58:48.0374 5528 Scan finished
12:58:48.0374 5528 ============================================================
12:58:48.0389 4880 Detected object count: 1
12:58:48.0389 4880 Actual detected object count: 1

 

[Dark_Weave]

k, Ill be back within the next 3 hours. I have to run to a friends house. He needs some help with his guitar.

 

[Broni]

I didn't ask for TDSSKiller log.

MBAM log is incorrect.

One more time:

Read all of my instructions very carefully.

 

[Dark_Weave]

Sorry for the wait, I'm back.

 

[Dark_Weave]

MBAM LOG:
2012/06/30 05:26:46 -0400 DRAGON Lotus MESSAGE Starting protection
2012/06/30 05:26:58 -0400 DRAGON Lotus MESSAGE Protection started successfully
2012/06/30 05:27:01 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 05:27:11 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
2012/06/30 05:32:44 -0400 DRAGON Lotus IP-BLOCK 212.113.46.142 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:41:52 -0400 DRAGON Lotus IP-BLOCK 89.28.80.233 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:42:50 -0400 DRAGON Lotus IP-BLOCK 31.133.47.225 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:58:03 -0400 DRAGON Lotus IP-BLOCK 222.65.156.107 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 05:59:01 -0400 DRAGON Lotus IP-BLOCK 89.28.46.208 (Type: outgoing, Port: 63346, Process: utorrent.exe)
2012/06/30 10:00:46 -0400 DRAGON Lotus MESSAGE Starting protection
2012/06/30 10:00:55 -0400 DRAGON Lotus MESSAGE Protection started successfully
2012/06/30 10:00:58 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 10:01:07 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
2012/06/30 11:06:23 -0400 DRAGON Lotus MESSAGE Starting protection
2012/06/30 11:06:35 -0400 DRAGON Lotus MESSAGE Protection started successfully
2012/06/30 11:06:38 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 11:06:46 -0400 DRAGON Lotus MESSAGE IP Protection started successfully
2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/06/30 15:16:33 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/30 15:16:34 -0400 DRAGON Lotus ERROR Quarantine failed: DeleteFile failed with error code 5
2012/06/30 16:19:08 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/30 16:29:18 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/30 16:57:32 -0400 DRAGON Lotus DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/30 18:55:44 -0400 DRAGON Lotus MESSAGE Executing scheduled update: Daily
2012/06/30 18:56:05 -0400 DRAGON Lotus MESSAGE Scheduled update executed successfully: database updated from version v2012.06.29.11 to version v2012.06.30.07
2012/06/30 18:56:06 -0400 DRAGON Lotus MESSAGE Starting database refresh
2012/06/30 18:56:06 -0400 DRAGON Lotus MESSAGE Stopping IP protection
2012/06/30 19:03:08 -0400 DRAGON Lotus MESSAGE IP Protection stopped
2012/06/30 19:03:16 -0400 DRAGON Lotus MESSAGE Database refreshed successfully
2012/06/30 19:03:16 -0400 DRAGON Lotus MESSAGE Starting IP protection
2012/06/30 19:03:25 -0400 DRAGON Lotus MESSAGE IP Protection started successfully

 

[Broni]

This is not correct MBAM log.
Please re-read instructions how to run it.

 

[Dark_Weave]

No. This is correct Log. I read instructions. Performed a quick scan, located file. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-06-30
Want me to quarantine the Virus? Then Scan again?

 

[Dark_Weave]

 

[Dark_Weave]

Ran full scan with Zone alarm- it found nothing. So here is the txt file.. you requested in the instructions.

 

[Dark_Weave]

I quarantined the virus and ran another scan. Here is the text file that popped up after the scan was finnished.
__________________________________________________________________________
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.30.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lotus :: DRAGON [administrator]
Protection: Enabled
7/1/2012 12:33:08 AM
mbam-log-2012-07-01 (00-42-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274517
Time elapsed: 9 minute(s), 14 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3652 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)

 

[Broni]

Now you posted correct log.

Ran full scan with Zone alarm- it found nothing

Please observe my rules:

Please refrain from running tools or applying updates other than those I suggest.

====================================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Dark_Weave]

