Spyware.

I have a Toshiba Satellite C655. I use Comodo internet security, MBAM pro, and SUPERAntiSpyware free. Every time I use the cleaner of ccleaner, Comodo shows that it blocks a threat. This is the file:
C:\Users\Casca\AppData\Local\Temp\BundleOfferManager.dll

I have run full scans with Comodo, MBAM, SAS, TDSSKiller, and GMER, all have come up clean, which doesn't surprise me, as I just reset the computer back to factory condition a few weeks ago. I uninstalled all the Toshiba, and other useless BS that came with the computer. I have no clue how I got this malware, I had MBAM pro first thing after the reset. If you know what program I need to remove bundle offer manager, or could do what you do, so I can manually remove it, I would be eternally grateful.
Casca Longinus.

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs:

• In your next post I need the following
  
  
• .logs from DDS
• let me know of any problems you may have had

Gringo

Ok, I am not really having any issues other than every time i run the cleaner of ccleaner, Comodo gives me that message. It does seem to run slower than when it was new, even after the factory reset. I have found that all computers, once they begin to run slower, always do...Maybe I'm wrong.

Here are the two logs you requested.

DDS:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
Run by Casca at 18:08:55 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.1244 [GMT -7:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\taskhost.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9BF3F908-1A7B-4E45-A4BE-7393539D6A36} : NameServer = 205.171.3.65,205.171.2.65
TCP: Interfaces\{9BF3F908-1A7B-4E45-A4BE-7393539D6A36} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{D10C60BF-2242-4285-9A91-9A4BD6285766} : DhcpNameServer = 192.168.0.1 205.171.3.25
AppInit_DLLs: C:\windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Casca\AppData\Roaming\Mozilla\Firefox\Profiles\vikvnrul.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Casca\Documents\Run\a2ddax64.sys [2012-9-4 23208]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\system32\DRIVERS\cmderd.sys --> C:\windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\system32\DRIVERS\cmdguard.sys --> C:\windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\system32\DRIVERS\cmdhlp.sys --> C:\windows\system32\DRIVERS\cmdhlp.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 399432]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 676936]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2012-09-22 02:30:49 -------- d-----w- C:\Users\Casca\AppData\Roaming\SUPERAntiSpyware.com
2012-09-22 02:30:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-22 02:30:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-18 16:47:37 -------- d-----w- C:\Users\Casca\CCE
2012-09-13 04:59:49 -------- d-----w- C:\Users\Casca\FrostWire
2012-09-13 04:59:45 -------- d-----w- C:\Users\Casca\.frostwire5
2012-09-13 04:59:15 -------- d-----w- C:\Program Files (x86)\FrostWire 5
2012-09-13 02:33:51 -------- d-----w- C:\Users\Casca\Alex Music
2012-09-13 02:22:42 -------- d-----w- C:\Users\Casca\AppData\Local\COMODO
2012-09-13 02:16:04 -------- d-----w- C:\Users\Casca\AppData\Local\CRE
2012-09-13 02:15:29 -------- d-----w- C:\Program Files (x86)\Conduit
2012-09-13 02:15:27 -------- d-----w- C:\Users\Casca\AppData\Local\Conduit
2012-09-07 08:03:50 -------- d-----r- C:\Sandbox
2012-09-07 08:00:30 -------- d-----w- C:\Program Files\Sandboxie
2012-09-06 19:49:34 -------- d-----w- C:\Users\Casca\AppData\Local\Adobe
2012-09-05 07:52:23 -------- d-----w- C:\Users\Casca\AppData\Local\ElevatedDiagnostics
2012-09-05 02:31:50 -------- d-----w- C:\Users\Casca\AppData\Local\Microsoft Games
2012-09-04 20:35:12 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2012-09-04 20:35:12 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2012-09-04 20:35:12 48960 ----a-w- C:\windows\System32\netfxperf.dll
2012-09-04 20:35:12 444752 ----a-w- C:\windows\System32\mscoree.dll
2012-09-04 20:35:12 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2012-09-04 20:35:12 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2012-09-04 20:35:12 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2012-09-04 20:35:12 1942856 ----a-w- C:\windows\System32\dfshim.dll
2012-09-04 20:35:12 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2012-09-04 20:35:12 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2012-09-04 19:57:38 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-09-04 19:57:30 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-09-04 19:57:14 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-09-04 19:57:14 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-09-04 19:46:51 -------- d--h--w- C:\VritualRoot
2012-09-04 10:35:19 -------- d-----w- C:\Users\Casca\AppData\Local\Macromedia
2012-09-04 10:31:57 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-04 10:31:57 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-09-04 10:31:40 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 10:28:29 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-04 10:28:29 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 09:50:48 -------- d-----w- C:\Program Files\CCleaner
2012-09-04 09:35:59 -------- d-----w- C:\Users\Casca\AppData\Roaming\Malwarebytes
2012-09-04 09:35:50 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-04 09:35:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-04 09:35:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-04 09:14:03 -------- d-----w- C:\Users\Casca\AppData\Local\Mozilla
2012-09-04 09:06:10 -------- d-----w- C:\ProgramData\Comodo
2012-09-04 09:06:05 -------- d-----w- C:\Program Files\COMODO
2012-09-04 08:59:06 -------- d-----w- C:\Users\Casca\AppData\Local\TOSHIBA_Corporation
2012-09-04 08:38:07 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5219A28C-FFCD-49D6-AB97-3713933FE6B9}\mpengine.dll
2012-09-04 08:38:06 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-09-04 08:33:25 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-09-04 08:31:41 -------- d-----w- C:\Users\Casca\AppData\Local\Google
2012-09-04 08:27:37 -------- d-----w- C:\Users\Casca\AppData\Local\PackageAware
2012-09-04 08:26:42 -------- d-----w- C:\Users\Casca\AppData\Local\Best_Buy®
2012-09-04 08:20:31 -------- d-----w- C:\Users\Casca\AppData\Local\VirtualStore
2012-09-04 08:20:09 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2012-09-04 08:19:50 -------- d-----w- C:\Users\Casca\AppData\Roaming\WinBatch
2012-09-04 07:59:31 -------- d--h--w- C:\windows\msdownld.tmp
2012-09-04 07:58:59 -------- d-----w- C:\windows\System32\drivers\NISx64\1105000.07F
2012-09-04 07:58:59 -------- d-----w- C:\windows\System32\drivers\NISx64
2012-09-04 07:58:57 -------- d-----w- C:\ProgramData\Norton
2012-09-04 07:58:34 -------- d-----w- C:\ProgramData\NortonInstaller
2012-09-04 07:55:08 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2012-09-04 07:55:08 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2012-09-04 07:53:22 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2012-09-04 07:53:22 9216 ----a-w- C:\windows\System32\drivers\FwLnk.sys
2012-09-04 07:52:50 1550848 ----a-w- C:\windows\System32\drivers\athrx.sys
2012-09-04 07:52:50 -------- d-----w- C:\Program Files (x86)\Atheros
2012-09-04 07:52:46 -------- d-----w- C:\ProgramData\Atheros
2012-09-04 07:52:04 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2012-09-04 07:51:46 -------- d-----w- C:\Program Files\Synaptics
2012-09-04 07:49:24 7367200 ----a-w- C:\windows\System32\RTSUSTORicon.dll
2012-09-04 07:49:14 7367200 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2012-09-04 07:49:14 422432 ----a-w- C:\windows\System32\RtsUStor.dll
2012-09-04 07:49:14 232992 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2012-09-04 07:49:14 -------- d-----w- C:\Program Files (x86)\Realtek
2012-09-04 07:48:29 -------- d-----w- C:\Program Files\CONEXANT
2012-09-04 07:47:18 -------- d-----w- C:\Intel
2012-09-04 07:45:01 408600 ----a-w- C:\windows\System32\drivers\iaStor.sys
2012-09-04 07:43:42 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
.
==================== Find3M ====================
.
.
============= FINISH: 18:09:20.42 ===============

