Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef B/Y infection - 64 bit Windows 7


  • This topic is locked This topic is locked
35 replies to this topic

#1 BarnesyJR4

BarnesyJR4

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 26 June 2012 - 02:27 PM

Hello there!

I am brand new to this site, and have been following all the instructions as carefully as I can, but just wanted to get that disclaimer out of the way!

I am currently having issues with the Sirefef virus/worm on a 64 bit copy of Windows 7 Home Premium. Unfortunately, I didn't realise it was a worm until a while after trying to treat it, mainly because I'm an idiot and have been lax with keeping my security up to date.

The first symptom I found was the lack of the Base Filtering System and associated services. At this time, not realising I was under attack, I went through the registry and allowed full access to Everybody, as seemed to be the fix. While these services are now in play, the next symptom that I encountered was the lack of Windows Firewall or Defender. Neither of these are working. Also tried the same trick on the Firewall registry, but to no avail.

Here I made a further desperate mistake by downloading and running three separate anti-malware programs... and then found out this wasn't the best way to proceed, and may have made things worse. Interestingly, after running all three (Microsoft Security Essentials, Malwarebytes Anti-Malware and Super Antispyware) they've all detected a worm or virus, but MBAM points to a syshost.exe virus, while SAS points to the Sirefef worm. None of them will actually remove the infection completely. When I run another scan, the same issues are found again.

So I'm mighty confused, and in a muddle and will be eternally grateful if anyone can get me back onto the road to recovery.

Also, for reference, I have run the sfc/scannow command in Command Prompt. It found a few errors and fixed them. I also attempted a system restore, but that failed due to an unknown exception.

When opening Windows Firewall, it won't update to recommended settings, and when I go into advanced settings, it gives me the 0x6D9 code.

I have followed all the preparation instructions, and really hoping we might be able to fix this without going to a factory settings restore. To be honest, I'm not even sure if that would work at this point.

Help me! You're my only hope!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paul Barnes at 18:12:03 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6013.4189 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
E:\Program Files (x86)\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Paul Barnes\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Program Files (x86)\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul Barnes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php?
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3802&r=17360610cn16974e54s15uy4i1j84q
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3802&r=17360610cn16974e54s15uy4i1j84q
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3802&r=17360610cn16974e54s15uy4i1j84q
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - E:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - E:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Paul Barnes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] "E:\Program Files (x86)\Adobe Bridge CS5.1\Bridge.exe" -stealth
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [PeerBlock] E:\Program Files\PeerBlock\peerblock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "E:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "E:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\PAULBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paul Barnes\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\PAULBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\PAULBA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/openapi/receivers/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{23B618D8-472A-4FF0-916F-014479753F93} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D5F49E8-5545-41DC-AD29-B1870FDA0AD1} : NameServer = 192.168.1.254,212.139.132.36,212.139.132.37
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files (x86)\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "E:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "E:\Program Files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-13 240160]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2009-12-2 54328]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-26 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-6 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-26 116648]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-26 16:24:07 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3A65973-7CFE-499E-8DC9-97CAA2F3B877}\offreg.dll
2012-06-25 21:36:57 -------- d-----w- C:\Users\Paul Barnes\AppData\Roaming\SUPERAntiSpyware.com
2012-06-25 21:36:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-25 21:36:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-25 21:08:00 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3A65973-7CFE-499E-8DC9-97CAA2F3B877}\mpengine.dll
2012-06-25 16:12:32 -------- d-----w- C:\Users\Paul Barnes\AppData\Local\ElevatedDiagnostics
2012-06-25 16:02:46 328704 ----a-w- C:\Windows\System32\services.exe.9A782693A1E00B67
2012-06-25 15:58:26 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9FB576F-27FA-4E0B-A019-E1A97DE10263}\gapaengine.dll
2012-06-25 15:58:01 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 15:56:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-25 15:56:50 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-22 15:08:55 -------- d-----w- C:\Users\Paul Barnes\AppData\Roaming\Malwarebytes
2012-06-22 15:08:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-22 15:08:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-22 15:08:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 06:12:59 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-19 16:34:50 9013136 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D277D120-B2E8-47C4-8530-521BFD47A77D}\mpengine.dll
2012-06-14 16:46:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:33:47 -------- d-----w- C:\Program Files\iTunes
2012-06-13 15:33:47 -------- d-----w- C:\Program Files\iPod
2012-06-05 15:30:31 -------- d-----w- C:\Program Files (x86)\Crusader Kings II 105b
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-28 15:23:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-23 19:13:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 19:13:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 05:53:58 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-04-04 05:53:56 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 18:12:48.63 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 June 2012 - 01:22 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 June 2012 - 04:13 AM

Good morning! Thankyou for such a fast reply. I'm afraid I am away from my computer until later on this afternoon, and will follow your instructions at that time.

Many thanks for you help and support!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 June 2012 - 07:27 AM

No problem and I will see you later today


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 June 2012 - 10:34 AM

Hi Gringo,

Sorry, I'm going to do this in a few posts. First off, here is the Security Check log. Just downloaded and about to run ComboFix, that will come next.

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#6 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 June 2012 - 11:29 AM

and here's the ComboFix log:


ComboFix 12-06-27.01 - Paul Barnes 27/06/2012 16:42:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6013.4319 [GMT 1:00]
Running from: c:\users\Paul Barnes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JOG3EBL\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\_ctypes.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\_elementtree.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\_hashlib.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\_socket.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\_ssl.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\pyexpat.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\pysqlite2._sqlite.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\python26.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\pythoncom26.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\PyWinTypes26.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\select.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\unicodedata.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32api.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32com.shell.shell.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32crypt.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32event.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32file.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32inet.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32pdh.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\win32process.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\windows._cacheinvalidation.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._controls_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._core_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._gdi_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._html2.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._misc_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._windows_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wx._wizard.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wxbase293u_net_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wxbase293u_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wxmsw293u_adv_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wxmsw293u_core_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wxmsw293u_html_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI25082\wxmsw293u_webview_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\_ctypes.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\_elementtree.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\_hashlib.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\_socket.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\_ssl.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\pyexpat.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\pysqlite2._sqlite.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\python26.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\pythoncom26.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\PyWinTypes26.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\select.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\unicodedata.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32api.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32com.shell.shell.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32crypt.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32event.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32file.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32inet.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32pdh.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\win32process.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\windows._cacheinvalidation.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._controls_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._core_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._gdi_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._html2.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._misc_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._windows_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wx._wizard.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wxbase293u_net_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wxbase293u_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wxmsw293u_adv_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wxmsw293u_core_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wxmsw293u_html_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI25082\wxmsw293u_webview_vc.dll
c:\windows\Installer\{294a10de-11ea-e5fe-2b34-566a13fb0172}\@
c:\windows\Installer\{294a10de-11ea-e5fe-2b34-566a13fb0172}\n
c:\windows\Installer\{294a10de-11ea-e5fe-2b34-566a13fb0172}\U\00000001.@
c:\windows\Installer\{294a10de-11ea-e5fe-2b34-566a13fb0172}\U\80000000.@
c:\windows\jestertb.dll
Z:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 15:56 . 2012-06-27 15:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3A65973-7CFE-499E-8DC9-97CAA2F3B877}\offreg.dll
2012-06-27 15:54 . 2012-06-27 15:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-27 15:54 . 2012-06-27 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 21:36 . 2012-06-25 21:36 -------- d-----w- c:\users\Paul Barnes\AppData\Roaming\SUPERAntiSpyware.com
2012-06-25 21:36 . 2012-06-26 17:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-25 21:36 . 2012-06-25 21:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-25 21:08 . 2012-06-18 02:12 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3A65973-7CFE-499E-8DC9-97CAA2F3B877}\mpengine.dll
2012-06-25 20:40 . 2012-06-26 17:24 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-25 16:12 . 2012-06-25 16:12 -------- d-----w- c:\users\Paul Barnes\AppData\Local\ElevatedDiagnostics
2012-06-25 16:02 . 2012-06-25 16:02 328704 ----a-w- c:\windows\system32\services.exe.9A782693A1E00B67
2012-06-25 15:58 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9FB576F-27FA-4E0B-A019-E1A97DE10263}\gapaengine.dll
2012-06-25 15:58 . 2012-06-18 02:12 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 15:56 . 2012-06-26 17:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 15:56 . 2012-06-26 17:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 15:08 . 2012-06-22 15:08 -------- d-----w- c:\users\Paul Barnes\AppData\Roaming\Malwarebytes
2012-06-22 15:08 . 2012-06-26 17:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 15:08 . 2012-06-22 15:08 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:08 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 06:12 . 2012-06-21 06:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 16:34 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D277D120-B2E8-47C4-8530-521BFD47A77D}\mpengine.dll
2012-06-14 16:46 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:33 . 2012-06-13 15:34 -------- d-----w- c:\program files\iTunes
2012-06-13 15:33 . 2012-06-13 15:33 -------- d-----w- c:\program files\iPod
2012-06-05 15:30 . 2012-06-05 15:32 -------- d-----w- c:\program files (x86)\Crusader Kings II 105b
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 19:13 . 2012-05-06 13:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 19:13 . 2011-07-19 15:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 05:53 . 2012-04-04 05:53 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-04 05:53 . 2012-04-04 05:53 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-03-30 11:09 . 2012-05-12 00:08 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="e:\program files (x86)\Adobe Bridge CS5.1\Bridge.exe" [2011-03-02 12008296]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-13 12163568]
"PeerBlock"="e:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="e:\program files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="e:\program files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Paul Barnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Logitech Touch Mouse Server.lnk - c:\program files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 178688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 116648]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 cpuz130;cpuz130;c:\users\PAULBA~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 116648]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-15 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2009-12-23 77656]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 7ba6d9abd607b069
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 19:13]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 21:12]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 21:12]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1727881459-313387097-2382810383-1000Core.job
- c:\users\Paul Barnes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 22:37]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1727881459-313387097-2382810383-1000UA.job
- c:\users\Paul Barnes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 22:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3802&r=17360610cn16974e54s15uy4i1j84q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D5F49E8-5545-41DC-AD29-B1870FDA0AD1}: NameServer = 192.168.1.254,212.139.132.36,212.139.132.37
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\7ba6d9abd607b069]
"ImagePath"="\SystemRoot\System32\Drivers\7ba6d9abd607b069.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1727881459-313387097-2382810383-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,4a,d3,a1,ab,66,20,87,94,23,72,ca,e5,95,4d,68,c8,e5,01,60,0a,
5d,bf,ae,ae,3b,d9,a9,dc,8c,32,b8,cd,f5,74,56,c6,96,bc,c7,3e,57,0a,11,b2,d7,\
"rkeysecu"=hex:b1,51,35,2e,83,37,b4,5e,2e,c8,87,93,c6,9e,72,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:53,3e,57,41,e4,50,58,fd,a3,33,25,6b,73,9a,a1,2f,cb,fc,3b,10,06,
cd,b5,18,c6,9a,e9,49,a8,dc,c3,01,88,a9,3e,38,1c,d0,89,71,31,7e,fe,e4,7b,f8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:53,3e,57,41,e4,50,58,fd,a3,33,25,6b,73,9a,a1,2f,cb,fc,3b,10,06,
cd,b5,18,c6,9a,e9,49,a8,dc,c3,01,88,a9,3e,38,1c,d0,89,71,31,7e,fe,e4,7b,f8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-06-27 17:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 16:12
.
Pre-Run: 391,960,207,360 bytes free
Post-Run: 391,829,458,944 bytes free
.
- - End Of File - - E125C729729B53BFE6216AE91AE670E9