ComboFix 12-06-30.01 - Lotus 07/01/2012 1:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1852 [GMT -4:00]
Running from: c:\users\Lotus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\yfl\AppData\Local\temp
2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\Mcx1-DRAGON\AppData\Local\temp
2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 06:56 . 2012-07-01 06:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-01 05:09 . 2012-07-01 05:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-30 16:46 . 2012-06-30 16:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\offreg.dll
2012-06-30 15:01 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{509EEC17-537B-4979-A131-DE504F7BEC54}\gapaengine.dll
2012-06-30 13:43 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1300BB39-F16E-4E5B-BD09-2F91EF1A8E56}\gapaengine.dll
2012-06-29 07:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9570A06E-15A1-4B3C-8930-61223DAED9C9}\mpengine.dll
2012-06-27 22:18 . 2012-06-27 22:18 -------- d-----w- c:\users\Lotus\AppData\Roaming\Unity
2012-06-27 22:16 . 2012-06-27 22:16 -------- d-----w- c:\users\Lotus\AppData\Roaming\.mono
2012-06-27 22:16 . 2012-06-27 22:16 -------- d-----w- c:\programdata\.mono
2012-06-27 21:27 . 2012-06-27 21:27 -------- d-----w- c:\users\Lotus\AppData\Local\Unity
2012-06-23 05:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 05:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 05:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 05:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 05:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 05:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 05:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 05:04 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 05:04 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 03:12 . 2012-06-18 07:49 -------- d-----w- c:\program files (x86)\DIABLO MULE
2012-06-16 02:51 . 2012-06-16 02:52 -------- d-----w- c:\users\DIABLO II
2012-06-14 13:44 . 2012-06-14 13:44 -------- d-----w- c:\programdata\RELOADED
2012-06-14 13:27 . 2012-06-14 13:44 -------- d-----w- c:\program files (x86)\Sins of a Solar Empire Rebellion
2012-06-14 11:35 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EC52D1D-4CE7-4FF4-AEB5-BE049540D265}\mpengine.dll
2012-06-14 07:16 . 2012-06-14 07:35 -------- d-----w- c:\users\Lotus\AppData\Roaming\ApplicationData
2012-06-14 06:02 . 2012-06-14 06:03 -------- d-----w- C:\13e7c5c121ce82a898152841
2012-06-13 01:04 . 2012-06-14 01:04 -------- d-----w- c:\windows\AutoKMS
2012-06-12 22:27 . 2012-06-12 22:27 -------- d-----w- c:\programdata\Kaspersky SDK
2012-06-12 22:22 . 2012-06-12 22:22 -------- d-----w- c:\users\Lotus\AppData\Roaming\CheckPoint
2012-06-12 22:22 . 2012-06-12 22:22 -------- d-----w- c:\users\Lotus\AppData\Roaming\MailFrontier
2012-06-12 22:05 . 2012-06-12 22:05 -------- d-----w- c:\program files\CheckPoint
2012-06-12 22:05 . 2009-10-17 04:39 72584 ----a-w- c:\windows\zllsputility.exe
2012-06-12 22:05 . 2009-10-12 22:15 157712 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-06-12 22:04 . 2009-10-17 04:39 69000 ----a-w- c:\windows\SysWow64\zlcomm.dll
2012-06-12 22:04 . 2009-10-17 04:39 103816 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2012-06-12 22:03 . 2009-10-17 04:39 1238408 ----a-w- c:\windows\SysWow64\zpeng25.dll
2012-06-12 22:03 . 2012-06-13 02:17 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2012-06-12 22:03 . 2009-10-17 04:41 445640 ----a-w- c:\windows\system32\drivers\~GLH0020.TMP
2012-06-12 22:02 . 2009-10-17 04:41 445640 ------w- c:\windows\system32\drivers\vsdatant.sys
2012-06-12 22:02 . 2012-06-12 22:02 -------- d-----w- c:\program files (x86)\Zone Labs
2012-06-12 22:01 . 2012-06-12 22:01 -------- d-----w- c:\programdata\CheckPoint
2012-06-12 22:01 . 2012-07-01 05:01 -------- d-----w- c:\windows\Internet Logs
2012-06-12 21:53 . 2012-05-18 01:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-12 21:52 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 21:52 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 21:52 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 21:52 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 21:52 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 21:52 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 21:52 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 21:52 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 21:52 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 21:52 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-12 21:52 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 21:51 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 21:51 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 21:51 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 21:51 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 21:51 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 21:51 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 06:39 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2012-06-12 06:38 . 2012-06-12 06:38 -------- d-----w- c:\programdata\Start Orb Manager
2012-06-12 06:38 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer_backup.exe
2012-06-12 05:00 . 2009-06-19 19:56 712704 ----a-w- c:\windows\system32\netr28x.sys
2012-06-12 05:00 . 2012-06-12 05:00 -------- d-----w- c:\programdata\Ralink
2012-06-12 04:57 . 2012-06-12 04:57 -------- d-----w- c:\windows\Options
2012-06-12 04:57 . 2012-06-12 04:57 -------- d-----w- c:\program files (x86)\Atheros
2012-06-12 04:57 . 2009-10-05 13:34 1542656 ----a-w- c:\windows\system32\athrx.sys
2012-06-12 04:56 . 2012-06-12 04:57 -------- d-----w- c:\programdata\Atheros
2012-06-11 22:33 . 2012-06-11 22:33 -------- d-----w- c:\program files\CCleaner