ATTACH:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2012 1:18:51 AM
System Uptime: 9/22/2012 8:11:27 AM (58 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 195.429 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 9/4/2012 1:19:07 AM - TOSHIBA Default System Restore Point
RP2: 9/4/2012 1:19:54 AM - Installed TOSHIBA Quality Application
RP3: 9/4/2012 1:35:50 AM - Removed Compatibility Pack for the 2007 Office system
RP4: 9/4/2012 1:37:47 AM - Windows Update
RP5: 9/4/2012 1:40:08 AM - Removed TOSHIBA Application Installer
RP6: 9/4/2012 1:42:37 AM - Configured TOSHIBA Bulletin Board
RP7: 9/4/2012 1:44:41 AM - Removed TOSHIBA Media Controller
RP8: 9/4/2012 1:45:53 AM - Removed TOSHIBA Media Controller Plug-in.
RP9: 9/4/2012 1:47:03 AM - Removed TOSHIBA Quality Application
RP10: 9/4/2012 1:48:11 AM - Configured TOSHIBA ReelTime
RP11: 9/4/2012 1:49:47 AM - Removed ToshibaRegistration
RP12: 9/4/2012 1:50:56 AM - Configured TOSHIBA Value Added Package
RP13: 9/4/2012 2:07:34 AM - Device Driver Package Install: COMODO Network Service
RP14: 9/4/2012 2:20:19 AM - Removed TOSHIBA Supervisor Password
RP15: 9/4/2012 2:43:26 AM - Removed TOSHIBA Hardware Setup
RP16: 9/4/2012 2:45:06 AM - Configured TOSHIBA HDD/SSD Alert
RP17: 9/4/2012 2:47:27 AM - Removed TOSHIBA Service Station
RP18: 9/4/2012 3:00:47 AM - Removed TOSHIBA Disc Creator
RP19: 9/4/2012 3:31:09 AM - Installed Java 7 Update 7
RP20: 9/4/2012 12:55:20 PM - Windows Update
RP21: 9/4/2012 1:34:10 PM - Windows Update
RP22: 9/12/2012 9:11:13 PM - Scheduled Checkpoint
RP23: 9/22/2012 12:00:05 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
FrostWire 5.3.9
Hotfix for Office (KB975927)
Intel® Graphics Media Accelerator Driver
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 17
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 15.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Update for Microsoft Office Word 2007 (KB974631)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/24/2012 9:54:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/24/2012 3:11:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
9/24/2012 12:12:35 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
9/24/2012 12:11:52 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
9/23/2012 12:45:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/23/2012 12:34:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
9/19/2012 3:42:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/19/2012 3:42:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

I have the programs you told me to download, and am awaiting instructions. Thank you.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

Here is the adwcleaner log:

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 19:37:18
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Casca - CASCALONGINUS
# Boot Mode : Normal
# Running from : C:\Users\Casca\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\ProgramData\Partner
Deleted on reboot : C:\Users\Casca\AppData\Local\Conduit
Deleted on reboot : C:\Users\Casca\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Casca\AppData\LocalLow\uTorrentControl_v2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282E2624-22FF-4EB6-914E-2BC06CDB52DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{490E8A83-7419-435D-8C0D-6E61F02EACE1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Casca\AppData\Roaming\Mozilla\Firefox\Profiles\vikvnrul.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2584 octets] - [24/09/2012 19:33:36]
AdwCleaner[S2].txt - [3040 octets] - [24/09/2012 19:37:18]

########## EOF - C:\AdwCleaner[S2].txt - [3100 octets] ##########

I will be right back with the other log you requested.

And here is the RougueKiller log:

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Casca [Admin rights]
Mode : Remove -- Date : 09/24/2012 19:47:36

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{9BF3F908-1A7B-4E45-A4BE-7393539D6A36} : NameServer (205.171.3.65,205.171.2.65) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{9BF3F908-1A7B-4E45-A4BE-7393539D6A36} : NameServer (205.171.3.65,205.171.2.65) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] 6f817ea252e676fa85e3d33a7f986512
[BSP] f061db6474dc2f2d5e960be535906fdf : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Is there anything else I need to do?

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Am I to let it delete anything, or just run it for the log?

Run combo fix, and delete?

Run combofix for log purposes only?

Here is the Combofix log.

ComboFix 12-09-24.03 - Casca 09/25/2012 1:17.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.1204 [GMT -7:00]
Running from: c:\users\Casca\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-22 02:30 . 2012-09-25 04:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-22 02:30 . 2012-09-22 02:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-13 04:59 . 2012-09-13 04:59 -------- d-----w- c:\program files (x86)\FrostWire 5
2012-09-13 04:53 . 2012-09-13 04:53 -------- d-----w- c:\windows\Sun
2012-09-07 08:03 . 2012-09-07 08:03 -------- d-----r- C:\Sandbox
2012-09-07 08:00 . 2012-09-07 19:18 -------- d-----w- c:\program files\Sandboxie
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-09-04 20:35 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-09-04 20:35 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-09-04 20:35 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-04 20:35 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-09-04 20:35 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-09-04 20:35 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-09-04 20:35 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-04 20:35 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-09-04 20:35 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-04 20:35 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-09-04 19:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-04 19:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-04 19:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-04 19:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-04 19:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-04 19:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-04 19:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-04 19:57 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-04 19:57 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-04 19:46 . 2012-09-04 19:46 -------- d-----w- C:\VritualRoot
2012-09-04 19:45 . 2012-09-04 19:45 -------- d-----w- c:\program files\WinRAR
2012-09-04 10:34 . 2012-09-04 10:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-04 10:31 . 2012-09-04 10:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 10:31 . 2012-09-04 10:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 10:31 . 2012-09-04 10:31 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 10:30 . 2012-09-04 10:30 -------- d-----w- c:\programdata\McAfee
2012-09-04 10:28 . 2012-09-04 10:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-04 10:28 . 2012-09-04 10:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 10:28 . 2012-09-04 10:28 -------- d-----w- c:\windows\system32\Macromed
2012-09-04 09:50 . 2012-09-04 09:50 -------- d-----w- c:\program files\CCleaner
2012-09-04 09:35 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 09:35 . 2012-09-04 09:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-04 09:35 . 2012-09-10 23:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 09:06 . 2012-09-04 09:08 -------- d-----w- c:\programdata\Comodo
2012-09-04 09:06 . 2012-09-04 09:06 -------- d-----w- c:\program files\COMODO
2012-09-04 08:38 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5219A28C-FFCD-49D6-AB97-3713933FE6B9}\mpengine.dll
2012-09-04 08:38 . 2012-05-31 19:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-04 08:33 . 2012-09-04 08:33 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-09-04 08:20 . 2012-09-04 08:20 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-09-04 08:18 . 2012-09-18 16:53 -------- d-----w- c:\users\Casca
2012-09-04 07:59 . 2012-09-04 07:59 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-04 07:58 . 2012-09-04 07:58 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-09-04 07:58 . 2012-09-04 08:59 -------- d-----w- c:\programdata\Norton
2012-09-04 07:55 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-09-04 07:55 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-09-04 07:53 . 2009-07-07 15:51 9216 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2012-09-04 07:53 . 2006-03-23 20:44 9728 ----a-w- c:\windows\SysWow64\TCMSVR.dll
2012-09-04 07:52 . 2012-09-04 07:52 -------- d-----w- c:\program files (x86)\Atheros
2012-09-04 07:52 . 2009-11-06 19:56 1550848 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-09-04 07:52 . 2012-09-04 07:52 -------- d-----w- c:\programdata\Atheros
2012-09-04 07:52 . 2012-09-04 07:52 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-09-04 07:51 . 2012-09-04 07:51 -------- d-----w- c:\program files\Synaptics
2012-09-04 07:49 . 2010-02-01 17:29 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-09-04 07:49 . 2012-09-04 07:49 -------- d-----w- c:\program files (x86)\Realtek
2012-09-04 07:49 . 2010-02-01 17:29 7367200 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-09-04 07:49 . 2010-02-01 17:29 232992 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-09-04 07:49 . 2010-02-01 17:29 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2012-09-04 07:48 . 2012-09-04 07:48 -------- d-----w- c:\program files\CONEXANT
2012-09-04 07:47 . 2012-09-04 07:47 -------- d-----w- C:\Intel
2012-09-04 07:45 . 2009-08-07 12:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-09-04 07:43 . 2012-09-04 07:43 -------- d-----w- c:\program files (x86)\Microsoft Office Suite Activation Assistant
2012-09-04 07:38 . 2012-09-04 07:38 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-09-04 07:37 . 2012-09-04 07:37 -------- d-----w- c:\program files\Microsoft Office
2012-09-04 07:37 . 2012-09-04 07:44 -------- d-----w- c:\programdata\Microsoft Help
2012-09-04 07:36 . 2012-09-04 07:36 -------- d-----r- C:\MSOCache
2012-09-04 07:33 . 2012-09-04 07:33 -------- d-----w- c:\program files (x86)\Microsoft Works
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Casca\Documents\Run\a2ddax64.sys [2012-09-04 23208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-12 22696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-12 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-12 43248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9BF3F908-1A7B-4E45-A4BE-7393539D6A36}: NameServer = 205.171.3.65,205.171.2.65
FF - ProfilePath - c:\users\Casca\AppData\Roaming\Mozilla\Firefox\Profiles\vikvnrul.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-25 01:27:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-25 08:27
.
Pre-Run: 209,359,675,392 bytes free
Post-Run: 209,284,345,856 bytes free
.
- - End Of File - - 68324F3AAF7F6D46C97EE5DD82075388