#7 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 June 2012 - 11:33 AM

In terms of how the computer is doing now, as per your last instruction, there's very little I can say.
Overall computer functionality is pretty good, there seems to be little to no slow down. It appears to take a little longer to boot up Windows maybe and I can't turn the Firewall on still, so no major change thus far.

Hope this is of use, please let me know if there are any specific questions you'd like answers to.

As always, many thanks for your continued support!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 June 2012 - 02:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 June 2012 - 03:50 PM

Hi there!
Once again, I'm running this in realtime, and just so I don't lose anything, will split my replies into a few posts.

Here is the TDSS Killer report. One side note, it did say there was an error with a driver on the load up. No specific code was given, but continued to run anyway.

21:42:48.0306 2428 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:42:48.0486 2428 ============================================================
21:42:48.0486 2428 Current date / time: 2012/06/27 21:42:48.0486
21:42:48.0486 2428 SystemInfo:
21:42:48.0486 2428
21:42:48.0486 2428 OS Version: 6.1.7600 ServicePack: 0.0
21:42:48.0486 2428 Product type: Workstation
21:42:48.0486 2428 ComputerName: DARKSTARONE
21:42:48.0486 2428 UserName: Paul Barnes
21:42:48.0486 2428 Windows directory: C:\Windows
21:42:48.0486 2428 System windows directory: C:\Windows
21:42:48.0486 2428 Running under WOW64
21:42:48.0486 2428 Processor architecture: Intel x64
21:42:48.0486 2428 Number of processors: 4
21:42:48.0486 2428 Page size: 0x1000
21:42:48.0486 2428 Boot type: Normal boot
21:42:48.0486 2428 ============================================================
21:42:55.0471 2428 !crdlk
21:42:55.0543 2428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:42:55.0553 2428 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:42:56.0050 2428 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:43:05.0014 2428 ============================================================
21:43:05.0014 2428 \Device\Harddisk0\DR0:
21:43:05.0028 2428 MBR partitions:
21:43:05.0028 2428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
21:43:05.0028 2428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x396E7000
21:43:05.0028 2428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3AF19800, BlocksNum 0x397EC800
21:43:05.0028 2428 \Device\Harddisk1\DR1:
21:43:05.0028 2428 MBR partitions:
21:43:05.0028 2428 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:43:05.0028 2428 \Device\Harddisk2\DR2:
21:43:05.0029 2428 MBR partitions:
21:43:05.0029 2428 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
21:43:05.0029 2428 ============================================================
21:43:05.0069 2428 C: <-> \Device\Harddisk0\DR0\Partition1
21:43:05.0574 2428 D: <-> \Device\Harddisk1\DR1\Partition0
21:43:05.0597 2428 E: <-> \Device\Harddisk0\DR0\Partition2
21:43:05.0598 2428 Z: <-> \Device\Harddisk2\DR2\Partition0
21:43:05.0598 2428 ============================================================
21:43:05.0598 2428 Initialize success
21:43:05.0598 2428 ============================================================
21:44:54.0715 3860 ============================================================
21:44:54.0715 3860 Scan started
21:44:54.0715 3860 Mode: Manual;
21:44:54.0715 3860 ============================================================
21:44:55.0239 3860 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:44:55.0240 3860 !SASCORE - ok
21:44:55.0390 3860 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:44:55.0393 3860 1394ohci - ok
21:44:55.0396 3860 Suspicious service (NoAccess): 7ba6d9abd607b069
21:44:55.0430 3860 7ba6d9abd607b069 (f07742f9812cbc98448373267dcdadb1) C:\Windows\System32\Drivers\7ba6d9abd607b069.sys
21:44:55.0430 3860 Suspicious file (NoAccess): C:\Windows\System32\Drivers\7ba6d9abd607b069.sys. md5: f07742f9812cbc98448373267dcdadb1
21:44:55.0448 3860 7ba6d9abd607b069 ( LockedService.Multi.Generic ) - warning
21:44:55.0448 3860 7ba6d9abd607b069 - detected LockedService.Multi.Generic (1)
21:44:55.0485 3860 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:44:55.0488 3860 ACPI - ok
21:44:55.0515 3860 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:44:55.0516 3860 AcpiPmi - ok
21:44:55.0615 3860 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:44:55.0617 3860 AdobeFlashPlayerUpdateSvc - ok
21:44:55.0645 3860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:44:55.0651 3860 adp94xx - ok
21:44:55.0686 3860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:44:55.0690 3860 adpahci - ok
21:44:55.0706 3860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:44:55.0709 3860 adpu320 - ok
21:44:55.0740 3860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:44:55.0741 3860 AeLookupSvc - ok
21:44:55.0800 3860 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:44:55.0816 3860 AFD - ok
21:44:55.0834 3860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:44:55.0836 3860 agp440 - ok
21:44:55.0858 3860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:44:55.0860 3860 ALG - ok
21:44:55.0876 3860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:44:55.0877 3860 aliide - ok
21:44:55.0888 3860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:44:55.0889 3860 amdide - ok
21:44:55.0902 3860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:44:55.0903 3860 AmdK8 - ok
21:44:55.0915 3860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:44:55.0916 3860 AmdPPM - ok
21:44:55.0950 3860 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:44:55.0952 3860 amdsata - ok
21:44:55.0973 3860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:44:55.0975 3860 amdsbs - ok
21:44:56.0007 3860 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:44:56.0008 3860 amdxata - ok
21:44:56.0035 3860 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:44:56.0036 3860 AppID - ok
21:44:56.0052 3860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:44:56.0053 3860 AppIDSvc - ok
21:44:56.0070 3860 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:44:56.0071 3860 Appinfo - ok
21:44:56.0179 3860 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:56.0180 3860 Apple Mobile Device - ok
21:44:56.0215 3860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:44:56.0217 3860 arc - ok
21:44:56.0231 3860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:44:56.0232 3860 arcsas - ok
21:44:56.0343 3860 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:44:56.0344 3860 aspnet_state - ok
21:44:56.0375 3860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:56.0376 3860 AsyncMac - ok
21:44:56.0412 3860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:44:56.0412 3860 atapi - ok
21:44:56.0492 3860 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:44:56.0502 3860 AudioEndpointBuilder - ok
21:44:56.0519 3860 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:44:56.0524 3860 AudioSrv - ok
21:44:56.0583 3860 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:44:56.0585 3860 AxInstSV - ok
21:44:56.0625 3860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:44:56.0630 3860 b06bdrv - ok
21:44:56.0664 3860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:44:56.0667 3860 b57nd60a - ok
21:44:56.0767 3860 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:44:56.0769 3860 BBSvc - ok
21:44:56.0840 3860 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:44:56.0843 3860 BBUpdate - ok
21:44:56.0861 3860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:44:56.0862 3860 BDESVC - ok
21:44:56.0883 3860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:44:56.0884 3860 Beep - ok
21:44:56.0946 3860 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:44:56.0957 3860 BFE - ok
21:44:57.0035 3860 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:44:57.0042 3860 BITS - ok
21:44:57.0104 3860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:44:57.0105 3860 blbdrive - ok
21:44:57.0194 3860 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:44:57.0201 3860 Bonjour Service - ok
21:44:57.0246 3860 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:44:57.0247 3860 bowser - ok
21:44:57.0268 3860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:44:57.0269 3860 BrFiltLo - ok
21:44:57.0280 3860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:44:57.0281 3860 BrFiltUp - ok
21:44:57.0303 3860 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:44:57.0304 3860 Bridge - ok
21:44:57.0339 3860 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:44:57.0340 3860 BridgeMP - ok
21:44:57.0388 3860 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:44:57.0389 3860 Browser - ok
21:44:57.0409 3860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:44:57.0413 3860 Brserid - ok
21:44:57.0425 3860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:44:57.0426 3860 BrSerWdm - ok
21:44:57.0437 3860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:44:57.0438 3860 BrUsbMdm - ok
21:44:57.0449 3860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:44:57.0450 3860 BrUsbSer - ok
21:44:57.0464 3860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:57.0466 3860 BTHMODEM - ok
21:44:57.0517 3860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:44:57.0519 3860 bthserv - ok
21:44:57.0553 3860 catchme - ok
21:44:57.0580 3860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:44:57.0581 3860 cdfs - ok
21:44:57.0616 3860 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:44:57.0618 3860 cdrom - ok
21:44:57.0640 3860 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:44:57.0642 3860 CertPropSvc - ok
21:44:57.0660 3860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:44:57.0661 3860 circlass - ok
21:44:57.0697 3860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:44:57.0701 3860 CLFS - ok
21:44:57.0766 3860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:57.0768 3860 clr_optimization_v2.0.50727_32 - ok
21:44:57.0821 3860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:44:57.0823 3860 clr_optimization_v2.0.50727_64 - ok
21:44:57.0913 3860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:57.0915 3860 clr_optimization_v4.0.30319_32 - ok
21:44:57.0953 3860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:44:57.0955 3860 clr_optimization_v4.0.30319_64 - ok
21:44:58.0000 3860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:58.0001 3860 CmBatt - ok
21:44:58.0013 3860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:44:58.0014 3860 cmdide - ok
21:44:58.0074 3860 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:44:58.0081 3860 CNG - ok
21:44:58.0092 3860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:44:58.0093 3860 Compbatt - ok
21:44:58.0131 3860 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:44:58.0132 3860 CompositeBus - ok
21:44:58.0145 3860 COMSysApp - ok
21:44:58.0216 3860 cpuz130 - ok
21:44:58.0233 3860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:44:58.0234 3860 crcdisk - ok
21:44:58.0295 3860 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
21:44:58.0297 3860 CryptSvc - ok
21:44:58.0337 3860 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
21:44:58.0338 3860 dc3d - ok