2012-06-10 09:15 . 2012-06-10 09:17 -------- d-----w- c:\windows\W7SBC
2012-06-10 09:15 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2012-06-10 09:15 . 2011-02-26 06:23 2387456 ----a-w- c:\windows\explorer.exe
2012-06-10 08:31 . 2012-06-10 08:31 -------- d-----w- c:\programdata\NVIDIA
2012-06-10 08:21 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-06-10 03:07 . 2012-06-10 03:07 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-06-10 03:05 . 2012-06-10 03:05 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-06-10 01:00 . 2012-06-10 01:00 -------- d-----w- c:\users\Lotus\AppData\Roaming\Yahoo!
2012-06-10 00:17 . 2012-06-10 00:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-10 00:15 . 2012-06-10 00:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-10 00:12 . 2012-06-10 00:12 -------- d-----r- C:\MSOCache
2012-06-09 05:44 . 2012-06-09 05:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-09 01:23 . 2012-06-09 01:23 -------- d-----w- C:\DriveKey
2012-06-09 01:20 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-07 21:27 . 2012-06-07 21:27 -------- d-----w- c:\users\Lotus\AppData\Roaming\Babylon
2012-06-07 21:19 . 2012-06-07 23:10 -------- d-----w- c:\program files\SmartPCFixer
2012-06-07 11:19 . 2011-09-28 17:14 70760 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-06-06 06:02 . 2012-06-06 06:02 -------- d--h--w- c:\programdata\CanonBJ
2012-06-06 06:02 . 2010-04-24 09:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
2012-06-06 06:02 . 2010-04-24 09:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
2012-06-06 06:02 . 2012-06-06 06:02 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-06-06 06:02 . 2010-04-24 09:00 336896 ----a-w- c:\windows\system32\CNMLM9W.DLL
2012-06-06 06:02 . 2009-03-18 13:10 244736 ----a-w- c:\windows\system32\CNMIU9W.DLL
2012-06-06 06:01 . 2012-06-06 06:01 -------- d--h--w- c:\program files\CanonBJ
2012-06-04 22:52 . 2012-06-04 22:56 -------- d-----w- c:\users\Lotus\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2012-06-04 22:51 . 2012-06-04 22:51 -------- d--h--r- c:\users\Lotus\AppData\Roaming\SecuROM
2012-06-04 22:39 . 2012-06-04 22:39 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-04 11:51 . 2012-06-04 11:51 -------- d-----w- c:\users\Lotus\AppData\Roaming\YourFileDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 03:27 . 2011-09-05 14:27 2829 ----a-w- c:\windows\DIIUnin.pif
2012-06-16 03:27 . 2011-09-05 14:27 94208 ----a-w- c:\windows\DIIUnin.exe
2012-06-15 20:30 . 2011-03-07 02:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-15 20:27 . 2011-03-07 02:13 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-15 20:26 . 2011-03-07 02:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-14 08:29 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-14 08:29 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2012-06-09 22:41 . 2011-04-10 03:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-09 22:40 . 2011-04-10 03:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-09 22:40 . 2011-04-10 03:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-23 10:04 . 2011-03-07 02:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-08 17:02 . 2011-09-02 21:24 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-04-20 20:18 . 2011-04-10 03:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-04 19:56 . 2010-01-30 11:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[-] 2011-02-26 . CA19B463CA3CACC5E0F3ADF494B2E815 . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 16:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-01 1157128]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
.
c:\users\Lotus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-7-28 576000]
ubisoft register.lnk - c:\program files (x86)\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-21 708608]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 omtllipe;omtllipe;c:\windows\system32\drivers\omtllipe.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2011-09-28 70760]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-26 219136]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]
R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-10-14 44664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37170695
*Deregistered* - 37170695
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-06-13 01:04]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 05:46]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 05:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-30 200704]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273601105635l03c4z115t48k2v600
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: btjunkie.com\www
Trusted Zone: btjunkie.org\www
Trusted Zone: evony.com\www
Trusted Zone: ivytech.edu\www
Trusted Zone: yahoo.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DDECF472-6803-4EEC-861E-C63FDDA8E9EA}: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{aac4043a-8832-4abe-9963-35377f30b8e6} - (no file)
Toolbar-Locked - (no file)
Toolbar-{aac4043a-8832-4abe-9963-35377f30b8e6} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-PCHealthBoost - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe
AddRemove-CohMapPack - c:\program files (x86)\NCsoft\City of Heroes\uninstall_vm_mappack_i21.exe
AddRemove-NCsoft-CityOfHeroes - c:\program files (x86)\ncsoft\launcher\NCLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1228520339-2595029199-2838376600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1228520339-2595029199-2838376600-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-01 03:48:22
ComboFix-quarantined-files.txt 2012-07-01 07:48
ComboFix2.txt 2012-05-31 15:17
.
Pre-Run: 101,443,813,376 bytes free
Post-Run: 101,710,548,992 bytes free
.
- - End Of File - - C0B29D4C93483D235376072E238516B2