After the scan finished, there was an error box that came up after the restart, but I wasn't fast enough to see what it said. I ran ccleaner, and Comodo gave me no warning, ccleaner did stall out in the same place for about the same amount of time, but there was no alert. After the combofix restart I also had the "Casca", and "computer" shortcut icons on the desktop also. The internet seems a tad faster now, and I haven't done anything else to know if there are any other changes.
Is there anything else you need to know, or that I should do?

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

The scans finished successfully, and appear to have been clean.

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-25 02:21:31
-----------------------------
02:21:31.986 OS Version: Windows x64 6.1.7600
02:21:31.986 Number of processors: 1 586 0x170A
02:21:31.986 ComputerName: CASCALONGINUS UserName: Casca
02:21:33.562 Initialize success
02:23:11.464 AVAST engine defs: 12092500
02:24:09.232 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:24:09.247 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
02:24:09.263 Disk 0 MBR read successfully
02:24:09.263 Disk 0 MBR scan
02:24:09.263 Disk 0 Windows VISTA default MBR code
02:24:09.278 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
02:24:09.294 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227813 MB offset 3074048
02:24:09.356 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9161 MB offset 469635072
02:24:09.419 Disk 0 scanning C:\windows\system32\drivers
02:24:17.983 Service scanning
02:24:49.152 Modules scanning
02:24:49.152 Disk 0 trace - called modules:
02:24:49.183 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
02:24:49.714 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002273790]
02:24:49.714 3 CLASSPNP.SYS[fffff880013cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800210b050]
02:24:50.385 AVAST engine scan C:\windows
02:24:53.099 AVAST engine scan C:\windows\system32
02:28:56.428 AVAST engine scan C:\windows\system32\drivers
02:29:12.839 AVAST engine scan C:\Users\Casca
02:29:57.190 AVAST engine scan C:\ProgramData
02:30:10.232 Scan finished successfully
02:31:26.812 Disk 0 MBR has been saved successfully to "C:\Users\Casca\Desktop\MBR.dat"
02:31:26.812 The log file has been saved successfully to "C:\Users\Casca\Desktop\aswMBR.txt"

TDSSKiller:

02:19:43.0784 3928 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
02:19:44.0595 3928 ============================================================
02:19:44.0595 3928 Current date / time: 2012/09/25 02:19:44.0595
02:19:44.0595 3928 SystemInfo:
02:19:44.0595 3928
02:19:44.0595 3928 OS Version: 6.1.7600 ServicePack: 0.0
02:19:44.0595 3928 Product type: Workstation
02:19:44.0595 3928 ComputerName: CASCALONGINUS
02:19:44.0595 3928 UserName: Casca
02:19:44.0595 3928 Windows directory: C:\windows
02:19:44.0595 3928 System windows directory: C:\windows
02:19:44.0595 3928 Running under WOW64
02:19:44.0595 3928 Processor architecture: Intel x64
02:19:44.0595 3928 Number of processors: 1
02:19:44.0595 3928 Page size: 0x1000
02:19:44.0595 3928 Boot type: Normal boot
02:19:44.0595 3928 ============================================================
02:19:45.0609 3928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:19:45.0625 3928 ============================================================
02:19:45.0625 3928 \Device\Harddisk0\DR0:
02:19:45.0625 3928 MBR partitions:
02:19:45.0625 3928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCF2800
02:19:45.0625 3928 ============================================================
02:19:45.0641 3928 C: <-> \Device\Harddisk0\DR0\Partition1
02:19:45.0641 3928 ============================================================
02:19:45.0641 3928 Initialize success
02:19:45.0641 3928 ============================================================
02:19:50.0352 1996 ============================================================
02:19:50.0352 1996 Scan started
02:19:50.0352 1996 Mode: Manual;
02:19:50.0352 1996 ============================================================
02:19:51.0241 1996 ================ Scan system memory ========================
02:19:51.0241 1996 System memory - ok
02:19:51.0241 1996 ================ Scan services =============================
02:19:51.0366 1996 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
02:19:51.0366 1996 !SASCORE - ok
02:19:51.0553 1996 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
02:19:51.0553 1996 1394ohci - ok
02:19:51.0662 1996 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Users\Casca\Documents\Run\a2ddax64.sys
02:19:51.0662 1996 A2DDA - ok
02:19:51.0740 1996 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
02:19:51.0740 1996 ACPI - ok
02:19:51.0787 1996 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
02:19:51.0787 1996 AcpiPmi - ok
02:19:51.0912 1996 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:19:51.0912 1996 AdobeARMservice - ok
02:19:51.0990 1996 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
02:19:51.0990 1996 adp94xx - ok
02:19:52.0021 1996 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
02:19:52.0021 1996 adpahci - ok
02:19:52.0037 1996 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
02:19:52.0037 1996 adpu320 - ok
02:19:52.0083 1996 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
02:19:52.0083 1996 AeLookupSvc - ok
02:19:52.0130 1996 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\windows\system32\drivers\afd.sys
02:19:52.0130 1996 AFD - ok
02:19:52.0177 1996 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
02:19:52.0177 1996 agp440 - ok
02:19:52.0224 1996 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
02:19:52.0224 1996 ALG - ok
02:19:52.0239 1996 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
02:19:52.0255 1996 aliide - ok
02:19:52.0255 1996 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
02:19:52.0255 1996 amdide - ok
02:19:52.0302 1996 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
02:19:52.0302 1996 AmdK8 - ok
02:19:52.0317 1996 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
02:19:52.0317 1996 AmdPPM - ok
02:19:52.0317 1996 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
02:19:52.0333 1996 amdsata - ok
02:19:52.0364 1996 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
02:19:52.0380 1996 amdsbs - ok
02:19:52.0458 1996 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
02:19:52.0458 1996 amdxata - ok
02:19:52.0473 1996 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
02:19:52.0473 1996 AppID - ok
02:19:52.0520 1996 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
02:19:52.0520 1996 AppIDSvc - ok
02:19:52.0551 1996 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
02:19:52.0551 1996 Appinfo - ok
02:19:52.0614 1996 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
02:19:52.0614 1996 arc - ok
02:19:52.0629 1996 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
02:19:52.0629 1996 arcsas - ok
02:19:52.0661 1996 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
02:19:52.0661 1996 AsyncMac - ok
02:19:52.0692 1996 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
02:19:52.0692 1996 atapi - ok
02:19:52.0754 1996 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys
02:19:52.0785 1996 athr - ok
02:19:52.0848 1996 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
02:19:52.0863 1996 AudioEndpointBuilder - ok
02:19:52.0879 1996 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
02:19:52.0879 1996 AudioSrv - ok
02:19:52.0926 1996 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
02:19:52.0941 1996 AxInstSV - ok
02:19:53.0035 1996 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
02:19:53.0051 1996 b06bdrv - ok
02:19:53.0144 1996 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
02:19:53.0175 1996 b57nd60a - ok
02:19:53.0222 1996 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
02:19:53.0222 1996 BDESVC - ok
02:19:53.0253 1996 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
02:19:53.0253 1996 Beep - ok
02:19:53.0300 1996 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
02:19:53.0331 1996 BFE - ok
02:19:53.0378 1996 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\system32\qmgr.dll
02:19:53.0394 1996 BITS - ok
02:19:53.0425 1996 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
02:19:53.0425 1996 blbdrive - ok
02:19:53.0456 1996 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\windows\system32\DRIVERS\bowser.sys
02:19:53.0456 1996 bowser - ok
02:19:53.0472 1996 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
02:19:53.0487 1996 BrFiltLo - ok
02:19:53.0487 1996 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
02:19:53.0487 1996 BrFiltUp - ok
02:19:53.0503 1996 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
02:19:53.0503 1996 BridgeMP - ok
02:19:53.0550 1996 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\windows\System32\browser.dll
02:19:53.0550 1996 Browser - ok
02:19:53.0581 1996 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
02:19:53.0581 1996 Brserid - ok
02:19:53.0597 1996 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
02:19:53.0597 1996 BrSerWdm - ok
02:19:53.0612 1996 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
02:19:53.0612 1996 BrUsbMdm - ok
02:19:53.0628 1996 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
02:19:53.0628 1996 BrUsbSer - ok
02:19:53.0643 1996 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
02:19:53.0643 1996 BTHMODEM - ok
02:19:53.0675 1996 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
02:19:53.0675 1996 bthserv - ok
02:19:53.0706 1996 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
02:19:53.0706 1996 cdfs - ok
02:19:53.0753 1996 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
02:19:53.0753 1996 cdrom - ok
02:19:53.0784 1996 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
02:19:53.0784 1996 CertPropSvc - ok
02:19:53.0846 1996 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
02:19:53.0862 1996 circlass - ok
02:19:53.0877 1996 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
02:19:53.0909 1996 CLFS - ok
02:19:54.0033 1996 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:19:54.0065 1996 clr_optimization_v2.0.50727_32 - ok
02:19:54.0127 1996 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:19:54.0127 1996 clr_optimization_v2.0.50727_64 - ok
02:19:54.0158 1996 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
02:19:54.0174 1996 CmBatt - ok
02:19:54.0314 1996 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
02:19:54.0330 1996 cmdAgent - ok
02:19:54.0377 1996 [ 7EAC5E62F0B93262984D450E0D497B61 ] cmderd C:\windows\system32\DRIVERS\cmderd.sys
02:19:54.0377 1996 cmderd - ok
02:19:54.0408 1996 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys
02:19:54.0423 1996 cmdGuard - ok
02:19:54.0439 1996 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys
02:19:54.0439 1996 cmdHlp - ok
02:19:54.0486 1996 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
02:19:54.0486 1996 cmdide - ok
02:19:54.0548 1996 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\windows\system32\Drivers\cng.sys
02:19:54.0548 1996 CNG - ok
02:19:54.0626 1996 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
02:19:54.0626 1996 CnxtHdAudService - ok
02:19:54.0673 1996 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
02:19:54.0673 1996 Compbatt - ok
02:19:54.0704 1996 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
02:19:54.0704 1996 CompositeBus - ok
02:19:54.0720 1996 COMSysApp - ok
02:19:54.0751 1996 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
02:19:54.0751 1996 crcdisk - ok
02:19:54.0798 1996 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\windows\system32\cryptsvc.dll
02:19:54.0798 1996 CryptSvc - ok
02:19:54.0860 1996 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
02:19:54.0860 1996 DcomLaunch - ok
02:19:54.0891 1996 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
02:19:54.0907 1996 defragsvc - ok
02:19:54.0923 1996 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\windows\system32\Drivers\dfsc.sys
02:19:54.0938 1996 DfsC - ok
02:19:55.0016 1996 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
02:19:55.0016 1996 Dhcp - ok
02:19:55.0047 1996 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
02:19:55.0047 1996 discache - ok
02:19:55.0079 1996 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
02:19:55.0094 1996 Disk - ok
02:19:55.0110 1996 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\windows\System32\dnsrslvr.dll
02:19:55.0110 1996 Dnscache - ok
02:19:55.0141 1996 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
02:19:55.0141 1996 dot3svc - ok
02:19:55.0172 1996 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
02:19:55.0172 1996 DPS - ok
02:19:55.0219 1996 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
02:19:55.0219 1996 drmkaud - ok
02:19:55.0266 1996 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
02:19:55.0266 1996 DXGKrnl - ok
02:19:55.0313 1996 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
02:19:55.0313 1996 EapHost - ok
02:19:55.0406 1996 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
02:19:55.0484 1996 ebdrv - ok
02:19:55.0531 1996 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\windows\System32\lsass.exe
02:19:55.0531 1996 EFS - ok
02:19:55.0609 1996 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\windows\ehome\ehRecvr.exe
02:19:55.0609 1996 ehRecvr - ok
02:19:55.0640 1996 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
02:19:55.0640 1996 ehSched - ok
02:19:55.0687 1996 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
02:19:55.0703 1996 elxstor - ok