21:44:58.0395 3860 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:44:58.0399 3860 DcomLaunch - ok
21:44:58.0444 3860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:44:58.0448 3860 defragsvc - ok
21:44:58.0492 3860 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:44:58.0494 3860 DfsC - ok
21:44:58.0553 3860 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:44:58.0557 3860 Dhcp - ok
21:44:58.0593 3860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:44:58.0594 3860 discache - ok
21:44:58.0628 3860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:44:58.0629 3860 Disk - ok
21:44:58.0682 3860 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:44:58.0685 3860 Dnscache - ok
21:44:58.0716 3860 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:44:58.0720 3860 dot3svc - ok
21:44:58.0752 3860 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:44:58.0755 3860 DPS - ok
21:44:58.0777 3860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:44:58.0778 3860 drmkaud - ok
21:44:58.0855 3860 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:44:58.0889 3860 DXGKrnl - ok
21:44:58.0939 3860 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
21:44:58.0943 3860 e1yexpress - ok
21:44:58.0971 3860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:44:58.0973 3860 EapHost - ok
21:44:59.0114 3860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:44:59.0188 3860 ebdrv - ok
21:44:59.0294 3860 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:44:59.0295 3860 EFS - ok
21:44:59.0378 3860 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:44:59.0388 3860 ehRecvr - ok
21:44:59.0423 3860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:44:59.0424 3860 ehSched - ok
21:44:59.0478 3860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:44:59.0492 3860 elxstor - ok
21:44:59.0563 3860 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
21:44:59.0565 3860 EpsonBidirectionalService - ok
21:44:59.0575 3860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:44:59.0576 3860 ErrDev - ok
21:44:59.0659 3860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:44:59.0662 3860 EventSystem - ok
21:44:59.0694 3860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:44:59.0696 3860 exfat - ok
21:44:59.0725 3860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:44:59.0728 3860 fastfat - ok
21:44:59.0779 3860 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:44:59.0789 3860 Fax - ok
21:44:59.0801 3860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:44:59.0802 3860 fdc - ok
21:44:59.0823 3860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:44:59.0824 3860 fdPHost - ok
21:44:59.0852 3860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:44:59.0853 3860 FDResPub - ok
21:44:59.0874 3860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:44:59.0875 3860 FileInfo - ok
21:44:59.0897 3860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:44:59.0898 3860 Filetrace - ok
21:44:59.0909 3860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:59.0910 3860 flpydisk - ok
21:44:59.0946 3860 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:44:59.0949 3860 FltMgr - ok
21:45:00.0027 3860 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:45:00.0057 3860 FontCache - ok
21:45:00.0123 3860 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:45:00.0124 3860 FontCache3.0.0.0 - ok
21:45:00.0155 3860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:45:00.0156 3860 FsDepends - ok
21:45:00.0202 3860 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\Windows\system32\DRIVERS\fssfltr.sys
21:45:00.0203 3860 fssfltr - ok
21:45:00.0321 3860 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:45:00.0330 3860 fsssvc - ok
21:45:00.0368 3860 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:00.0369 3860 Fs_Rec - ok
21:45:00.0417 3860 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:45:00.0419 3860 fvevol - ok
21:45:00.0444 3860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:45:00.0445 3860 gagp30kx - ok
21:45:00.0488 3860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:45:00.0489 3860 GEARAspiWDM - ok
21:45:00.0556 3860 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:45:00.0574 3860 gpsvc - ok
21:45:00.0682 3860 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:45:00.0700 3860 Greg_Service - ok
21:45:00.0783 3860 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:00.0784 3860 gupdate - ok
21:45:00.0794 3860 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:00.0795 3860 gupdatem - ok
21:45:00.0894 3860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:45:00.0895 3860 hcw85cir - ok
21:45:00.0932 3860 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:45:00.0936 3860 HdAudAddService - ok
21:45:00.0968 3860 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:45:00.0969 3860 HDAudBus - ok
21:45:00.0981 3860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:45:00.0982 3860 HidBatt - ok
21:45:01.0002 3860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:45:01.0004 3860 HidBth - ok
21:45:01.0041 3860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:45:01.0042 3860 HidIr - ok
21:45:01.0081 3860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:45:01.0082 3860 hidserv - ok
21:45:01.0120 3860 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:45:01.0121 3860 HidUsb - ok
21:45:01.0153 3860 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:45:01.0155 3860 hkmsvc - ok
21:45:01.0182 3860 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:45:01.0186 3860 HomeGroupListener - ok
21:45:01.0228 3860 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:45:01.0232 3860 HomeGroupProvider - ok
21:45:01.0246 3860 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:45:01.0247 3860 HpSAMD - ok
21:45:01.0310 3860 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:45:01.0318 3860 HTTP - ok
21:45:01.0337 3860 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:45:01.0337 3860 hwpolicy - ok
21:45:01.0362 3860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:45:01.0363 3860 i8042prt - ok
21:45:01.0445 3860 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:45:01.0448 3860 IAANTMON - ok
21:45:01.0518 3860 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:45:01.0523 3860 iaStor - ok
21:45:01.0572 3860 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:45:01.0577 3860 iaStorV - ok
21:45:01.0663 3860 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:45:01.0665 3860 IDriverT - ok
21:45:01.0750 3860 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:45:01.0766 3860 idsvc - ok
21:45:02.0173 3860 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:45:02.0366 3860 igfx - ok
21:45:02.0459 3860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:45:02.0460 3860 iirsp - ok
21:45:02.0540 3860 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:45:02.0556 3860 IKEEXT - ok
21:45:02.0618 3860 iLokDrvr (4acd420cb73bb482e3a8a7101ff1ab83) C:\Windows\system32\DRIVERS\iLokDrvr.sys
21:45:02.0619 3860 iLokDrvr - ok
21:45:02.0730 3860 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
21:45:02.0759 3860 IntcAzAudAddService - ok
21:45:02.0882 3860 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
21:45:02.0884 3860 IntcHdmiAddService - ok
21:45:02.0914 3860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:45:02.0915 3860 intelide - ok
21:45:02.0939 3860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:45:02.0939 3860 intelppm - ok
21:45:02.0985 3860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:45:02.0987 3860 IPBusEnum - ok
21:45:03.0024 3860 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:03.0025 3860 IpFilterDriver - ok
21:45:03.0095 3860 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:45:03.0102 3860 iphlpsvc - ok
21:45:03.0116 3860 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:45:03.0117 3860 IPMIDRV - ok
21:45:03.0133 3860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:45:03.0135 3860 IPNAT - ok
21:45:03.0250 3860 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
21:45:03.0256 3860 iPod Service - ok
21:45:03.0276 3860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:45:03.0277 3860 IRENUM - ok
21:45:03.0289 3860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:45:03.0290 3860 isapnp - ok
21:45:03.0323 3860 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:45:03.0326 3860 iScsiPrt - ok
21:45:03.0349 3860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:45:03.0350 3860 kbdclass - ok
21:45:03.0373 3860 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:45:03.0374 3860 kbdhid - ok
21:45:03.0416 3860 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:45:03.0417 3860 KeyIso - ok
21:45:03.0458 3860 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:45:03.0459 3860 KSecDD - ok
21:45:03.0481 3860 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:45:03.0483 3860 KSecPkg - ok
21:45:03.0496 3860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:45:03.0497 3860 ksthunk - ok
21:45:03.0552 3860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:45:03.0557 3860 KtmRm - ok
21:45:03.0617 3860 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:45:03.0621 3860 LanmanServer - ok
21:45:03.0677 3860 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:45:03.0680 3860 LanmanWorkstation - ok
21:45:03.0721 3860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:03.0723 3860 lltdio - ok
21:45:03.0770 3860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:45:03.0775 3860 lltdsvc - ok
21:45:03.0795 3860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:45:03.0797 3860 lmhosts - ok
21:45:03.0910 3860 LMIInfo - ok
21:45:03.0958 3860 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
21:45:03.0959 3860 lmimirr - ok
21:45:03.0971 3860 LMIRfsClientNP - ok
21:45:04.0010 3860 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:45:04.0011 3860 LMIRfsDriver - ok
21:45:04.0059 3860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:45:04.0061 3860 LSI_FC - ok
21:45:04.0076 3860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:45:04.0078 3860 LSI_SAS - ok
21:45:04.0090 3860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:45:04.0092 3860 LSI_SAS2 - ok
21:45:04.0106 3860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:45:04.0108 3860 LSI_SCSI - ok
21:45:04.0137 3860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:45:04.0138 3860 luafv - ok
21:45:04.0222 3860 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
21:45:04.0226 3860 McciCMService - ok
21:45:04.0255 3860 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:45:04.0258 3860 Mcx2Svc - ok
21:45:04.0269 3860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:45:04.0271 3860 megasas - ok
21:45:04.0291 3860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:45:04.0294 3860 MegaSR - ok
21:45:04.0390 3860 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:45:04.0391 3860 Microsoft Office Groove Audit Service - ok
21:45:04.0431 3860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:04.0434 3860 MMCSS - ok
21:45:04.0447 3860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:45:04.0449 3860 Modem - ok
21:45:04.0482 3860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:45:04.0482 3860 monitor - ok
21:45:04.0500 3860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:45:04.0502 3860 mouclass - ok
21:45:04.0526 3860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:04.0527 3860 mouhid - ok