02:19:55.0703 1996 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
02:19:55.0718 1996 ErrDev - ok
02:19:55.0781 1996 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
02:19:55.0796 1996 EventSystem - ok
02:19:55.0843 1996 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
02:19:55.0843 1996 exfat - ok
02:19:55.0859 1996 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
02:19:55.0859 1996 fastfat - ok
02:19:55.0905 1996 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
02:19:55.0921 1996 Fax - ok
02:19:55.0937 1996 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
02:19:55.0937 1996 fdc - ok
02:19:55.0983 1996 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
02:19:55.0983 1996 fdPHost - ok
02:19:56.0015 1996 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
02:19:56.0015 1996 FDResPub - ok
02:19:56.0030 1996 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
02:19:56.0030 1996 FileInfo - ok
02:19:56.0046 1996 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
02:19:56.0046 1996 Filetrace - ok
02:19:56.0077 1996 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
02:19:56.0093 1996 flpydisk - ok
02:19:56.0124 1996 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
02:19:56.0139 1996 FltMgr - ok
02:19:56.0186 1996 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\windows\system32\FntCache.dll
02:19:56.0202 1996 FontCache - ok
02:19:56.0264 1996 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:19:56.0405 1996 FontCache3.0.0.0 - ok
02:19:56.0436 1996 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
02:19:56.0451 1996 FsDepends - ok
02:19:56.0467 1996 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
02:19:56.0467 1996 Fs_Rec - ok
02:19:56.0498 1996 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
02:19:56.0498 1996 fvevol - ok
02:19:56.0545 1996 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
02:19:56.0545 1996 FwLnk - ok
02:19:56.0576 1996 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
02:19:56.0592 1996 gagp30kx - ok
02:19:56.0639 1996 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
02:19:56.0654 1996 gpsvc - ok
02:19:56.0670 1996 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
02:19:56.0670 1996 hcw85cir - ok
02:19:56.0701 1996 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
02:19:56.0701 1996 HdAudAddService - ok
02:19:56.0748 1996 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
02:19:56.0748 1996 HDAudBus - ok
02:19:56.0779 1996 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
02:19:56.0779 1996 HidBatt - ok
02:19:56.0779 1996 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
02:19:56.0795 1996 HidBth - ok
02:19:56.0826 1996 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
02:19:56.0826 1996 HidIr - ok
02:19:56.0841 1996 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
02:19:56.0857 1996 hidserv - ok
02:19:56.0888 1996 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
02:19:56.0888 1996 HidUsb - ok
02:19:56.0919 1996 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
02:19:56.0919 1996 hkmsvc - ok
02:19:56.0935 1996 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
02:19:56.0951 1996 HomeGroupListener - ok
02:19:56.0982 1996 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
02:19:56.0982 1996 HomeGroupProvider - ok
02:19:57.0029 1996 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
02:19:57.0029 1996 HpSAMD - ok
02:19:57.0060 1996 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
02:19:57.0075 1996 HTTP - ok
02:19:57.0091 1996 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
02:19:57.0091 1996 hwpolicy - ok
02:19:57.0122 1996 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
02:19:57.0122 1996 i8042prt - ok
02:19:57.0185 1996 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
02:19:57.0185 1996 iaStor - ok
02:19:57.0231 1996 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
02:19:57.0231 1996 iaStorV - ok
02:19:57.0309 1996 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:19:57.0309 1996 idsvc - ok
02:19:57.0559 1996 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
02:19:57.0762 1996 igfx - ok
02:19:57.0793 1996 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
02:19:57.0793 1996 iirsp - ok
02:19:57.0887 1996 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
02:19:57.0887 1996 IKEEXT - ok
02:19:57.0949 1996 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\windows\system32\DRIVERS\inspect.sys
02:19:57.0965 1996 inspect - ok
02:19:57.0996 1996 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
02:19:58.0011 1996 intelide - ok
02:19:58.0043 1996 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
02:19:58.0043 1996 intelppm - ok
02:19:58.0089 1996 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
02:19:58.0089 1996 IPBusEnum - ok
02:19:58.0121 1996 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
02:19:58.0121 1996 IpFilterDriver - ok
02:19:58.0152 1996 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
02:19:58.0167 1996 iphlpsvc - ok
02:19:58.0167 1996 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
02:19:58.0167 1996 IPMIDRV - ok
02:19:58.0183 1996 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
02:19:58.0183 1996 IPNAT - ok
02:19:58.0230 1996 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
02:19:58.0245 1996 IRENUM - ok
02:19:58.0245 1996 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
02:19:58.0245 1996 isapnp - ok
02:19:58.0277 1996 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
02:19:58.0277 1996 iScsiPrt - ok
02:19:58.0308 1996 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
02:19:58.0308 1996 kbdclass - ok
02:19:58.0339 1996 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
02:19:58.0339 1996 kbdhid - ok
02:19:58.0370 1996 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\windows\system32\lsass.exe
02:19:58.0370 1996 KeyIso - ok
02:19:58.0417 1996 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
02:19:58.0417 1996 KSecDD - ok
02:19:58.0433 1996 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
02:19:58.0433 1996 KSecPkg - ok
02:19:58.0464 1996 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
02:19:58.0464 1996 ksthunk - ok
02:19:58.0511 1996 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
02:19:58.0511 1996 KtmRm - ok
02:19:58.0557 1996 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
02:19:58.0557 1996 L1C - ok
02:19:58.0604 1996 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\windows\System32\srvsvc.dll
02:19:58.0620 1996 LanmanServer - ok
02:19:58.0651 1996 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
02:19:58.0651 1996 LanmanWorkstation - ok
02:19:58.0713 1996 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
02:19:58.0713 1996 lltdio - ok
02:19:58.0745 1996 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
02:19:58.0745 1996 lltdsvc - ok
02:19:58.0791 1996 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
02:19:58.0791 1996 lmhosts - ok
02:19:58.0838 1996 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
02:19:58.0838 1996 LSI_FC - ok
02:19:58.0854 1996 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
02:19:58.0869 1996 LSI_SAS - ok
02:19:58.0885 1996 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
02:19:58.0885 1996 LSI_SAS2 - ok
02:19:58.0901 1996 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
02:19:58.0916 1996 LSI_SCSI - ok
02:19:58.0932 1996 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
02:19:58.0947 1996 luafv - ok
02:19:58.0979 1996 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
02:19:58.0979 1996 MBAMProtector - ok
02:19:59.0025 1996 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:19:59.0119 1996 MBAMScheduler - ok
02:19:59.0150 1996 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:19:59.0166 1996 MBAMService - ok
02:19:59.0181 1996 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
02:19:59.0197 1996 Mcx2Svc - ok
02:19:59.0228 1996 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
02:19:59.0228 1996 megasas - ok
02:19:59.0259 1996 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
02:19:59.0259 1996 MegaSR - ok
02:19:59.0306 1996 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
02:19:59.0306 1996 MMCSS - ok
02:19:59.0306 1996 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
02:19:59.0322 1996 Modem - ok
02:19:59.0353 1996 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
02:19:59.0353 1996 monitor - ok
02:19:59.0384 1996 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
02:19:59.0400 1996 mouclass - ok
02:19:59.0478 1996 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
02:19:59.0478 1996 mouhid - ok
02:19:59.0525 1996 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
02:19:59.0540 1996 mountmgr - ok
02:19:59.0556 1996 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
02:19:59.0571 1996 mpio - ok
02:19:59.0587 1996 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
02:19:59.0587 1996 mpsdrv - ok
02:19:59.0634 1996 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
02:19:59.0649 1996 MpsSvc - ok
02:19:59.0665 1996 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
02:19:59.0665 1996 MRxDAV - ok
02:19:59.0696 1996 [ AB5892797C4114640BA333949568DE8C ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
02:19:59.0696 1996 mrxsmb - ok
02:19:59.0727 1996 [ 81A38F7AEEB265634B05AE5F3F29FBC4 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
02:19:59.0727 1996 mrxsmb10 - ok
02:19:59.0743 1996 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
02:19:59.0743 1996 mrxsmb20 - ok
02:19:59.0759 1996 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
02:19:59.0759 1996 msahci - ok
02:19:59.0790 1996 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
02:19:59.0790 1996 msdsm - ok
02:19:59.0821 1996 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
02:19:59.0821 1996 MSDTC - ok
02:19:59.0852 1996 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
02:19:59.0852 1996 Msfs - ok
02:19:59.0883 1996 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
02:19:59.0883 1996 mshidkmdf - ok
02:19:59.0899 1996 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
02:19:59.0915 1996 msisadrv - ok
02:19:59.0946 1996 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
02:19:59.0961 1996 MSiSCSI - ok
02:19:59.0977 1996 msiserver - ok
02:20:00.0024 1996 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
02:20:00.0024 1996 MSKSSRV - ok
02:20:00.0055 1996 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
02:20:00.0055 1996 MSPCLOCK - ok
02:20:00.0071 1996 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
02:20:00.0071 1996 MSPQM - ok
02:20:00.0086 1996 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
02:20:00.0086 1996 MsRPC - ok
02:20:00.0117 1996 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
02:20:00.0117 1996 mssmbios - ok
02:20:00.0164 1996 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
02:20:00.0164 1996 MSTEE - ok
02:20:00.0180 1996 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
02:20:00.0180 1996 MTConfig - ok
02:20:00.0211 1996 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
02:20:00.0211 1996 Mup - ok
02:20:00.0242 1996 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
02:20:00.0258 1996 napagent - ok
02:20:00.0305 1996 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
02:20:00.0336 1996 NativeWifiP - ok
02:20:00.0383 1996 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
02:20:00.0383 1996 NDIS - ok
02:20:00.0414 1996 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
02:20:00.0414 1996 NdisCap - ok
02:20:00.0445 1996 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
02:20:00.0461 1996 NdisTapi - ok
02:20:00.0476 1996 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
02:20:00.0492 1996 Ndisuio - ok
02:20:00.0507 1996 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
02:20:00.0507 1996 NdisWan - ok
02:20:00.0539 1996 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
02:20:00.0539 1996 NDProxy - ok
02:20:00.0570 1996 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
02:20:00.0570 1996 NetBIOS - ok
02:20:00.0585 1996 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
02:20:00.0601 1996 NetBT - ok
02:20:00.0617 1996 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\windows\system32\lsass.exe
02:20:00.0617 1996 Netlogon - ok
02:20:00.0679 1996 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
02:20:00.0679 1996 Netman - ok
02:20:00.0695 1996 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
02:20:00.0710 1996 netprofm - ok
02:20:00.0741 1996 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:20:00.0835 1996 NetTcpPortSharing - ok
02:20:00.0866 1996 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
02:20:00.0866 1996 nfrd960 - ok
02:20:00.0897 1996 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
02:20:00.0913 1996 NlaSvc - ok
02:20:00.0929 1996 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
02:20:00.0929 1996 Npfs - ok
02:20:00.0960 1996 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
02:20:00.0960 1996 nsi - ok
02:20:00.0975 1996 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
02:20:00.0975 1996 nsiproxy - ok
02:20:01.0038 1996 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
02:20:01.0053 1996 Ntfs - ok
02:20:01.0085 1996 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
02:20:01.0085 1996 Null - ok
02:20:01.0116 1996 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
02:20:01.0116 1996 nvraid - ok
02:20:01.0131 1996 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
02:20:01.0131 1996 nvstor - ok
02:20:01.0147 1996 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
02:20:01.0147 1996 nv_agp - ok
02:20:01.0272 1996 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:20:01.0412 1996 odserv - ok
02:20:01.0443 1996 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
02:20:01.0443 1996 ohci1394 - ok
02:20:01.0506 1996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:20:01.0506 1996 ose - ok
02:20:01.0553 1996 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
02:20:01.0568 1996 p2pimsvc - ok
02:20:01.0584 1996 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
02:20:01.0599 1996 p2psvc - ok
02:20:01.0631 1996 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
02:20:01.0631 1996 Parport - ok
02:20:01.0646 1996 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\windows\system32\drivers\partmgr.sys
02:20:01.0646 1996 partmgr - ok
02:20:01.0693 1996 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
02:20:01.0693 1996 PcaSvc - ok
02:20:01.0709 1996 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
02:20:01.0724 1996 pci - ok
02:20:01.0740 1996 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
02:20:01.0740 1996 pciide - ok
02:20:01.0755 1996 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
02:20:01.0755 1996 pcmcia - ok
02:20:01.0771 1996 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
02:20:01.0787 1996 pcw - ok
02:20:01.0818 1996 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
02:20:01.0818 1996 PEAUTH - ok
02:20:01.0896 1996 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
02:20:01.0974 1996 PerfHost - ok
02:20:02.0036 1996 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
02:20:02.0052 1996 pla - ok
02:20:02.0114 1996 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\windows\system32\umpnpmgr.dll
02:20:02.0114 1996 PlugPlay - ok
02:20:02.0145 1996 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
02:20:02.0161 1996 PNRPAutoReg - ok
02:20:02.0177 1996 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
02:20:02.0177 1996 PNRPsvc - ok
02:20:02.0223 1996 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
02:20:02.0239 1996 PolicyAgent - ok
02:20:02.0270 1996 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
02:20:02.0270 1996 Power - ok
02:20:02.0301 1996 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
02:20:02.0317 1996 PptpMiniport - ok
02:20:02.0333 1996 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
02:20:02.0333 1996 Processor - ok
02:20:02.0379 1996 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\windows\system32\profsvc.dll
02:20:02.0395 1996 ProfSvc - ok
02:20:02.0426 1996 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\windows\system32\lsass.exe
02:20:02.0426 1996 ProtectedStorage - ok
02:20:02.0442 1996 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
02:20:02.0457 1996 Psched - ok
02:20:02.0520 1996 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
02:20:02.0551 1996 ql2300 - ok
02:20:02.0567 1996 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
02:20:02.0567 1996 ql40xx - ok
02:20:02.0613 1996 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
02:20:02.0613 1996 QWAVE - ok
02:20:02.0645 1996 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
02:20:02.0645 1996 QWAVEdrv - ok
02:20:02.0660 1996 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
02:20:02.0691 1996 RasAcd - ok
02:20:02.0738 1996 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
02:20:02.0754 1996 RasAgileVpn - ok
02:20:02.0785 1996 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
02:20:02.0801 1996 RasAuto - ok
02:20:02.0816 1996 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
02:20:02.0816 1996 Rasl2tp - ok
02:20:02.0847 1996 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
02:20:02.0847 1996 RasMan - ok
02:20:02.0879 1996 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
02:20:02.0879 1996 RasPppoe - ok
02:20:02.0910 1996 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
02:20:02.0910 1996 RasSstp - ok
02:20:02.0941 1996 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
02:20:02.0941 1996 rdbss - ok
02:20:02.0972 1996 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
02:20:02.0972 1996 rdpbus - ok
02:20:02.0988 1996 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
02:20:02.0988 1996 RDPCDD - ok
02:20:03.0035 1996 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
02:20:03.0050 1996 RDPENCDD - ok
02:20:03.0081 1996 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
02:20:03.0081 1996 RDPREFMP - ok
02:20:03.0113 1996 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
02:20:03.0113 1996 RDPWD - ok
02:20:03.0144 1996 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
02:20:03.0144 1996 rdyboost - ok
02:20:03.0175 1996 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
02:20:03.0191 1996 RemoteAccess - ok
02:20:03.0222 1996 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
02:20:03.0222 1996 RemoteRegistry - ok
02:20:03.0253 1996 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
02:20:03.0253 1996 RpcEptMapper - ok
02:20:03.0284 1996 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
02:20:03.0284 1996 RpcLocator - ok
02:20:03.0315 1996 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
02:20:03.0331 1996 RpcSs - ok
02:20:03.0362 1996 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
02:20:03.0362 1996 rspndr - ok
02:20:03.0425 1996 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
02:20:03.0425 1996 RSUSBSTOR - ok
02:20:03.0471 1996 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\windows\system32\lsass.exe
02:20:03.0471 1996 SamSs - ok
02:20:03.0549 1996 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
02:20:03.0549 1996 SASDIFSV - ok
02:20:03.0565 1996 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
02:20:03.0565 1996 SASKUTIL - ok
02:20:03.0612 1996 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
02:20:03.0612 1996 sbp2port - ok
02:20:03.0659 1996 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
02:20:03.0659 1996 SCardSvr - ok
02:20:03.0674 1996 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
02:20:03.0674 1996 scfilter - ok
02:20:03.0737 1996 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\windows\system32\schedsvc.dll
02:20:03.0737 1996 Schedule - ok
02:20:03.0768 1996 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
02:20:03.0768 1996 SCPolicySvc - ok
02:20:03.0799 1996 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
02:20:03.0799 1996 SDRSVC - ok
02:20:03.0846 1996 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
02:20:03.0846 1996 secdrv - ok
02:20:03.0861 1996 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
02:20:03.0877 1996 seclogon - ok
02:20:03.0893 1996 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
02:20:03.0893 1996 SENS - ok
02:20:03.0924 1996 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
02:20:03.0955 1996 SensrSvc - ok
02:20:03.0971 1996 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
02:20:03.0986 1996 Serenum - ok
02:20:04.0017 1996 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
02:20:04.0017 1996 Serial - ok
02:20:04.0033 1996 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
02:20:04.0033 1996 sermouse - ok
02:20:04.0080 1996 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
02:20:04.0080 1996 SessionEnv - ok
02:20:04.0095 1996 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
02:20:04.0095 1996 sffdisk - ok
02:20:04.0111 1996 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
02:20:04.0111 1996 sffp_mmc - ok
02:20:04.0127 1996 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
02:20:04.0127 1996 sffp_sd - ok
02:20:04.0142 1996 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
02:20:04.0142 1996 sfloppy - ok
02:20:04.0205 1996 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
02:20:04.0220 1996 SharedAccess - ok
02:20:04.0267 1996 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:20:04.0267 1996 ShellHWDetection - ok
02:20:04.0283 1996 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
02:20:04.0298 1996 SiSRaid2 - ok
02:20:04.0314 1996 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
02:20:04.0329 1996 SiSRaid4 - ok
02:20:04.0345 1996 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
02:20:04.0345 1996 Smb - ok
02:20:04.0376 1996 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
02:20:04.0376 1996 SNMPTRAP - ok
02:20:04.0407 1996 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
02:20:04.0407 1996 spldr - ok
02:20:04.0439 1996 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\windows\System32\spoolsv.exe
02:20:04.0454 1996 Spooler - ok
02:20:04.0532 1996 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
02:20:04.0563 1996 sppsvc - ok
02:20:04.0595 1996 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
02:20:04.0595 1996 sppuinotify - ok
02:20:04.0641 1996 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\windows\system32\DRIVERS\srv.sys