21:45:04.0549 3860 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:45:04.0550 3860 mountmgr - ok
21:45:04.0603 3860 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:45:04.0605 3860 MpFilter - ok
21:45:04.0637 3860 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:45:04.0639 3860 mpio - ok
21:45:04.0671 3860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:45:04.0672 3860 mpsdrv - ok
21:45:04.0768 3860 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:45:04.0785 3860 MpsSvc - ok
21:45:04.0864 3860 MREMP50 - ok
21:45:04.0918 3860 MREMP50a64 - ok
21:45:04.0929 3860 MREMPR5 - ok
21:45:04.0940 3860 MRENDIS5 - ok
21:45:04.0956 3860 MRESP50 - ok
21:45:04.0968 3860 MRESP50a64 - ok
21:45:05.0001 3860 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:45:05.0003 3860 MRxDAV - ok
21:45:05.0039 3860 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:05.0041 3860 mrxsmb - ok
21:45:05.0085 3860 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:05.0088 3860 mrxsmb10 - ok
21:45:05.0113 3860 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:05.0114 3860 mrxsmb20 - ok
21:45:05.0143 3860 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:45:05.0144 3860 msahci - ok
21:45:05.0171 3860 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:45:05.0174 3860 msdsm - ok
21:45:05.0202 3860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:45:05.0206 3860 MSDTC - ok
21:45:05.0246 3860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:45:05.0247 3860 Msfs - ok
21:45:05.0267 3860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:45:05.0268 3860 mshidkmdf - ok
21:45:05.0301 3860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:45:05.0302 3860 msisadrv - ok
21:45:05.0354 3860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:45:05.0357 3860 MSiSCSI - ok
21:45:05.0370 3860 msiserver - ok
21:45:05.0406 3860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:05.0407 3860 MSKSSRV - ok
21:45:05.0506 3860 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:45:05.0507 3860 MsMpSvc - ok
21:45:05.0526 3860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:05.0527 3860 MSPCLOCK - ok
21:45:05.0538 3860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:45:05.0539 3860 MSPQM - ok
21:45:05.0577 3860 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:45:05.0581 3860 MsRPC - ok
21:45:05.0615 3860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:45:05.0615 3860 mssmbios - ok
21:45:05.0635 3860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:45:05.0636 3860 MSTEE - ok
21:45:05.0653 3860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:45:05.0655 3860 MTConfig - ok
21:45:05.0687 3860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:45:05.0687 3860 Mup - ok
21:45:05.0733 3860 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:45:05.0733 3860 mwlPSDFilter - ok
21:45:05.0749 3860 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:45:05.0750 3860 mwlPSDNServ - ok
21:45:05.0763 3860 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:45:05.0765 3860 mwlPSDVDisk - ok
21:45:05.0827 3860 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:45:05.0830 3860 MWLService - ok
21:45:05.0884 3860 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:45:05.0900 3860 napagent - ok
21:45:05.0933 3860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:05.0937 3860 NativeWifiP - ok
21:45:05.0996 3860 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:45:06.0002 3860 NDIS - ok
21:45:06.0035 3860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:45:06.0037 3860 NdisCap - ok
21:45:06.0048 3860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:06.0049 3860 NdisTapi - ok
21:45:06.0063 3860 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:06.0064 3860 Ndisuio - ok
21:45:06.0096 3860 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:06.0098 3860 NdisWan - ok
21:45:06.0117 3860 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:45:06.0118 3860 NDProxy - ok
21:45:06.0212 3860 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:45:06.0251 3860 Nero BackItUp Scheduler 4.0 - ok
21:45:06.0269 3860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:45:06.0270 3860 NetBIOS - ok
21:45:06.0315 3860 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:45:06.0319 3860 NetBT - ok
21:45:06.0360 3860 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:45:06.0361 3860 Netlogon - ok
21:45:06.0419 3860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:45:06.0423 3860 Netman - ok
21:45:06.0530 3860 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:06.0532 3860 NetMsmqActivator - ok
21:45:06.0563 3860 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:06.0565 3860 NetPipeActivator - ok
21:45:06.0611 3860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:45:06.0628 3860 netprofm - ok
21:45:06.0644 3860 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:06.0646 3860 NetTcpActivator - ok
21:45:06.0670 3860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:06.0671 3860 NetTcpPortSharing - ok
21:45:06.0729 3860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:45:06.0730 3860 nfrd960 - ok
21:45:06.0777 3860 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:45:06.0779 3860 NisDrv - ok
21:45:06.0866 3860 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
21:45:06.0870 3860 NisSrv - ok
21:45:06.0929 3860 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:45:06.0933 3860 NlaSvc - ok
21:45:06.0959 3860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:45:06.0959 3860 Npfs - ok
21:45:06.0985 3860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:45:06.0987 3860 nsi - ok
21:45:07.0007 3860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:45:07.0008 3860 nsiproxy - ok
21:45:07.0121 3860 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:45:07.0135 3860 Ntfs - ok
21:45:07.0197 3860 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:45:07.0198 3860 NTI IScheduleSvc - ok
21:45:07.0280 3860 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:45:07.0281 3860 NTIDrvr - ok
21:45:07.0322 3860 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:45:07.0323 3860 NuidFltr - ok
21:45:07.0352 3860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:45:07.0352 3860 Null - ok
21:45:07.0397 3860 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:45:07.0400 3860 nvraid - ok
21:45:07.0433 3860 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:45:07.0435 3860 nvstor - ok
21:45:07.0460 3860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:45:07.0461 3860 nv_agp - ok
21:45:07.0556 3860 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:45:07.0561 3860 odserv - ok
21:45:07.0574 3860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:45:07.0576 3860 ohci1394 - ok
21:45:07.0611 3860 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:07.0613 3860 ose - ok
21:45:07.0660 3860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:07.0665 3860 p2pimsvc - ok
21:45:07.0714 3860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:45:07.0721 3860 p2psvc - ok
21:45:07.0745 3860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:45:07.0747 3860 Parport - ok
21:45:07.0793 3860 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:45:07.0794 3860 partmgr - ok
21:45:07.0823 3860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:45:07.0827 3860 PcaSvc - ok
21:45:07.0856 3860 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:45:07.0858 3860 pci - ok
21:45:07.0885 3860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:45:07.0886 3860 pciide - ok
21:45:07.0914 3860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:45:07.0917 3860 pcmcia - ok
21:45:07.0941 3860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:45:07.0942 3860 pcw - ok
21:45:07.0988 3860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:45:07.0999 3860 PEAUTH - ok
21:45:08.0072 3860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:45:08.0074 3860 PerfHost - ok
21:45:08.0212 3860 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:45:08.0234 3860 pla - ok
21:45:08.0290 3860 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:45:08.0298 3860 PlugPlay - ok
21:45:08.0341 3860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:45:08.0343 3860 PNRPAutoReg - ok
21:45:08.0382 3860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:08.0386 3860 PNRPsvc - ok
21:45:08.0438 3860 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:45:08.0453 3860 PolicyAgent - ok
21:45:08.0489 3860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:45:08.0492 3860 Power - ok
21:45:08.0540 3860 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:08.0542 3860 PptpMiniport - ok
21:45:08.0600 3860 PRISM_A02 (0e849bcc9c717770ef0a5d7f1ec35ead) C:\Windows\system32\DRIVERS\PRISMA02.sys
21:45:08.0605 3860 PRISM_A02 - ok
21:45:08.0643 3860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:45:08.0645 3860 Processor - ok
21:45:08.0696 3860 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
21:45:08.0700 3860 ProfSvc - ok
21:45:08.0737 3860 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:45:08.0739 3860 ProtectedStorage - ok
21:45:08.0769 3860 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:45:08.0770 3860 Psched - ok
21:45:08.0827 3860 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:45:08.0828 3860 PxHlpa64 - ok
21:45:08.0902 3860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:45:08.0920 3860 ql2300 - ok
21:45:08.0994 3860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:45:08.0996 3860 ql40xx - ok
21:45:09.0042 3860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:45:09.0047 3860 QWAVE - ok
21:45:09.0067 3860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:45:09.0068 3860 QWAVEdrv - ok
21:45:09.0080 3860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:45:09.0081 3860 RasAcd - ok
21:45:09.0115 3860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:45:09.0117 3860 RasAgileVpn - ok
21:45:09.0136 3860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:45:09.0139 3860 RasAuto - ok
21:45:09.0167 3860 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:45:09.0169 3860 Rasl2tp - ok
21:45:09.0210 3860 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:45:09.0215 3860 RasMan - ok
21:45:09.0243 3860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:45:09.0245 3860 RasPppoe - ok
21:45:09.0263 3860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:45:09.0265 3860 RasSstp - ok
21:45:09.0296 3860 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:45:09.0300 3860 rdbss - ok
21:45:09.0319 3860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:45:09.0320 3860 rdpbus - ok
21:45:09.0339 3860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:45:09.0340 3860 RDPCDD - ok
21:45:09.0364 3860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:45:09.0365 3860 RDPENCDD - ok
21:45:09.0385 3860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:45:09.0386 3860 RDPREFMP - ok
21:45:09.0433 3860 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
21:45:09.0435 3860 RDPWD - ok
21:45:09.0466 3860 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:45:09.0469 3860 rdyboost - ok
21:45:09.0497 3860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:45:09.0500 3860 RemoteAccess - ok
21:45:09.0531 3860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:45:09.0534 3860 RemoteRegistry - ok
21:45:09.0564 3860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:45:09.0566 3860 RpcEptMapper - ok
21:45:09.0602 3860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:45:09.0603 3860 RpcLocator - ok
21:45:09.0650 3860 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:45:09.0654 3860 RpcSs - ok
21:45:09.0683 3860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:45:09.0685 3860 rspndr - ok
21:45:09.0726 3860 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:45:09.0728 3860 SamSs - ok
21:45:09.0822 3860 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:45:09.0822 3860 SASDIFSV - ok
21:45:09.0840 3860 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:45:09.0841 3860 SASKUTIL - ok
21:45:09.0877 3860 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:45:09.0879 3860 sbp2port - ok
21:45:09.0906 3860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:45:09.0910 3860 SCardSvr - ok
21:45:09.0925 3860 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:45:09.0926 3860 scfilter - ok
21:45:10.0015 3860 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:45:10.0056 3860 Schedule - ok
21:45:10.0088 3860 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:45:10.0089 3860 SCPolicySvc - ok
21:45:10.0132 3860 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:45:10.0136 3860 SDRSVC - ok
21:45:10.0169 3860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:45:10.0170 3860 secdrv - ok
21:45:10.0200 3860 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:45:10.0202 3860 seclogon - ok
21:45:10.0231 3860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:45:10.0234 3860 SENS - ok
21:45:10.0250 3860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:45:10.0252 3860 SensrSvc - ok
21:45:10.0263 3860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:45:10.0264 3860 Serenum - ok
21:45:10.0278 3860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:45:10.0280 3860 Serial - ok
21:45:10.0291 3860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:45:10.0292 3860 sermouse - ok
21:45:10.0332 3860 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:45:10.0335 3860 SessionEnv - ok
21:45:10.0347 3860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:45:10.0348 3860 sffdisk - ok
21:45:10.0360 3860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:45:10.0361 3860 sffp_mmc - ok
21:45:10.0372 3860 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:45:10.0373 3860 sffp_sd - ok
21:45:10.0385 3860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:45:10.0386 3860 sfloppy - ok
21:45:10.0440 3860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:45:10.0445 3860 SharedAccess - ok
21:45:10.0490 3860 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:45:10.0493 3860 ShellHWDetection - ok
21:45:10.0519 3860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:45:10.0520 3860 SiSRaid2 - ok
21:45:10.0533 3860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:45:10.0534 3860 SiSRaid4 - ok
21:45:10.0548 3860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:45:10.0550 3860 Smb - ok
21:45:10.0578 3860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:45:10.0581 3860 SNMPTRAP - ok
21:45:10.0603 3860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:45:10.0603 3860 spldr - ok
21:45:10.0663 3860 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:45:10.0668 3860 Spooler - ok
21:45:10.0857 3860 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:45:10.0917 3860 sppsvc - ok
21:45:11.0001 3860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:45:11.0004 3860 sppuinotify - ok
21:45:11.0103 3860 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
21:45:11.0131 3860 sptd - ok
21:45:11.0196 3860 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:45:11.0204 3860 srv - ok
21:45:11.0248 3860 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:45:11.0252 3860 srv2 - ok
21:45:11.0297 3860 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:45:11.0299 3860 srvnet - ok
21:45:11.0329 3860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:45:11.0333 3860 SSDPSRV - ok
21:45:11.0359 3860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:45:11.0362 3860 SstpSvc - ok
21:45:11.0406 3860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:45:11.0407 3860 stexstor - ok
21:45:11.0476 3860 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:45:11.0489 3860 stisvc - ok
21:45:11.0504 3860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:45:11.0505 3860 swenum - ok
21:45:11.0633 3860 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:45:11.0648 3860 SwitchBoard - ok
21:45:11.0701 3860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:45:11.0717 3860 swprv - ok
21:45:11.0820 3860 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:45:11.0842 3860 SysMain - ok
21:45:11.0913 3860 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:45:11.0917 3860 TabletInputService - ok
21:45:11.0956 3860 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:45:11.0960 3860 TapiSrv - ok
21:45:11.0984 3860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:45:11.0986 3860 TBS - ok
21:45:12.0115 3860 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:45:12.0144 3860 Tcpip - ok
21:45:12.0254 3860 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:45:12.0265 3860 TCPIP6 - ok
21:45:12.0325 3860 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:45:12.0326 3860 tcpipreg - ok
21:45:12.0354 3860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:45:12.0355 3860 TDPIPE - ok
21:45:12.0394 3860 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:45:12.0395 3860 TDTCP - ok
21:45:12.0423 3860 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:45:12.0424 3860 tdx - ok
21:45:12.0443 3860 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:45:12.0444 3860 TermDD - ok
21:45:12.0501 3860 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:45:12.0506 3860 TermService - ok
21:45:12.0537 3860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:45:12.0539 3860 Themes - ok
21:45:12.0576 3860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:12.0578 3860 THREADORDER - ok
21:45:12.0644 3860 Tpkd (35513b8b4f7a93b0616bcfc606b468bb) C:\Windows\system32\drivers\Tpkd.sys
21:45:12.0645 3860 Tpkd - ok
21:45:12.0675 3860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:45:12.0678 3860 TrkWks - ok
21:45:12.0742 3860 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:45:12.0744 3860 TrustedInstaller - ok
21:45:12.0780 3860 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:12.0781 3860 tssecsrv - ok
21:45:12.0801 3860 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:45:12.0803 3860 tunnel - ok
21:45:12.0830 3860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:45:12.0831 3860 uagp35 - ok
21:45:12.0858 3860 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:45:12.0859 3860 UBHelper - ok
21:45:12.0896 3860 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:45:12.0900 3860 udfs - ok
21:45:12.0938 3860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:45:12.0941 3860 UI0Detect - ok
21:45:12.0955 3860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:45:12.0956 3860 uliagpkx - ok
21:45:12.0978 3860 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:45:12.0979 3860 umbus - ok
21:45:12.0991 3860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:45:12.0992 3860 UmPass - ok
21:45:13.0065 3860 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:45:13.0067 3860 Updater Service - ok
21:45:13.0105 3860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:45:13.0111 3860 upnphost - ok
21:45:13.0161 3860 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:45:13.0161 3860 USBAAPL64 - ok
21:45:13.0199 3860 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:45:13.0201 3860 usbaudio - ok
21:45:13.0231 3860 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:13.0232 3860 usbccgp - ok
21:45:13.0247 3860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:45:13.0249 3860 usbcir - ok
21:45:13.0277 3860 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:45:13.0279 3860 usbehci - ok
21:45:13.0333 3860 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:45:13.0333 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: e7df1cfd28ca86b35ef5add0735ceef3
21:45:13.0351 3860 usbhub ( LockedFile.Multi.Generic ) - warning
21:45:13.0351 3860 usbhub - detected LockedFile.Multi.Generic (1)
21:45:13.0383 3860 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:45:13.0383 3860 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: f1bb1e55f1e7a65c5839ccc7b36d773e
21:45:13.0387 3860 usbohci ( LockedFile.Multi.Generic ) - warning
21:45:13.0387 3860 usbohci - detected LockedFile.Multi.Generic (1)
21:45:13.0411 3860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:45:13.0412 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
21:45:13.0414 3860 usbprint ( LockedFile.Multi.Generic ) - warning
21:45:13.0414 3860 usbprint - detected LockedFile.Multi.Generic (1)
21:45:13.0454 3860 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:45:13.0454 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: f39983647bc1f3e6100778ddfe9dce29
21:45:13.0457 3860 USBSTOR ( LockedFile.Multi.Generic ) - warning
21:45:13.0457 3860 USBSTOR - detected LockedFile.Multi.Generic (1)
21:45:13.0502 3860 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:45:13.0503 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: bc3070350a491d84b518d7cca9abd36f
21:45:13.0506 3860 usbuhci ( LockedFile.Multi.Generic ) - warning
21:45:13.0506 3860 usbuhci - detected LockedFile.Multi.Generic (1)
21:45:13.0544 3860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:45:13.0547 3860 UxSms - ok
21:45:13.0582 3860 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:45:13.0584 3860 VaultSvc - ok
21:45:13.0599 3860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:45:13.0599 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
21:45:13.0602 3860 vdrvroot ( LockedFile.Multi.Generic ) - warning
21:45:13.0602 3860 vdrvroot - detected LockedFile.Multi.Generic (1)
21:45:13.0642 3860 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:45:13.0657 3860 vds - ok
21:45:13.0682 3860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:13.0682 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
21:45:13.0688 3860 vga ( LockedFile.Multi.Generic ) - warning
21:45:13.0688 3860 vga - detected LockedFile.Multi.Generic (1)
21:45:13.0702 3860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:45:13.0702 3860 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
21:45:13.0707 3860 VgaSave ( LockedFile.Multi.Generic ) - warning
21:45:13.0707 3860 VgaSave - detected LockedFile.Multi.Generic (1)
21:45:13.0727 3860 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:45:13.0727 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: c82e748660f62a242b2dfac1442f22a4
21:45:13.0731 3860 vhdmp ( LockedFile.Multi.Generic ) - warning
21:45:13.0731 3860 vhdmp - detected LockedFile.Multi.Generic (1)
21:45:13.0743 3860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:45:13.0743 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
21:45:13.0746 3860 viaide ( LockedFile.Multi.Generic ) - warning
21:45:13.0746 3860 viaide - detected LockedFile.Multi.Generic (1)
21:45:13.0775 3860 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:45:13.0775 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2b1a3dae2b4e70dbba822b7a03fbd4a3
21:45:13.0778 3860 volmgr ( LockedFile.Multi.Generic ) - warning
21:45:13.0778 3860 volmgr - detected LockedFile.Multi.Generic (1)
21:45:13.0814 3860 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:45:13.0814 3860 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: 99b0cbb569ca79acaed8c91461d765fb
21:45:13.0818 3860 volmgrx ( LockedFile.Multi.Generic ) - warning
21:45:13.0818 3860 volmgrx - detected LockedFile.Multi.Generic (1)
21:45:13.0848 3860 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:45:13.0848 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58f82eed8ca24b461441f9c3e4f0bf5c
21:45:13.0852 3860 volsnap ( LockedFile.Multi.Generic ) - warning
21:45:13.0852 3860 volsnap - detected LockedFile.Multi.Generic (1)
21:45:13.0887 3860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:45:13.0887 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
21:45:13.0892 3860 vsmraid ( LockedFile.Multi.Generic ) - warning
21:45:13.0892 3860 vsmraid - detected LockedFile.Multi.Generic (1)
21:45:13.0965 3860 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:45:14.0028 3860 VSS - ok
21:45:14.0127 3860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:45:14.0129 3860 vwifibus - ok
21:45:14.0165 3860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:45:14.0171 3860 W32Time - ok
21:45:14.0187 3860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:45:14.0188 3860 WacomPen - ok
21:45:14.0221 3860 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:14.0223 3860 WANARP - ok
21:45:14.0233 3860 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:14.0234 3860 Wanarpv6 - ok
21:45:14.0362 3860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:45:14.0377 3860 WatAdminSvc - ok
21:45:14.0479 3860 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:45:14.0497 3860 wbengine - ok
21:45:14.0597 3860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:45:14.0601 3860 WbioSrvc - ok
21:45:14.0664 3860 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:45:14.0670 3860 wcncsvc - ok
21:45:14.0699 3860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:45:14.0702 3860 WcsPlugInService - ok
21:45:14.0753 3860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:45:14.0754 3860 Wd - ok
21:45:14.0826 3860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:45:14.0827 3860 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
21:45:14.0839 3860 Wdf01000 ( LockedFile.Multi.Generic ) - warning
21:45:14.0839 3860 Wdf01000 - detected LockedFile.Multi.Generic (1)
21:45:14.0874 3860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:45:14.0877 3860 WdiServiceHost - ok
21:45:14.0891 3860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:45:14.0894 3860 WdiSystemHost - ok
21:45:14.0953 3860 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:45:14.0958 3860 WebClient - ok
21:45:14.0995 3860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:45:15.0000 3860 Wecsvc - ok
21:45:15.0031 3860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:45:15.0034 3860 wercplsupport - ok
21:45:15.0064 3860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:45:15.0067 3860 WerSvc - ok
21:45:15.0084 3860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:45:15.0084 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
21:45:15.0088 3860 WfpLwf ( LockedFile.Multi.Generic ) - warning
21:45:15.0088 3860 WfpLwf - detected LockedFile.Multi.Generic (1)
21:45:15.0116 3860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:45:15.0116 3860 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
21:45:15.0120 3860 WIMMount ( LockedFile.Multi.Generic ) - warning
21:45:15.0120 3860 WIMMount - detected LockedFile.Multi.Generic (1)
21:45:15.0192 3860 WinDefend - ok
21:45:15.0235 3860 WinHttpAutoProxySvc - ok
21:45:15.0302 3860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:45:15.0305 3860 Winmgmt - ok
21:45:15.0401 3860 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:45:15.0427 3860 WinRM - ok
21:45:15.0548 3860 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:45:15.0549 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 817eaff5d38674edd7713b9dfb8e9791
21:45:15.0561 3860 WinUsb ( LockedFile.Multi.Generic ) - warning
21:45:15.0561 3860 WinUsb - detected LockedFile.Multi.Generic (1)
21:45:15.0623 3860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:45:15.0638 3860 Wlansvc - ok
21:45:15.0687 3860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:45:15.0687 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
21:45:15.0690 3860 WmiAcpi ( LockedFile.Multi.Generic ) - warning
21:45:15.0690 3860 WmiAcpi - detected LockedFile.Multi.Generic (1)
21:45:15.0733 3860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:45:15.0736 3860 wmiApSrv - ok
21:45:15.0781 3860 WMPNetworkSvc - ok
21:45:15.0804 3860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:45:15.0807 3860 WPCSvc - ok
21:45:15.0841 3860 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:45:15.0845 3860 WPDBusEnum - ok
21:45:15.0864 3860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:45:15.0865 3860 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
21:45:15.0869 3860 ws2ifsl ( LockedFile.Multi.Generic ) - warning
21:45:15.0869 3860 ws2ifsl - detected LockedFile.Multi.Generic (1)
21:45:15.0936 3860 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:45:15.0940 3860 wscsvc - ok
21:45:15.0952 3860 WSearch - ok
21:45:16.0110 3860 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
21:45:16.0169 3860 wuauserv - ok
21:45:16.0272 3860 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:45:16.0272 3860 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: 7cadc74271dd6461c452c271b30bd378
21:45:16.0276 3860 WudfPf ( LockedFile.Multi.Generic ) - warning
21:45:16.0276 3860 WudfPf - detected LockedFile.Multi.Generic (1)
21:45:16.0305 3860 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:16.0305 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3b197af0fff08aa66b6b2241ca538d64
21:45:16.0308 3860 WUDFRd ( LockedFile.Multi.Generic ) - warning
21:45:16.0308 3860 WUDFRd - detected LockedFile.Multi.Generic (1)
21:45:16.0354 3860 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:45:16.0357 3860 wudfsvc - ok
21:45:16.0396 3860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:45:16.0400 3860 WwanSvc - ok
21:45:16.0441 3860 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
21:45:16.0442 3860 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\xusb21.sys. md5: 2ee48cfce7ca8e0db4c44c7476c0943b
21:45:16.0446 3860 xusb21 ( LockedFile.Multi.Generic ) - warning
21:45:16.0446 3860 xusb21 - detected LockedFile.Multi.Generic (1)
21:45:16.0469 3860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:45:16.0642 3860 \Device\Harddisk0\DR0 - ok
21:45:16.0646 3860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:45:16.0648 3860 \Device\Harddisk1\DR1 - ok
21:45:16.0652 3860 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
21:45:16.0655 3860 \Device\Harddisk2\DR2 - ok
21:45:16.0658 3860 Boot (0x1200) (9b60eb9a0223a64123139818ebcc7f67) \Device\Harddisk0\DR0\Partition0
21:45:16.0660 3860 \Device\Harddisk0\DR0\Partition0 - ok
21:45:16.0669 3860 Boot (0x1200) (f0bf43c4776e8a2022c7d4fd15e1658e) \Device\Harddisk0\DR0\Partition1
21:45:16.0671 3860 \Device\Harddisk0\DR0\Partition1 - ok
21:45:16.0695 3860 Boot (0x1200) (8f1fd66c6408af88c268159f41cd1bfb) \Device\Harddisk0\DR0\Partition2
21:45:16.0696 3860 \Device\Harddisk0\DR0\Partition2 - ok
21:45:16.0699 3860 Boot (0x1200) (52da18430a3a76b0f585dbfc7c447a2e) \Device\Harddisk1\DR1\Partition0
21:45:16.0700 3860 \Device\Harddisk1\DR1\Partition0 - ok
21:45:16.0704 3860 Boot (0x1200) (6d7712c7aa56575d7352318770507d46) \Device\Harddisk2\DR2\Partition0
21:45:16.0705 3860 \Device\Harddisk2\DR2\Partition0 - ok
21:45:16.0706 3860 ============================================================
21:45:16.0706 3860 Scan finished
21:45:16.0706 3860 ============================================================
21:45:16.0715 2972 Detected object count: 24
21:45:16.0715 2972 Actual detected object count: 24
21:45:32.0167 2972 7ba6d9abd607b069 ( LockedService.Multi.Generic ) - skipped by user
21:45:32.0168 2972 7ba6d9abd607b069 ( LockedService.Multi.Generic ) - User select action: Skip
21:45:32.0169 2972 usbhub ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0170 2972 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0172 2972 usbohci ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0172 2972 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0174 2972 usbprint ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0174 2972 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0176 2972 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0176 2972 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0178 2972 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0178 2972 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0179 2972 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0179 2972 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0181 2972 vga ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0181 2972 vga ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0183 2972 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0183 2972 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0185 2972 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0185 2972 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0186 2972 viaide ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0186 2972 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0189 2972 volmgr ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0189 2972 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0191 2972 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0191 2972 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0193 2972 volsnap ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0193 2972 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0194 2972 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0194 2972 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0196 2972 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0196 2972 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0198 2972 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0198 2972 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0199 2972 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0199 2972 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0201 2972 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0201 2972 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0202 2972 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0202 2972 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0204 2972 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0204 2972 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0206 2972 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0206 2972 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0208 2972 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0208 2972 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
21:45:32.0210 2972 xusb21 ( LockedFile.Multi.Generic ) - skipped by user
21:45:32.0210 2972 xusb21 ( LockedFile.Multi.Generic ) - User select action: Skip

#10 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 June 2012 - 04:15 PM

... and here is the requested log for aswMBR. Many thanks!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 21:51:06
-----------------------------
21:51:06.123 OS Version: Windows x64 6.1.7600
21:51:06.123 Number of processors: 4 586 0x170A
21:51:06.124 ComputerName: DARKSTARONE UserName: Paul Barnes
21:51:06.747 Initialze error C0000001 - driver not loaded
21:51:58.175 AVAST engine defs: 12062701
21:52:13.601 Service scanning
21:52:14.159 Service 7ba6d9abd607b069 C:\Windows\System32\Drivers\7ba6d9abd607b069.sys **HIDDEN**
21:52:29.212 Modules scanning
21:52:29.216 Disk 0 trace - called modules:
21:52:29.218
21:52:30.390 AVAST engine scan C:\Windows
21:52:32.741 AVAST engine scan C:\Windows\system32
21:54:46.041 AVAST engine scan C:\Windows\system32\drivers
21:54:54.653 AVAST engine scan C:\Users\Paul Barnes
22:11:08.503 AVAST engine scan C:\ProgramData
22:11:59.523 Scan finished successfully
22:12:17.541 The log file has been saved successfully to "C:\Users\Paul Barnes\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 27 June 2012 - 06:01 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 28 June 2012 - 01:43 AM

Hi Gringo
Ok, one report for you. I did have a few issues trying to get this done - Notepad wouldn't let me save the CFScript.txt to the desktop for some reason. I clicked save and it would just hang there unresponsive. So, I saved it as 123.txt on my documents, then renamed and copied it to my desktop so I could continue. I hope that was ok!
Also, ComboFix had to update before I began. I don't know if this has any relevance or not, just for reference.

After running the script, Windows Firewall is now running in the Services window! However, I can't get it to update security settings. When I went to open Firewall through the start menu on a search, Windows Explorer crashed.

I'm afraid I've run out of time to do anymore now, I will do another check when I get home tonight. In the meantime, here is the log. Many thanks for your continued support!


ComboFix 12-06-28.01 - Paul Barnes 28/06/2012 7:17.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6013.4251 [GMT 1:00]
Running from: c:\users\Paul Barnes\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul Barnes\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\_ctypes.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\_elementtree.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\_hashlib.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\_socket.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\_ssl.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\pyexpat.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\pysqlite2._sqlite.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\python26.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\pythoncom26.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\PyWinTypes26.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\select.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\unicodedata.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32api.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32com.shell.shell.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32crypt.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32event.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32file.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32inet.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32pdh.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\win32process.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\windows._cacheinvalidation.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._controls_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._core_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._gdi_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._html2.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._misc_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._windows_.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wx._wizard.pyd
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wxbase293u_net_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wxbase293u_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wxmsw293u_adv_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wxmsw293u_core_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wxmsw293u_html_vc.dll
c:\users\Paul Barnes\AppData\Local\Temp\_MEI32802\wxmsw293u_webview_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\_ctypes.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\_elementtree.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\_hashlib.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\_socket.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\_ssl.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\pyexpat.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\pysqlite2._sqlite.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\python26.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\pythoncom26.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\PyWinTypes26.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\select.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\unicodedata.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32api.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32com.shell.shell.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32crypt.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32event.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32file.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32inet.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32pdh.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\win32process.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\windows._cacheinvalidation.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._controls_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._core_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._gdi_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._html2.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._misc_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._windows_.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wx._wizard.pyd
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wxbase293u_net_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wxbase293u_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wxmsw293u_adv_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wxmsw293u_core_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wxmsw293u_html_vc.dll
c:\users\PAULBA~1\AppData\Local\Temp\_MEI32802\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 06:24 . 2012-06-28 06:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3A65973-7CFE-499E-8DC9-97CAA2F3B877}\offreg.dll
2012-06-28 06:23 . 2012-06-28 06:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-28 06:23 . 2012-06-28 06:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 21:36 . 2012-06-25 21:36 -------- d-----w- c:\users\Paul Barnes\AppData\Roaming\SUPERAntiSpyware.com
2012-06-25 21:36 . 2012-06-26 17:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-25 21:36 . 2012-06-25 21:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-25 21:08 . 2012-06-18 02:12 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3A65973-7CFE-499E-8DC9-97CAA2F3B877}\mpengine.dll
2012-06-25 20:40 . 2012-06-26 17:24 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-25 16:12 . 2012-06-25 16:12 -------- d-----w- c:\users\Paul Barnes\AppData\Local\ElevatedDiagnostics
2012-06-25 16:02 . 2012-06-25 16:02 328704 ----a-w- c:\windows\system32\services.exe.9A782693A1E00B67
2012-06-25 15:58 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9FB576F-27FA-4E0B-A019-E1A97DE10263}\gapaengine.dll
2012-06-25 15:58 . 2012-06-18 02:12 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 15:56 . 2012-06-26 17:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 15:56 . 2012-06-26 17:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 15:08 . 2012-06-22 15:08 -------- d-----w- c:\users\Paul Barnes\AppData\Roaming\Malwarebytes
2012-06-22 15:08 . 2012-06-26 17:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 15:08 . 2012-06-22 15:08 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:08 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 06:12 . 2012-06-21 06:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 16:34 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D277D120-B2E8-47C4-8530-521BFD47A77D}\mpengine.dll
2012-06-14 16:46 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:33 . 2012-06-13 15:34 -------- d-----w- c:\program files\iTunes
2012-06-13 15:33 . 2012-06-13 15:33 -------- d-----w- c:\program files\iPod
2012-06-05 15:30 . 2012-06-05 15:32 -------- d-----w- c:\program files (x86)\Crusader Kings II 105b
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 19:13 . 2012-05-06 13:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 19:13 . 2011-07-19 15:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 05:53 . 2012-04-04 05:53 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-04 05:53 . 2012-04-04 05:53 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-03-30 11:09 . 2012-05-12 00:08 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_15.58.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 01:29 . 2012-06-28 06:27 63150 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 06:27 33516 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-15 14:42 . 2012-06-28 06:06 18520 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1727881459-313387097-2382810383-1000_UserData.bin
- 2009-07-14 05:30 . 2012-06-13 15:32 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-27 18:34 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-28 06:24 . 2012-06-28 06:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 15:56 . 2012-06-27 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 15:56 . 2012-06-27 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-28 06:24 . 2012-06-28 06:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-28 06:10 675444 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-26 17:30 675444 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-26 17:30 130338 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-28 06:10 130338 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-06-27 18:34 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-13 15:32 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:01 . 2012-06-27 15:55 541760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-28 06:24 541760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-28 06:05 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\28-06-2012\ERDNT.EXE
+ 2012-06-28 06:05 . 2012-06-28 06:05 6930432 c:\windows\ERDNT\AutoBackup\28-06-2012\Users\00000001\ntuser.dat
- 2009-07-14 02:34 . 2012-06-25 20:16 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-27 20:33 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-05-04 22:59 . 2012-06-28 06:24 12775440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1727881459-313387097-2382810383-1000-12288.dat
+ 2012-06-28 06:05 . 2012-06-28 06:05 10207232 c:\windows\ERDNT\AutoBackup\28-06-2012\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="e:\program files (x86)\Adobe Bridge CS5.1\Bridge.exe" [2011-03-02 12008296]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-13 12163568]
"PeerBlock"="e:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-29 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-09-29 181480]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="e:\program files (x86)\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="e:\program files (x86)\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Paul Barnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Logitech Touch Mouse Server.lnk - c:\program files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 178688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 116648]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 cpuz130;cpuz130;c:\users\PAULBA~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 116648]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-15 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2009-12-23 77656]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 7ba6d9abd607b069
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 19:13]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 21:12]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 21:12]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1727881459-313387097-2382810383-1000Core.job
- c:\users\Paul Barnes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 22:37]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1727881459-313387097-2382810383-1000UA.job
- c:\users\Paul Barnes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 22:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Paul Barnes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-13 15:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3802&r=17360610cn16974e54s15uy4i1j84q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D5F49E8-5545-41DC-AD29-B1870FDA0AD1}: NameServer = 192.168.1.254,212.139.132.36,212.139.132.37
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\7ba6d9abd607b069]
"ImagePath"="\SystemRoot\System32\Drivers\7ba6d9abd607b069.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1727881459-313387097-2382810383-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,4a,d3,a1,ab,66,20,87,94,23,72,ca,e5,95,4d,68,c8,e5,01,60,0a,
5d,bf,ae,ae,3b,d9,a9,dc,8c,32,b8,cd,f5,74,56,c6,96,bc,c7,3e,57,0a,11,b2,d7,\
"rkeysecu"=hex:b1,51,35,2e,83,37,b4,5e,2e,c8,87,93,c6,9e,72,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:53,3e,57,41,e4,50,58,fd,a3,33,25,6b,73,9a,a1,2f,cb,fc,3b,10,06,
cd,b5,18,c6,9a,e9,49,a8,dc,c3,01,88,a9,3e,38,1c,d0,89,71,31,7e,fe,e4,7b,f8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:53,3e,57,41,e4,50,58,fd,a3,33,25,6b,73,9a,a1,2f,cb,fc,3b,10,06,
cd,b5,18,c6,9a,e9,49,a8,dc,c3,01,88,a9,3e,38,1c,d0,89,71,31,7e,fe,e4,7b,f8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-06-28 07:32:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 06:32
ComboFix2.txt 2012-06-27 16:12
.
Pre-Run: 391,799,947,264 bytes free
Post-Run: 391,496,101,888 bytes free
.
- - End Of File - - D3C9895CA51ED6C31468AF16358D041D

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 28 June 2012 - 02:34 AM

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 BarnesyJR4

BarnesyJR4
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 28 June 2012 - 01:45 PM

Hi gringo
In the process of going through these steps now and hit upon an error. When installing the firewall reg key this notice pops up:

"Cannot import C:\Users\Paul Barnes\Desktop\firewall.reg. Not all data was successfully written to the registry. Some keys are open by the system or other processes"

Do you want me to continue with the BFE one as per your instructions, or wait?

In Services.msc, both BFE and Windows Firewall appear to be running; both with an automatic start up type and a 'started' status.

Ah-hah! Just had a look in Control Panel > Windows Firewall, and it's back on! Interestingly, when I go to turn on realtime protection in Security Essentials, it returns error code 0x800705b4. Again, I'm not entirely sure if this has any relevance, just trying to give as detailed a picture as possible!

What should my next steps be?

Many thanks for your continued support!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 AM

Posted 28 June 2012 - 02:48 PM

uninstall and reinstall MSE and let me know if it turns back on


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users