02:20:04.0641 1996 srv - ok
02:20:04.0657 1996 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
02:20:04.0673 1996 srv2 - ok
02:20:04.0688 1996 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
02:20:04.0688 1996 srvnet - ok
02:20:04.0719 1996 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
02:20:04.0735 1996 SSDPSRV - ok
02:20:04.0735 1996 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
02:20:04.0751 1996 SstpSvc - ok
02:20:04.0766 1996 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
02:20:04.0782 1996 stexstor - ok
02:20:04.0829 1996 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
02:20:04.0829 1996 stisvc - ok
02:20:04.0844 1996 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
02:20:04.0860 1996 swenum - ok
02:20:04.0891 1996 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
02:20:04.0907 1996 swprv - ok
02:20:04.0953 1996 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
02:20:04.0953 1996 SynTP - ok
02:20:05.0016 1996 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
02:20:05.0047 1996 SysMain - ok
02:20:05.0047 1996 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
02:20:05.0063 1996 TabletInputService - ok
02:20:05.0078 1996 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
02:20:05.0078 1996 TapiSrv - ok
02:20:05.0109 1996 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
02:20:05.0109 1996 TBS - ok
02:20:05.0172 1996 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\windows\system32\drivers\tcpip.sys
02:20:05.0250 1996 Tcpip - ok
02:20:05.0281 1996 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
02:20:05.0297 1996 TCPIP6 - ok
02:20:05.0312 1996 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
02:20:05.0328 1996 tcpipreg - ok
02:20:05.0375 1996 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
02:20:05.0375 1996 tdcmdpst - ok
02:20:05.0437 1996 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
02:20:05.0437 1996 TDPIPE - ok
02:20:05.0453 1996 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
02:20:05.0453 1996 TDTCP - ok
02:20:05.0468 1996 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
02:20:05.0484 1996 tdx - ok
02:20:05.0499 1996 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
02:20:05.0499 1996 TermDD - ok
02:20:05.0546 1996 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
02:20:05.0562 1996 TermService - ok
02:20:05.0577 1996 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
02:20:05.0577 1996 Themes - ok
02:20:05.0609 1996 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
02:20:05.0609 1996 THREADORDER - ok
02:20:05.0640 1996 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
02:20:05.0640 1996 TODDSrv - ok
02:20:05.0687 1996 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
02:20:05.0687 1996 TrkWks - ok
02:20:05.0749 1996 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
02:20:05.0749 1996 TrustedInstaller - ok
02:20:05.0780 1996 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
02:20:05.0780 1996 tssecsrv - ok
02:20:05.0827 1996 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
02:20:05.0827 1996 tunnel - ok
02:20:05.0874 1996 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
02:20:05.0874 1996 TVALZ - ok
02:20:05.0905 1996 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
02:20:05.0905 1996 uagp35 - ok
02:20:05.0921 1996 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
02:20:05.0921 1996 udfs - ok
02:20:05.0967 1996 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
02:20:05.0967 1996 UI0Detect - ok
02:20:05.0983 1996 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
02:20:05.0983 1996 uliagpkx - ok
02:20:06.0014 1996 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
02:20:06.0030 1996 umbus - ok
02:20:06.0045 1996 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
02:20:06.0045 1996 UmPass - ok
02:20:06.0077 1996 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
02:20:06.0077 1996 upnphost - ok
02:20:06.0108 1996 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
02:20:06.0108 1996 usbccgp - ok
02:20:06.0123 1996 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
02:20:06.0123 1996 usbcir - ok
02:20:06.0155 1996 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
02:20:06.0155 1996 usbehci - ok
02:20:06.0186 1996 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
02:20:06.0201 1996 usbhub - ok
02:20:06.0217 1996 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
02:20:06.0217 1996 usbohci - ok
02:20:06.0248 1996 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
02:20:06.0248 1996 usbprint - ok
02:20:06.0248 1996 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
02:20:06.0264 1996 USBSTOR - ok
02:20:06.0279 1996 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
02:20:06.0279 1996 usbuhci - ok
02:20:06.0326 1996 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
02:20:06.0326 1996 usbvideo - ok
02:20:06.0373 1996 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
02:20:06.0373 1996 UxSms - ok
02:20:06.0389 1996 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\windows\system32\lsass.exe
02:20:06.0389 1996 VaultSvc - ok
02:20:06.0420 1996 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
02:20:06.0420 1996 vdrvroot - ok
02:20:06.0451 1996 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
02:20:06.0467 1996 vds - ok
02:20:06.0498 1996 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
02:20:06.0498 1996 vga - ok
02:20:06.0529 1996 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
02:20:06.0529 1996 VgaSave - ok
02:20:06.0545 1996 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
02:20:06.0545 1996 vhdmp - ok
02:20:06.0560 1996 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
02:20:06.0560 1996 viaide - ok
02:20:06.0591 1996 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
02:20:06.0591 1996 volmgr - ok
02:20:06.0623 1996 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
02:20:06.0623 1996 volmgrx - ok
02:20:06.0654 1996 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
02:20:06.0669 1996 volsnap - ok
02:20:06.0701 1996 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
02:20:06.0701 1996 vsmraid - ok
02:20:06.0763 1996 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
02:20:06.0779 1996 VSS - ok
02:20:06.0810 1996 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
02:20:06.0810 1996 vwifibus - ok
02:20:06.0841 1996 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
02:20:06.0841 1996 vwififlt - ok
02:20:06.0857 1996 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
02:20:06.0872 1996 W32Time - ok
02:20:06.0919 1996 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
02:20:06.0919 1996 WacomPen - ok
02:20:06.0950 1996 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
02:20:06.0950 1996 WANARP - ok
02:20:06.0966 1996 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
02:20:06.0966 1996 Wanarpv6 - ok
02:20:07.0013 1996 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
02:20:07.0028 1996 wbengine - ok
02:20:07.0044 1996 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
02:20:07.0044 1996 WbioSrvc - ok
02:20:07.0059 1996 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\windows\System32\wcncsvc.dll
02:20:07.0075 1996 wcncsvc - ok
02:20:07.0091 1996 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
02:20:07.0122 1996 WcsPlugInService - ok
02:20:07.0137 1996 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
02:20:07.0137 1996 Wd - ok
02:20:07.0169 1996 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
02:20:07.0184 1996 Wdf01000 - ok
02:20:07.0215 1996 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
02:20:07.0215 1996 WdiServiceHost - ok
02:20:07.0231 1996 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
02:20:07.0231 1996 WdiSystemHost - ok
02:20:07.0247 1996 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\windows\System32\webclnt.dll
02:20:07.0247 1996 WebClient - ok
02:20:07.0278 1996 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
02:20:07.0278 1996 Wecsvc - ok
02:20:07.0293 1996 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
02:20:07.0293 1996 wercplsupport - ok
02:20:07.0325 1996 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
02:20:07.0325 1996 WerSvc - ok
02:20:07.0387 1996 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
02:20:07.0387 1996 WfpLwf - ok
02:20:07.0418 1996 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
02:20:07.0418 1996 WIMMount - ok
02:20:07.0449 1996 WinDefend - ok
02:20:07.0465 1996 WinHttpAutoProxySvc - ok
02:20:07.0527 1996 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
02:20:07.0543 1996 Winmgmt - ok
02:20:07.0605 1996 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
02:20:07.0637 1996 WinRM - ok
02:20:07.0699 1996 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
02:20:07.0715 1996 Wlansvc - ok
02:20:07.0730 1996 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
02:20:07.0730 1996 WmiAcpi - ok
02:20:07.0777 1996 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
02:20:07.0777 1996 wmiApSrv - ok
02:20:07.0808 1996 WMPNetworkSvc - ok
02:20:07.0855 1996 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
02:20:07.0855 1996 WPCSvc - ok
02:20:07.0886 1996 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
02:20:07.0886 1996 WPDBusEnum - ok
02:20:07.0917 1996 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
02:20:07.0917 1996 ws2ifsl - ok
02:20:07.0949 1996 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
02:20:07.0949 1996 wscsvc - ok
02:20:07.0964 1996 WSearch - ok
02:20:08.0042 1996 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
02:20:08.0073 1996 wuauserv - ok
02:20:08.0089 1996 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
02:20:08.0105 1996 WudfPf - ok
02:20:08.0136 1996 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
02:20:08.0136 1996 wudfsvc - ok
02:20:08.0151 1996 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
02:20:08.0167 1996 WwanSvc - ok
02:20:08.0183 1996 ================ Scan global ===============================
02:20:08.0229 1996 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
02:20:08.0276 1996 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\windows\system32\winsrv.dll
02:20:08.0292 1996 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\windows\system32\winsrv.dll
02:20:08.0323 1996 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
02:20:08.0339 1996 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
02:20:08.0354 1996 [Global] - ok
02:20:08.0354 1996 ================ Scan MBR ==================================
02:20:08.0370 1996 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
02:20:08.0541 1996 \Device\Harddisk0\DR0 - ok
02:20:08.0541 1996 ================ Scan VBR ==================================
02:20:08.0557 1996 [ 84647008053818C175C23C63EEBE2E6A ] \Device\Harddisk0\DR0\Partition1
02:20:08.0557 1996 \Device\Harddisk0\DR0\Partition1 - ok
02:20:08.0557 1996 ============================================================
02:20:08.0557 1996 Scan finished
02:20:08.0557 1996 ============================================================
02:20:08.0573 1520 Detected object count: 0
02:20:08.0573 1520 Actual detected object count: 0
02:21:25.0882 0428 Deinitialize success


Anything else?

Greetings CascaLonginus

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

Here is the Combofix log you requested:

ComboFix 12-09-24.03 - Casca 09/25/2012 11:26:11.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.1207 [GMT -7:00]
Running from: c:\users\Casca\Desktop\ComboFix.exe
Command switches used :: c:\users\Casca\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 18:33 . 2012-09-25 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 02:30 . 2012-09-25 04:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-22 02:30 . 2012-09-22 02:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-13 04:59 . 2012-09-13 04:59 -------- d-----w- c:\program files (x86)\FrostWire 5
2012-09-13 04:53 . 2012-09-13 04:53 -------- d-----w- c:\windows\Sun
2012-09-07 08:03 . 2012-09-07 08:03 -------- d-----r- C:\Sandbox
2012-09-07 08:00 . 2012-09-07 19:18 -------- d-----w- c:\program files\Sandboxie
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-09-04 20:35 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-09-04 20:35 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-09-04 20:35 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-04 20:35 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-09-04 20:35 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-09-04 20:35 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-09-04 20:35 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-04 20:35 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-09-04 20:35 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-04 20:35 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-09-04 19:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-04 19:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-04 19:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-04 19:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-04 19:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-04 19:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-04 19:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-04 19:57 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-04 19:57 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-04 19:46 . 2012-09-04 19:46 -------- d-----w- C:\VritualRoot
2012-09-04 19:45 . 2012-09-04 19:45 -------- d-----w- c:\program files\WinRAR
2012-09-04 10:34 . 2012-09-04 10:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-04 10:31 . 2012-09-04 10:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 10:31 . 2012-09-04 10:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 10:31 . 2012-09-04 10:31 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 10:30 . 2012-09-04 10:30 -------- d-----w- c:\programdata\McAfee
2012-09-04 10:28 . 2012-09-04 10:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-04 10:28 . 2012-09-04 10:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 10:28 . 2012-09-04 10:28 -------- d-----w- c:\windows\system32\Macromed
2012-09-04 09:50 . 2012-09-04 09:50 -------- d-----w- c:\program files\CCleaner
2012-09-04 09:35 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 09:35 . 2012-09-04 09:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-04 09:35 . 2012-09-10 23:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-04 09:06 . 2012-09-04 09:08 -------- d-----w- c:\programdata\Comodo
2012-09-04 09:06 . 2012-09-04 09:06 -------- d-----w- c:\program files\COMODO
2012-09-04 08:38 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5219A28C-FFCD-49D6-AB97-3713933FE6B9}\mpengine.dll
2012-09-04 08:38 . 2012-05-31 19:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-04 08:33 . 2012-09-04 08:33 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-09-04 08:20 . 2012-09-04 08:20 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-09-04 08:18 . 2012-09-18 16:53 -------- d-----w- c:\users\Casca
2012-09-04 07:59 . 2012-09-04 07:59 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-04 07:58 . 2012-09-04 07:58 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-09-04 07:58 . 2012-09-04 08:59 -------- d-----w- c:\programdata\Norton
2012-09-04 07:55 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-09-04 07:55 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-09-04 07:53 . 2009-07-07 15:51 9216 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2012-09-04 07:53 . 2006-03-23 20:44 9728 ----a-w- c:\windows\SysWow64\TCMSVR.dll
2012-09-04 07:52 . 2012-09-04 07:52 -------- d-----w- c:\program files (x86)\Atheros
2012-09-04 07:52 . 2009-11-06 19:56 1550848 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-09-04 07:52 . 2012-09-04 07:52 -------- d-----w- c:\programdata\Atheros
2012-09-04 07:52 . 2012-09-04 07:52 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-09-04 07:51 . 2012-09-04 07:51 -------- d-----w- c:\program files\Synaptics
2012-09-04 07:49 . 2010-02-01 17:29 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-09-04 07:49 . 2012-09-04 07:49 -------- d-----w- c:\program files (x86)\Realtek
2012-09-04 07:49 . 2010-02-01 17:29 7367200 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-09-04 07:49 . 2010-02-01 17:29 232992 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-09-04 07:49 . 2010-02-01 17:29 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2012-09-04 07:48 . 2012-09-04 07:48 -------- d-----w- c:\program files\CONEXANT
2012-09-04 07:47 . 2012-09-04 07:47 -------- d-----w- C:\Intel
2012-09-04 07:45 . 2009-08-07 12:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-09-04 07:43 . 2012-09-04 07:43 -------- d-----w- c:\program files (x86)\Microsoft Office Suite Activation Assistant
2012-09-04 07:38 . 2012-09-04 07:38 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-09-04 07:37 . 2012-09-04 07:37 -------- d-----w- c:\program files\Microsoft Office
2012-09-04 07:37 . 2012-09-04 07:44 -------- d-----w- c:\programdata\Microsoft Help
2012-09-04 07:36 . 2012-09-04 07:36 -------- d-----r- C:\MSOCache
2012-09-04 07:33 . 2012-09-04 07:33 -------- d-----w- c:\program files (x86)\Microsoft Works
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Casca\Documents\Run\a2ddax64.sys [2012-09-04 23208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-12 22696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-12 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-12 43248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9BF3F908-1A7B-4E45-A4BE-7393539D6A36}: NameServer = 205.171.3.65,205.171.2.65
FF - ProfilePath - c:\users\Casca\AppData\Roaming\Mozilla\Firefox\Profiles\vikvnrul.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-25 11:46:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-25 18:46
ComboFix2.txt 2012-09-25 08:27
.
Pre-Run: 209,050,529,792 bytes free
Post-Run: 209,164,697,600 bytes free
.
- - End Of File - - F5AAF1D12724B0091ADB7931408210B0

Ok, when Combofix restarted the computer, I received an error, saying something about GfxUI.exe, or gfxUI.exe, and under that it said "A device attached to the system is not functioning" I believe it's the same error I got the last time I ran Combofix. I restarted the computer again after Combofix finished to see if the error would appear again, and it didn't. On restart the computer seems to get to the desktop faster, and everything seems to be happening a bit faster than before, the small changes appear to be positive, and more like the computer was after I did the rest back to factory condition. I did go to armor games, and played a game for a couple of minutes to see how well it would perform, and it lagged a lot more than it did before we started this process, but it seems to get to pages faster, and smoother than it did before also, so I'm not sure what to make of that. I don't do much on this computer other than surf the web, so I can't tell yet if anything is worse, I don't really use programs, just Firefox. I forgot to run ccleaner again, but I will do that, next, to see if the Comodo detection is still gone.

OK, I ran ccleaner, and the detection of bundleoffermanager.dll is no longer happening.

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo