Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

coupon dropdown--cripes!


  • This topic is locked This topic is locked
35 replies to this topic

#1 fixMeMommy

fixMeMommy

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 03:38 PM

One day to the next Firefox 12.0 started showing all these highlighted words at random at every website. Mouseover causes a coupon dropdown.

Have looked for newly installed progs (Win7) and also any changes to add-ons/extensions/plugins in firefox but nothing's visible.

Malwarebytes quickscan detected nothing; running full scan now on all eight drives installed.

Hat in hand and head bowed I come to the temple of hope . . .

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 04:32 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 05:08 PM

Kool! Thanx Gringo for chiming in here.

Followed your instructions; avast did not want to let dds run but I told it go ahead. Here are the requested .txt files:

DDS.txt:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by superSonicD at 14:02:57 on 2012-11-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12031.10389 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [OS2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [OS2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\FirstStart.exe" /OS
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
StartupFolder: C:\Users\SUPERS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E7E8A739-552B-48B2-BC23-C7C153BD9B97} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-10 55856]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-8-24 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-8-24 74824]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-10 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-10 359464]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-8-10 30592]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-10 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-10 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-10 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-8 44808]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys [2012-8-10 52280]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-10 344680]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-8-24 41888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-7-20 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-7-20 29696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-10-2 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-10 1255736]
.
=============== Created Last 30 ================
.
2012-11-17 19:38:59 -------- d-----w- C:\Users\superSonicD\AppData\Roaming\Malwarebytes
2012-11-17 19:38:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-17 19:38:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-17 19:38:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-12 19:49:31 107864 ----a-w- C:\Windows\SysWow64\tsccvid.dll
2012-11-12 19:49:30 -------- d-----w- C:\Windows\SysWow64\QuickTime
2012-11-12 19:49:22 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-10-29 00:04:32 -------- d-----w- C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-10-19 17:44:27 -------- d-----w- C:\Users\superSonicD\AppData\Roaming\SUPERAntiSpyware.com
2012-10-19 17:43:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-19 17:43:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2012-09-10 17:54:24 850152 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 14:03:08.27 ===============


ATTACH.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 8/10/2012 2:10:51 PM
System Uptime: 11/17/2012 1:43:28 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
Processor: AMD Athlon™ II X2 250 Processor | AM3 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 99.361 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 76 GiB total, 18.713 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 718.76 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 10 GiB total, 4.389 GiB free.
I: is FIXED (NTFS) - 32 GiB total, 5.878 GiB free.
J: is FIXED (NTFS) - 34 GiB total, 3.936 GiB free.
K: is FIXED (NTFS) - 190 GiB total, 50.631 GiB free.
L: is FIXED (NTFS) - 75 GiB total, 23.116 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_0733&PID_0401\6&3BD8768&0&3
Manufacturer:
Name:
PNP Device ID: USB\VID_0733&PID_0401\6&3BD8768&0&3
Service:
.
Class GUID:
Description: SCSI Controller
Device ID: PCI\VEN_9005&DEV_0080&SUBSYS_E2A09005&REV_02\4&2B4059EA&0&38A4
Manufacturer:
Name: SCSI Controller
PNP Device ID: PCI\VEN_9005&DEV_0080&SUBSYS_E2A09005&REV_02\4&2B4059EA&0&38A4
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Premiere Pro CS5.5
Adobe Setup
Adobe Story
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
ATI Catalyst Install Manager
avast! Free Antivirus
BlackFrame NR
Camtasia Studio 6
Canon Inkjet Printer Driver Add-On Module
Canon My Printer
Canon PIXMA iP3000
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ConvertXtoDVD 4.1.7.343
Cool Edit Pro 2.0
CrystalDiskInfo 5.0.0
dBpoweramp CD Writer
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Music Converter
Digi Eyepiece
DVDFab 8.1.6.3 (11/02/2012) Qt
EPU
Foxit Reader
GPU Boost Driver
HD Writer AE 3.0
HWiNFO64 Version 4.02
IrfanView (remove only)
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MozBackup 1.4.9
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 Parser and SDK
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
OLYMPUS Studio 2
OpenOffice.org 3.2
PDF Settings
PxMergeModule
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
SUPERAntiSpyware
ThreatFire
Vista Shortcut Manager x64
VLC media player 1.0.2
Vuze
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/21/2007 2.2.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
Windows XP Mode
WinZip 16.0
XnView 1.99.1
.
==== Event Viewer Messages From Past Week ========
.
11/17/2012 11:24:47 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
11/17/2012 1:44:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
.
==== End Of File ===========================


CHECKUP.txt from security check:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
ThreatFire
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
ThreatFire TFTray.exe
ThreatFire TFService.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 05:31 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 05:57 PM

OK Gringo, here are the requested logs:

adwCleaner:

# AdwCleaner v2.008 - Logfile created 11/17/2012 at 14:36:33
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : superSonicD - SUPERSONICD-PC
# Boot Mode : Normal
# Running from : C:\Users\superSonicD\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\prefs.js

C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1202 octets] - [17/11/2012 14:36:33]

########## EOF - C:\AdwCleaner[S1].txt - [1262 octets] ##########


RogueKiller:

RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : superSonicD [Admin rights]
Mode : Scan -- Date : 11/17/2012 14:52:44

Bad processes : 0

Registry Entries : 4
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 practivate.adobe.1pp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com www.adobe.com activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
[...]


MBR Check:

+++++ PhysicalDrive0: KINGSTON SV200S3128G ATA Device +++++
--- User ---
[MBR] dc866e64a8fb315bab0ed2dde205f2b0
[BSP] d7be38772100542b0ad7103d13b9852e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380817AS ATA Device +++++
--- User ---
[MBR] 12f55f39790bb6ef53f814977501585e
[BSP] 549c35ae8c51879a33e6f97af410d101 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11172012_02d1452.txt >>
RKreport[1]_S_11172012_02d1452.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 06:06 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 06:26 PM

Hey Gringo. I've done as you asked. ComboFix log to follow. No reboots required during the scan. Oh and the word "coupon" in my original post is still highlighted and a mouseover still invokes a coupon dropdown. (Thank you for all this; your confidence is quite contagious).

Log:

ComboFix 12-11-16.02 - superSonicD 11/17/2012 15:14:31.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12031.10443 [GMT -8:00]
Running from: c:\users\superSonicD\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\superSonicD\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 23:17 . 2012-11-17 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 22:58 . 2012-11-17 23:02 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2012-11-17 19:38 . 2012-11-17 19:38 -------- d-----w- c:\users\superSonicD\AppData\Roaming\Malwarebytes
2012-11-17 19:38 . 2012-11-17 19:38 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 19:38 . 2012-11-17 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-17 19:38 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 19:49 . 2008-07-10 22:56 107864 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-11-12 19:49 . 2012-11-12 19:49 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-11-12 19:49 . 2012-11-12 19:49 -------- d-----w- c:\programdata\TechSmith
2012-11-12 19:49 . 2012-11-12 19:49 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-11-12 19:49 . 2012-11-12 19:49 -------- d-----w- c:\program files (x86)\TechSmith
2012-10-29 00:04 . 2012-10-29 00:04 -------- d-----w- c:\users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-10-19 17:44 . 2012-10-19 17:44 -------- d-----w- c:\users\superSonicD\AppData\Roaming\SUPERAntiSpyware.com
2012-10-19 17:43 . 2012-11-06 20:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-19 17:43 . 2012-10-19 17:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 23:51 . 2012-08-11 05:28 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-08-11 05:28 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-08-11 05:28 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-08-11 05:28 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51 . 2012-08-11 05:28 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-08-11 05:28 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-09-09 04:05 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 23:50 . 2012-08-11 05:28 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-08-11 05:28 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-10 17:54 . 2012-09-05 19:05 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-08-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-08-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OS2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe" [2007-12-01 95536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"OS2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Studio 2\FirstStart.exe" [2007-12-01 54576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
"aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2012-10-30 49416]
.
c:\users\superSonicD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-8-10 292240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-19 140672]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlDbg9c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-17 15:19:01
ComboFix-quarantined-files.txt 2012-11-17 23:19
.
Pre-Run: 106,429,042,688 bytes free
Post-Run: 106,348,335,104 bytes free
.
- - End Of File - - FFA0097023418D886BEE88A32010D860

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 06:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 06:45 PM

OK, with all the external USB drives still disconnected I ran tdsskiller and aswMBR; here are resultant logs; oh, aswMBR did NOT prompt for nor d'load any definitions.

tdsskiller:

15:35:30.0840 2240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:35:31.0375 2240 ============================================================
15:35:31.0375 2240 Current date / time: 2012/11/17 15:35:31.0375
15:35:31.0375 2240 SystemInfo:
15:35:31.0375 2240
15:35:31.0376 2240 OS Version: 6.1.7601 ServicePack: 1.0
15:35:31.0376 2240 Product type: Workstation
15:35:31.0376 2240 ComputerName: SUPERSONICD-PC
15:35:31.0376 2240 UserName: superSonicD
15:35:31.0376 2240 Windows directory: C:\Windows
15:35:31.0376 2240 System windows directory: C:\Windows
15:35:31.0376 2240 Running under WOW64
15:35:31.0376 2240 Processor architecture: Intel x64
15:35:31.0376 2240 Number of processors: 2
15:35:31.0376 2240 Page size: 0x1000
15:35:31.0376 2240 Boot type: Normal boot
15:35:31.0376 2240 ============================================================
15:35:31.0566 2240 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:35:31.0567 2240 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:35:31.0574 2240 ============================================================
15:35:31.0574 2240 \Device\Harddisk1\DR1:
15:35:31.0583 2240 MBR partitions:
15:35:31.0583 2240 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
15:35:31.0583 2240 \Device\Harddisk0\DR0:
15:35:31.0583 2240 MBR partitions:
15:35:31.0583 2240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:31.0583 2240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
15:35:31.0583 2240 ============================================================
15:35:31.0585 2240 C: <-> \Device\Harddisk0\DR0\Partition2
15:35:31.0612 2240 L: <-> \Device\Harddisk1\DR1\Partition1
15:35:31.0613 2240 ============================================================
15:35:31.0613 2240 Initialize success
15:35:31.0613 2240 ============================================================
15:35:40.0842 4004 ============================================================
15:35:40.0842 4004 Scan started
15:35:40.0842 4004 Mode: Manual;
15:35:40.0843 4004 ============================================================
15:35:40.0993 4004 ================ Scan system memory ========================
15:35:40.0993 4004 System memory - ok
15:35:40.0993 4004 ================ Scan services =============================
15:35:40.0999 4004 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:35:41.0000 4004 !SASCORE - ok
15:35:41.0071 4004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:35:41.0073 4004 1394ohci - ok
15:35:41.0081 4004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:35:41.0083 4004 ACPI - ok
15:35:41.0090 4004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:35:41.0090 4004 AcpiPmi - ok
15:35:41.0100 4004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:35:41.0103 4004 adp94xx - ok
15:35:41.0111 4004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:35:41.0113 4004 adpahci - ok
15:35:41.0120 4004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:35:41.0121 4004 adpu320 - ok
15:35:41.0130 4004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:35:41.0130 4004 AeLookupSvc - ok
15:35:41.0139 4004 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
15:35:41.0142 4004 AFD - ok
15:35:41.0148 4004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:35:41.0148 4004 agp440 - ok
15:35:41.0154 4004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:35:41.0156 4004 ALG - ok
15:35:41.0161 4004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:35:41.0161 4004 aliide - ok
15:35:41.0168 4004 [ E0FD88EAD5D8B1FAE64A500D1D825C6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:35:41.0170 4004 AMD External Events Utility - ok
15:35:41.0174 4004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:35:41.0175 4004 amdide - ok
15:35:41.0181 4004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:35:41.0182 4004 AmdK8 - ok
15:35:41.0247 4004 [ 9337B5FABC03CA44CD355F700DA9B25B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
15:35:41.0277 4004 amdkmdag - ok
15:35:41.0286 4004 [ 560688A447E7A87F43774A2FF23A3E52 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:35:41.0287 4004 amdkmdap - ok
15:35:41.0292 4004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:35:41.0293 4004 AmdPPM - ok
15:35:41.0299 4004 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:35:41.0300 4004 amdsata - ok
15:35:41.0306 4004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:35:41.0308 4004 amdsbs - ok
15:35:41.0313 4004 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:35:41.0313 4004 amdxata - ok
15:35:41.0320 4004 [ B934322C68C30DCECA96C0274A51F7B0 ] AODDriver C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys
15:35:41.0321 4004 AODDriver - ok
15:35:41.0326 4004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:35:41.0327 4004 AppID - ok
15:35:41.0331 4004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:35:41.0332 4004 AppIDSvc - ok
15:35:41.0338 4004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:35:41.0339 4004 Appinfo - ok
15:35:41.0345 4004 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:35:41.0347 4004 AppMgmt - ok
15:35:41.0353 4004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:35:41.0354 4004 arc - ok
15:35:41.0359 4004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:35:41.0360 4004 arcsas - ok
15:35:41.0399 4004 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
15:35:41.0399 4004 AsIO - ok
15:35:41.0404 4004 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:35:41.0405 4004 aswFsBlk - ok
15:35:41.0410 4004 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:35:41.0411 4004 aswMonFlt - ok
15:35:41.0417 4004 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:35:41.0418 4004 aswRdr - ok
15:35:41.0433 4004 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:35:41.0438 4004 aswSnx - ok
15:35:41.0446 4004 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:35:41.0448 4004 aswSP - ok
15:35:41.0453 4004 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:35:41.0455 4004 aswTdi - ok
15:35:41.0459 4004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:41.0460 4004 AsyncMac - ok
15:35:41.0465 4004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:35:41.0466 4004 atapi - ok
15:35:41.0474 4004 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:35:41.0475 4004 AtiHdmiService - ok
15:35:41.0481 4004 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:35:41.0481 4004 AtiPcie - ok
15:35:41.0492 4004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:35:41.0496 4004 AudioEndpointBuilder - ok
15:35:41.0506 4004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:35:41.0510 4004 AudioSrv - ok
15:35:41.0518 4004 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:35:41.0519 4004 avast! Antivirus - ok
15:35:41.0524 4004 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
15:35:41.0525 4004 Avc - ok
15:35:41.0531 4004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:35:41.0532 4004 AxInstSV - ok
15:35:41.0541 4004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:35:41.0544 4004 b06bdrv - ok
15:35:41.0551 4004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:35:41.0553 4004 b57nd60a - ok
15:35:41.0560 4004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:35:41.0562 4004 BDESVC - ok
15:35:41.0567 4004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:35:41.0568 4004 Beep - ok
15:35:41.0579 4004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:35:41.0584 4004 BFE - ok
15:35:41.0598 4004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:35:41.0604 4004 BITS - ok
15:35:41.0609 4004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:35:41.0610 4004 blbdrive - ok
15:35:41.0615 4004 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:35:41.0617 4004 Bonjour Service - ok
15:35:41.0623 4004 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:35:41.0624 4004 bowser - ok
15:35:41.0629 4004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:35:41.0629 4004 BrFiltLo - ok
15:35:41.0635 4004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:35:41.0635 4004 BrFiltUp - ok
15:35:41.0640 4004 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:35:41.0642 4004 BridgeMP - ok
15:35:41.0648 4004 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
15:35:41.0649 4004 Browser - ok
15:35:41.0656 4004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:35:41.0658 4004 Brserid - ok
15:35:41.0663 4004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:35:41.0664 4004 BrSerWdm - ok
15:35:41.0669 4004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:35:41.0669 4004 BrUsbMdm - ok
15:35:41.0675 4004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:35:41.0675 4004 BrUsbSer - ok
15:35:41.0680 4004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:35:41.0681 4004 BTHMODEM - ok
15:35:41.0690 4004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:35:41.0691 4004 bthserv - ok
15:35:41.0694 4004 catchme - ok
15:35:41.0702 4004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:35:41.0703 4004 cdfs - ok
15:35:41.0708 4004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:35:41.0710 4004 cdrom - ok
15:35:41.0715 4004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:35:41.0717 4004 CertPropSvc - ok
15:35:41.0721 4004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:35:41.0722 4004 circlass - ok
15:35:41.0730 4004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:35:41.0732 4004 CLFS - ok
15:35:41.0742 4004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:41.0743 4004 clr_optimization_v2.0.50727_32 - ok
15:35:41.0751 4004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:35:41.0752 4004 clr_optimization_v2.0.50727_64 - ok
15:35:41.0761 4004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:35:41.0762 4004 clr_optimization_v4.0.30319_32 - ok
15:35:41.0787 4004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:35:41.0788 4004 clr_optimization_v4.0.30319_64 - ok
15:35:41.0793 4004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:35:41.0793 4004 CmBatt - ok
15:35:41.0798 4004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:35:41.0799 4004 cmdide - ok
15:35:41.0808 4004 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
15:35:41.0810 4004 CNG - ok
15:35:41.0816 4004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:35:41.0816 4004 Compbatt - ok
15:35:41.0821 4004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:35:41.0823 4004 CompositeBus - ok
15:35:41.0828 4004 COMSysApp - ok
15:35:41.0834 4004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:35:41.0834 4004 crcdisk - ok
15:35:41.0844 4004 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:35:41.0845 4004 CryptSvc - ok
15:35:41.0855 4004 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:35:41.0858 4004 CSC - ok
15:35:41.0868 4004 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:35:41.0873 4004 CscService - ok
15:35:41.0883 4004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:35:41.0888 4004 DcomLaunch - ok
15:35:41.0895 4004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:35:41.0898 4004 defragsvc - ok
15:35:41.0904 4004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:35:41.0905 4004 DfsC - ok
15:35:41.0912 4004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:35:41.0914 4004 Dhcp - ok
15:35:41.0919 4004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:35:41.0920 4004 discache - ok
15:35:41.0925 4004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:35:41.0926 4004 Disk - ok
15:35:41.0931 4004 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:35:41.0932 4004 dmvsc - ok
15:35:41.0940 4004 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:35:41.0941 4004 Dnscache - ok
15:35:41.0948 4004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:35:41.0950 4004 dot3svc - ok
15:35:41.0957 4004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:35:41.0958 4004 DPS - ok
15:35:41.0963 4004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:35:41.0964 4004 drmkaud - ok
15:35:41.0979 4004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:35:41.0984 4004 DXGKrnl - ok
15:35:41.0989 4004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:35:41.0991 4004 EapHost - ok
15:35:42.0027 4004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:35:42.0042 4004 ebdrv - ok
15:35:42.0049 4004 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
15:35:42.0051 4004 EFS - ok
15:35:42.0063 4004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:35:42.0067 4004 ehRecvr - ok
15:35:42.0072 4004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:35:42.0073 4004 ehSched - ok
15:35:42.0082 4004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:35:42.0085 4004 elxstor - ok
15:35:42.0091 4004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:35:42.0092 4004 ErrDev - ok
15:35:42.0106 4004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:35:42.0109 4004 EventSystem - ok
15:35:42.0116 4004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:35:42.0117 4004 exfat - ok
15:35:42.0124 4004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:35:42.0125 4004 fastfat - ok
15:35:42.0136 4004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:35:42.0141 4004 Fax - ok
15:35:42.0145 4004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:35:42.0146 4004 fdc - ok
15:35:42.0151 4004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:35:42.0152 4004 fdPHost - ok
15:35:42.0157 4004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:35:42.0158 4004 FDResPub - ok
15:35:42.0163 4004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:35:42.0165 4004 FileInfo - ok
15:35:42.0169 4004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:35:42.0170 4004 Filetrace - ok
15:35:42.0180 4004 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:35:42.0184 4004 FLEXnet Licensing Service - ok
15:35:42.0188 4004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:35:42.0189 4004 flpydisk - ok
15:35:42.0197 4004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:35:42.0199 4004 FltMgr - ok
15:35:42.0215 4004 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
15:35:42.0222 4004 FontCache - ok
15:35:42.0227 4004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:35:42.0228 4004 FontCache3.0.0.0 - ok
15:35:42.0233 4004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:35:42.0234 4004 FsDepends - ok
15:35:42.0239 4004 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:35:42.0240 4004 Fs_Rec - ok
15:35:42.0246 4004 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:35:42.0248 4004 fvevol - ok
15:35:42.0252 4004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:35:42.0253 4004 gagp30kx - ok
15:35:42.0265 4004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:35:42.0270 4004 gpsvc - ok
15:35:42.0275 4004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:35:42.0276 4004 hcw85cir - ok
15:35:42.0283 4004 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:35:42.0286 4004 HdAudAddService - ok
15:35:42.0292 4004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:35:42.0293 4004 HDAudBus - ok
15:35:42.0297 4004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:35:42.0298 4004 HidBatt - ok
15:35:42.0305 4004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:35:42.0306 4004 HidBth - ok
15:35:42.0311 4004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:35:42.0312 4004 HidIr - ok
15:35:42.0317 4004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:35:42.0319 4004 hidserv - ok
15:35:42.0323 4004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:35:42.0324 4004 HidUsb - ok
15:35:42.0330 4004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:35:42.0332 4004 hkmsvc - ok
15:35:42.0339 4004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:35:42.0341 4004 HomeGroupListener - ok
15:35:42.0348 4004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:35:42.0351 4004 HomeGroupProvider - ok
15:35:42.0356 4004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:35:42.0357 4004 HpSAMD - ok
15:35:42.0368 4004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:35:42.0372 4004 HTTP - ok
15:35:42.0377 4004 [ F78FF50C486D530504B7D2BB36B1ED22 ] HWiNFO32 C:\Program Files\HWiNFO64\HWiNFO64A.SYS
15:35:42.0378 4004 HWiNFO32 - ok
15:35:42.0382 4004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:35:42.0383 4004 hwpolicy - ok
15:35:42.0389 4004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:35:42.0390 4004 i8042prt - ok
15:35:42.0398 4004 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:35:42.0401 4004 iaStorV - ok
15:35:42.0413 4004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:35:42.0418 4004 idsvc - ok
15:35:42.0423 4004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:35:42.0424 4004 iirsp - ok
15:35:42.0436 4004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:35:42.0441 4004 IKEEXT - ok
15:35:42.0471 4004 [ F5872A11EB4F6DB170D636CD4E53CA9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:35:42.0482 4004 IntcAzAudAddService - ok
15:35:42.0491 4004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:35:42.0492 4004 intelide - ok
15:35:42.0499 4004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:35:42.0500 4004 intelppm - ok
15:35:42.0505 4004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:35:42.0507 4004 IPBusEnum - ok
15:35:42.0512 4004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:42.0513 4004 IpFilterDriver - ok
15:35:42.0523 4004 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:35:42.0527 4004 iphlpsvc - ok
15:35:42.0533 4004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:35:42.0534 4004 IPMIDRV - ok
15:35:42.0540 4004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:35:42.0541 4004 IPNAT - ok
15:35:42.0546 4004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:35:42.0546 4004 IRENUM - ok
15:35:42.0552 4004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:35:42.0552 4004 isapnp - ok
15:35:42.0561 4004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:35:42.0562 4004 iScsiPrt - ok
15:35:42.0568 4004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:35:42.0569 4004 kbdclass - ok
15:35:42.0574 4004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:35:42.0575 4004 kbdhid - ok
15:35:42.0580 4004 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
15:35:42.0582 4004 KeyIso - ok
15:35:42.0587 4004 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:35:42.0588 4004 KSecDD - ok
15:35:42.0594 4004 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:35:42.0596 4004 KSecPkg - ok
15:35:42.0601 4004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:35:42.0601 4004 ksthunk - ok
15:35:42.0610 4004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:35:42.0613 4004 KtmRm - ok
15:35:42.0620 4004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:35:42.0624 4004 LanmanServer - ok
15:35:42.0629 4004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:35:42.0632 4004 LanmanWorkstation - ok
15:35:42.0640 4004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:35:42.0641 4004 lltdio - ok
15:35:42.0649 4004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:35:42.0651 4004 lltdsvc - ok
15:35:42.0656 4004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:35:42.0658 4004 lmhosts - ok
15:35:42.0666 4004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:35:42.0667 4004 LSI_FC - ok
15:35:42.0673 4004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:35:42.0674 4004 LSI_SAS - ok
15:35:42.0679 4004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:35:42.0680 4004 LSI_SAS2 - ok
15:35:42.0686 4004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:35:42.0687 4004 LSI_SCSI - ok
15:35:42.0692 4004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:35:42.0693 4004 luafv - ok
15:35:42.0699 4004 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
15:35:42.0700 4004 ManyCam - ok
15:35:42.0708 4004 [ 2E7FFDEF8BAFD04CBB517507B821E878 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
15:35:42.0708 4004 mcaudrv_simple - ok
15:35:42.0714 4004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:35:42.0716 4004 Mcx2Svc - ok
15:35:42.0721 4004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:35:42.0722 4004 megasas - ok
15:35:42.0730 4004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:35:42.0732 4004 MegaSR - ok
15:35:42.0736 4004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:35:42.0739 4004 MMCSS - ok
15:35:42.0744 4004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:35:42.0745 4004 Modem - ok
15:35:42.0750 4004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:35:42.0751 4004 monitor - ok
15:35:42.0756 4004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:35:42.0757 4004 mouclass - ok
15:35:42.0762 4004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:35:42.0763 4004 mouhid - ok
15:35:42.0769 4004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:35:42.0770 4004 mountmgr - ok
15:35:42.0774 4004 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:35:42.0776 4004 MozillaMaintenance - ok
15:35:42.0783 4004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:35:42.0784 4004 mpio - ok
15:35:42.0789 4004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:35:42.0790 4004 mpsdrv - ok
15:35:42.0803 4004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:35:42.0809 4004 MpsSvc - ok
15:35:42.0815 4004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:35:42.0816 4004 MRxDAV - ok
15:35:42.0824 4004 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:42.0825 4004 mrxsmb - ok
15:35:42.0833 4004 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:42.0834 4004 mrxsmb10 - ok
15:35:42.0840 4004 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:42.0841 4004 mrxsmb20 - ok
15:35:42.0846 4004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:35:42.0847 4004 msahci - ok
15:35:42.0854 4004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:35:42.0855 4004 msdsm - ok
15:35:42.0861 4004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:35:42.0863 4004 MSDTC - ok
15:35:42.0873 4004 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
15:35:42.0874 4004 MSDV - ok
15:35:42.0879 4004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:35:42.0880 4004 Msfs - ok
15:35:42.0884 4004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:35:42.0885 4004 mshidkmdf - ok
15:35:42.0890 4004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:35:42.0891 4004 msisadrv - ok
15:35:42.0897 4004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:35:42.0899 4004 MSiSCSI - ok
15:35:42.0904 4004 msiserver - ok
15:35:42.0910 4004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:35:42.0911 4004 MSKSSRV - ok
15:35:42.0915 4004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:42.0916 4004 MSPCLOCK - ok
15:35:42.0921 4004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:35:42.0922 4004 MSPQM - ok
15:35:42.0930 4004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:35:42.0932 4004 MsRPC - ok
15:35:42.0940 4004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:35:42.0941 4004 mssmbios - ok
15:35:42.0945 4004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:35:42.0946 4004 MSTEE - ok
15:35:42.0951 4004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:35:42.0952 4004 MTConfig - ok
15:35:42.0957 4004 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:35:42.0957 4004 MTsensor - ok
15:35:42.0963 4004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:35:42.0964 4004 Mup - ok
15:35:42.0973 4004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:35:42.0978 4004 napagent - ok
15:35:42.0985 4004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:35:42.0987 4004 NativeWifiP - ok
15:35:42.0997 4004 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
15:35:43.0001 4004 NAUpdate - ok
15:35:43.0014 4004 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:35:43.0019 4004 NDIS - ok
15:35:43.0024 4004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:35:43.0025 4004 NdisCap - ok
15:35:43.0029 4004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:43.0030 4004 NdisTapi - ok
15:35:43.0036 4004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:43.0037 4004 Ndisuio - ok
15:35:43.0043 4004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:43.0044 4004 NdisWan - ok
15:35:43.0054 4004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:35:43.0055 4004 NDProxy - ok
15:35:43.0060 4004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:35:43.0061 4004 NetBIOS - ok
15:35:43.0068 4004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:35:43.0069 4004 NetBT - ok
15:35:43.0074 4004 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
15:35:43.0076 4004 Netlogon - ok
15:35:43.0084 4004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:35:43.0087 4004 Netman - ok
15:35:43.0096 4004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:35:43.0101 4004 netprofm - ok
15:35:43.0106 4004 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:43.0108 4004 NetTcpPortSharing - ok
15:35:43.0113 4004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:35:43.0114 4004 nfrd960 - ok
15:35:43.0121 4004 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:35:43.0125 4004 NlaSvc - ok
15:35:43.0129 4004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:35:43.0131 4004 Npfs - ok
15:35:43.0135 4004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:35:43.0137 4004 nsi - ok
15:35:43.0143 4004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:35:43.0143 4004 nsiproxy - ok
15:35:43.0166 4004 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:35:43.0174 4004 Ntfs - ok
15:35:43.0179 4004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:35:43.0179 4004 Null - ok
15:35:43.0185 4004 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:35:43.0186 4004 nusb3hub - ok
15:35:43.0193 4004 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:35:43.0194 4004 nusb3xhc - ok
15:35:43.0199 4004 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:35:43.0201 4004 nvraid - ok
15:35:43.0207 4004 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:35:43.0208 4004 nvstor - ok
15:35:43.0213 4004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:35:43.0215 4004 nv_agp - ok
15:35:43.0220 4004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:35:43.0221 4004 ohci1394 - ok
15:35:43.0229 4004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:35:43.0232 4004 p2pimsvc - ok
15:35:43.0241 4004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:35:43.0245 4004 p2psvc - ok
15:35:43.0250 4004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:35:43.0251 4004 Parport - ok
15:35:43.0256 4004 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:35:43.0257 4004 partmgr - ok
15:35:43.0264 4004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:35:43.0266 4004 PcaSvc - ok
15:35:43.0273 4004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:35:43.0274 4004 pci - ok
15:35:43.0278 4004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:35:43.0279 4004 pciide - ok
15:35:43.0286 4004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:35:43.0288 4004 pcmcia - ok
15:35:43.0292 4004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:35:43.0294 4004 pcw - ok
15:35:43.0303 4004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:35:43.0307 4004 PEAUTH - ok
15:35:43.0325 4004 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:35:43.0333 4004 PeerDistSvc - ok
15:35:43.0374 4004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:35:43.0376 4004 PerfHost - ok
15:35:43.0399 4004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:35:43.0408 4004 pla - ok
15:35:43.0416 4004 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:35:43.0420 4004 PlugPlay - ok
15:35:43.0425 4004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:35:43.0427 4004 PNRPAutoReg - ok
15:35:43.0435 4004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:35:43.0438 4004 PNRPsvc - ok
15:35:43.0447 4004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:35:43.0451 4004 PolicyAgent - ok
15:35:43.0459 4004 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:35:43.0462 4004 Power - ok
15:35:43.0468 4004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:35:43.0469 4004 PptpMiniport - ok
15:35:43.0474 4004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:35:43.0475 4004 Processor - ok
15:35:43.0481 4004 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
15:35:43.0484 4004 ProfSvc - ok
15:35:43.0489 4004 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:35:43.0491 4004 ProtectedStorage - ok
15:35:43.0496 4004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:35:43.0498 4004 Psched - ok
15:35:43.0503 4004 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:35:43.0504 4004 PxHlpa64 - ok
15:35:43.0522 4004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:35:43.0529 4004 ql2300 - ok
15:35:43.0535 4004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:35:43.0536 4004 ql40xx - ok
15:35:43.0543 4004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:35:43.0546 4004 QWAVE - ok
15:35:43.0551 4004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:35:43.0552 4004 QWAVEdrv - ok
15:35:43.0557 4004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:35:43.0558 4004 RasAcd - ok
15:35:43.0563 4004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:35:43.0564 4004 RasAgileVpn - ok
15:35:43.0570 4004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:35:43.0572 4004 RasAuto - ok
15:35:43.0578 4004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:43.0580 4004 Rasl2tp - ok
15:35:43.0587 4004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:35:43.0590 4004 RasMan - ok
15:35:43.0596 4004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:43.0597 4004 RasPppoe - ok
15:35:43.0602 4004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:35:43.0603 4004 RasSstp - ok
15:35:43.0610 4004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:35:43.0612 4004 rdbss - ok
15:35:43.0616 4004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:35:43.0617 4004 rdpbus - ok
15:35:43.0622 4004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:43.0623 4004 RDPCDD - ok
15:35:43.0632 4004 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:35:43.0633 4004 RDPDR - ok
15:35:43.0638 4004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:35:43.0639 4004 RDPENCDD - ok
15:35:43.0646 4004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:35:43.0646 4004 RDPREFMP - ok
15:35:43.0654 4004 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:35:43.0655 4004 RdpVideoMiniport - ok
15:35:43.0661 4004 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:35:43.0663 4004 RDPWD - ok
15:35:43.0669 4004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:35:43.0671 4004 rdyboost - ok
15:35:43.0676 4004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:35:43.0678 4004 RemoteAccess - ok
15:35:43.0684 4004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:35:43.0687 4004 RemoteRegistry - ok
15:35:43.0692 4004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:35:43.0695 4004 RpcEptMapper - ok
15:35:43.0700 4004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:35:43.0701 4004 RpcLocator - ok
15:35:43.0709 4004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:35:43.0714 4004 RpcSs - ok
15:35:43.0720 4004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:35:43.0721 4004 rspndr - ok
15:35:43.0728 4004 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:35:43.0730 4004 RTL8167 - ok
15:35:43.0735 4004 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:35:43.0736 4004 s3cap - ok
15:35:43.0740 4004 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
15:35:43.0742 4004 SamSs - ok
15:35:43.0746 4004 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:35:43.0747 4004 SASDIFSV - ok
15:35:43.0751 4004 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:35:43.0752 4004 SASKUTIL - ok
15:35:43.0758 4004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:35:43.0759 4004 sbp2port - ok
15:35:43.0766 4004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:35:43.0769 4004 SCardSvr - ok
15:35:43.0773 4004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:35:43.0775 4004 scfilter - ok
15:35:43.0788 4004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:35:43.0796 4004 Schedule - ok
15:35:43.0801 4004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:35:43.0802 4004 SCPolicySvc - ok
15:35:43.0809 4004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:35:43.0812 4004 SDRSVC - ok
15:35:43.0817 4004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:35:43.0818 4004 secdrv - ok
15:35:43.0823 4004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:35:43.0826 4004 seclogon - ok
15:35:43.0831 4004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:35:43.0834 4004 SENS - ok
15:35:43.0838 4004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:35:43.0840 4004 SensrSvc - ok
15:35:43.0845 4004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:35:43.0846 4004 Serenum - ok
15:35:43.0851 4004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:35:43.0852 4004 Serial - ok
15:35:43.0859 4004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:35:43.0860 4004 sermouse - ok
15:35:43.0873 4004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:35:43.0876 4004 SessionEnv - ok
15:35:43.0880 4004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:35:43.0881 4004 sffdisk - ok
15:35:43.0886 4004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:35:43.0887 4004 sffp_mmc - ok
15:35:43.0892 4004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:35:43.0892 4004 sffp_sd - ok
15:35:43.0896 4004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:35:43.0897 4004 sfloppy - ok
15:35:43.0906 4004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:35:43.0909 4004 SharedAccess - ok
15:35:43.0918 4004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:35:43.0922 4004 ShellHWDetection - ok
15:35:43.0927 4004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:35:43.0928 4004 SiSRaid2 - ok
15:35:43.0933 4004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:35:43.0934 4004 SiSRaid4 - ok
15:35:43.0940 4004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:35:43.0941 4004 Smb - ok
15:35:43.0950 4004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:35:43.0953 4004 SNMPTRAP - ok
15:35:43.0958 4004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:35:43.0959 4004 spldr - ok
15:35:43.0967 4004 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:35:43.0973 4004 Spooler - ok
15:35:44.0009 4004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:35:44.0027 4004 sppsvc - ok
15:35:44.0033 4004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:35:44.0036 4004 sppuinotify - ok
15:35:44.0044 4004 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:35:44.0047 4004 srv - ok
15:35:44.0055 4004 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:35:44.0057 4004 srv2 - ok
15:35:44.0063 4004 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:35:44.0064 4004 srvnet - ok
15:35:44.0071 4004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:35:44.0074 4004 SSDPSRV - ok
15:35:44.0079 4004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:35:44.0082 4004 SstpSvc - ok
15:35:44.0087 4004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:35:44.0088 4004 stexstor - ok
15:35:44.0097 4004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:35:44.0103 4004 stisvc - ok
15:35:44.0107 4004 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:35:44.0108 4004 storflt - ok
15:35:44.0113 4004 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:35:44.0114 4004 storvsc - ok
15:35:44.0118 4004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:35:44.0119 4004 swenum - ok
15:35:44.0130 4004 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:35:44.0133 4004 SwitchBoard - ok
15:35:44.0142 4004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:35:44.0147 4004 swprv - ok
15:35:44.0152 4004 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
15:35:44.0153 4004 Synth3dVsc - ok
15:35:44.0173 4004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:35:44.0183 4004 SysMain - ok
15:35:44.0189 4004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:35:44.0192 4004 TabletInputService - ok
15:35:44.0199 4004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:35:44.0203 4004 TapiSrv - ok
15:35:44.0209 4004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:35:44.0211 4004 TBS - ok
15:35:44.0234 4004 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:35:44.0243 4004 Tcpip - ok
15:35:44.0266 4004 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:35:44.0274 4004 TCPIP6 - ok
15:35:44.0282 4004 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:35:44.0283 4004 tcpipreg - ok
15:35:44.0291 4004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:35:44.0292 4004 TDPIPE - ok
15:35:44.0297 4004 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:35:44.0298 4004 TDTCP - ok
15:35:44.0304 4004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:35:44.0305 4004 tdx - ok
15:35:44.0310 4004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:35:44.0312 4004 TermDD - ok
15:35:44.0316 4004 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
15:35:44.0317 4004 terminpt - ok
15:35:44.0328 4004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:35:44.0333 4004 TermService - ok
15:35:44.0339 4004 [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
15:35:44.0340 4004 TfFsMon - ok
15:35:44.0345 4004 [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
15:35:44.0346 4004 TfNetMon - ok
15:35:44.0352 4004 [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys
15:35:44.0353 4004 TfSysMon - ok
15:35:44.0357 4004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:35:44.0360 4004 Themes - ok
15:35:44.0365 4004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:35:44.0367 4004 THREADORDER - ok
15:35:44.0371 4004 ThreatFire - ok
15:35:44.0378 4004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:35:44.0381 4004 TrkWks - ok
15:35:44.0386 4004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:35:44.0388 4004 TrustedInstaller - ok
15:35:44.0395 4004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:44.0396 4004 tssecsrv - ok
15:35:44.0401 4004 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:35:44.0402 4004 TsUsbFlt - ok
15:35:44.0407 4004 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:35:44.0408 4004 TsUsbGD - ok
15:35:44.0413 4004 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
15:35:44.0414 4004 tsusbhub - ok
15:35:44.0421 4004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:35:44.0422 4004 tunnel - ok
15:35:44.0426 4004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:35:44.0428 4004 uagp35 - ok
15:35:44.0435 4004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:35:44.0437 4004 udfs - ok
15:35:44.0448 4004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:35:44.0450 4004 UI0Detect - ok
15:35:44.0455 4004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:35:44.0456 4004 uliagpkx - ok
15:35:44.0462 4004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:35:44.0463 4004 umbus - ok
15:35:44.0467 4004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:35:44.0468 4004 UmPass - ok
15:35:44.0474 4004 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:35:44.0478 4004 UmRdpService - ok
15:35:44.0486 4004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:35:44.0495 4004 upnphost - ok
15:35:44.0500 4004 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
15:35:44.0501 4004 usbccgp - ok
15:35:44.0506 4004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:35:44.0507 4004 usbcir - ok
15:35:44.0512 4004 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:35:44.0513 4004 usbehci - ok
15:35:44.0521 4004 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:35:44.0523 4004 usbhub - ok
15:35:44.0528 4004 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:35:44.0529 4004 usbohci - ok
15:35:44.0533 4004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:35:44.0534 4004 usbprint - ok
15:35:44.0540 4004 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:44.0541 4004 USBSTOR - ok
15:35:44.0546 4004 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:35:44.0547 4004 usbuhci - ok
15:35:44.0551 4004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:35:44.0554 4004 UxSms - ok
15:35:44.0559 4004 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
15:35:44.0560 4004 VaultSvc - ok
15:35:44.0565 4004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:35:44.0566 4004 vdrvroot - ok
15:35:44.0576 4004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:35:44.0581 4004 vds - ok
15:35:44.0586 4004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:44.0587 4004 vga - ok
15:35:44.0591 4004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:35:44.0592 4004 VgaSave - ok
15:35:44.0597 4004 VGPU - ok
15:35:44.0605 4004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:35:44.0607 4004 vhdmp - ok
15:35:44.0611 4004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:35:44.0611 4004 viaide - ok
15:35:44.0618 4004 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:35:44.0620 4004 vmbus - ok
15:35:44.0625 4004 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:35:44.0625 4004 VMBusHID - ok
15:35:44.0630 4004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:35:44.0632 4004 volmgr - ok
15:35:44.0639 4004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:35:44.0642 4004 volmgrx - ok
15:35:44.0650 4004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:35:44.0652 4004 volsnap - ok
15:35:44.0658 4004 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
15:35:44.0660 4004 vpcbus - ok
15:35:44.0664 4004 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:35:44.0666 4004 vpcnfltr - ok
15:35:44.0672 4004 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
15:35:44.0673 4004 vpcusb - ok
15:35:44.0677 4004 [ 14578FF302B4C985C9740A0F327AE3C0 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
15:35:44.0678 4004 vpcuxd - ok
15:35:44.0688 4004 [ 510D250A08C09850F5C78CA2011B3B62 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
15:35:44.0690 4004 vpcvmm - ok
15:35:44.0696 4004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:35:44.0698 4004 vsmraid - ok
15:35:44.0718 4004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:35:44.0728 4004 VSS - ok
15:35:44.0733 4004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:35:44.0734 4004 vwifibus - ok
15:35:44.0742 4004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:35:44.0746 4004 W32Time - ok
15:35:44.0753 4004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:35:44.0755 4004 WacomPen - ok
15:35:44.0759 4004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:35:44.0761 4004 WANARP - ok
15:35:44.0764 4004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:35:44.0765 4004 Wanarpv6 - ok
15:35:44.0782 4004 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:35:44.0788 4004 WatAdminSvc - ok
15:35:44.0808 4004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:35:44.0818 4004 wbengine - ok
15:35:44.0825 4004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:35:44.0828 4004 WbioSrvc - ok
15:35:44.0837 4004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:35:44.0841 4004 wcncsvc - ok
15:35:44.0846 4004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:35:44.0849 4004 WcsPlugInService - ok
15:35:44.0854 4004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:35:44.0855 4004 Wd - ok
15:35:44.0865 4004 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:35:44.0869 4004 Wdf01000 - ok
15:35:44.0875 4004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:35:44.0878 4004 WdiServiceHost - ok
15:35:44.0882 4004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:35:44.0885 4004 WdiSystemHost - ok
15:35:44.0892 4004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:35:44.0896 4004 WebClient - ok
15:35:44.0903 4004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:35:44.0906 4004 Wecsvc - ok
15:35:44.0912 4004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:35:44.0915 4004 wercplsupport - ok
15:35:44.0920 4004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:35:44.0923 4004 WerSvc - ok
15:35:44.0928 4004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:35:44.0929 4004 WfpLwf - ok
15:35:44.0933 4004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:35:44.0934 4004 WIMMount - ok
15:35:44.0938 4004 WinDefend - ok
15:35:44.0947 4004 WinHttpAutoProxySvc - ok
15:35:44.0960 4004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:35:44.0961 4004 Winmgmt - ok
15:35:44.0997 4004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:35:45.0009 4004 WinRM - ok
15:35:45.0026 4004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:35:45.0033 4004 Wlansvc - ok
15:35:45.0038 4004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:35:45.0039 4004 WmiAcpi - ok
15:35:45.0048 4004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:35:45.0050 4004 wmiApSrv - ok
15:35:45.0054 4004 WMPNetworkSvc - ok
15:35:45.0062 4004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:35:45.0065 4004 WPCSvc - ok
15:35:45.0070 4004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:35:45.0075 4004 WPDBusEnum - ok
15:35:45.0080 4004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:35:45.0081 4004 ws2ifsl - ok
15:35:45.0086 4004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:35:45.0091 4004 wscsvc - ok
15:35:45.0094 4004 WSearch - ok
15:35:45.0127 4004 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:35:45.0148 4004 wuauserv - ok
15:35:45.0154 4004 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:35:45.0155 4004 WudfPf - ok
15:35:45.0162 4004 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:45.0163 4004 WUDFRd - ok
15:35:45.0169 4004 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:35:45.0172 4004 wudfsvc - ok
15:35:45.0179 4004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:35:45.0183 4004 WwanSvc - ok
15:35:45.0189 4004 ================ Scan global ===============================
15:35:45.0194 4004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:35:45.0200 4004 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
15:35:45.0209 4004 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
15:35:45.0215 4004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:35:45.0224 4004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:35:45.0227 4004 [Global] - ok
15:35:45.0228 4004 ================ Scan MBR ==================================
15:35:45.0231 4004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:35:45.0246 4004 \Device\Harddisk1\DR1 - ok
15:35:45.0249 4004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:35:45.0409 4004 \Device\Harddisk0\DR0 - ok
15:35:45.0410 4004 ================ Scan VBR ==================================
15:35:45.0417 4004 [ 4A83E20178A501515310E446023B711E ] \Device\Harddisk1\DR1\Partition1
15:35:45.0419 4004 \Device\Harddisk1\DR1\Partition1 - ok
15:35:45.0422 4004 [ 31EE40B2E651CCEC5DA6EA2F2F59020A ] \Device\Harddisk0\DR0\Partition1
15:35:45.0424 4004 \Device\Harddisk0\DR0\Partition1 - ok
15:35:45.0427 4004 [ 4F19401767D527C5CD2391F5AD0AAAE7 ] \Device\Harddisk0\DR0\Partition2
15:35:45.0428 4004 \Device\Harddisk0\DR0\Partition2 - ok
15:35:45.0429 4004 ============================================================
15:35:45.0429 4004 Scan finished
15:35:45.0429 4004 ============================================================
15:35:45.0442 3600 Detected object count: 0
15:35:45.0442 3600 Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 15:37:47
-----------------------------
15:37:47.829 OS Version: Windows x64 6.1.7601 Service Pack 1
15:37:47.830 Number of processors: 2 586 0x603
15:37:47.830 ComputerName: SUPERSONICD-PC UserName: superSonicD
15:37:48.215 Initialize success
15:37:48.272 AVAST engine defs: 12111701
15:38:44.164 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:38:44.169 Disk 0 Vendor: KINGSTON_SV200S3128G E120506a Size: 122104MB BusType: 11
15:38:44.176 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
15:38:44.179 Disk 1 Vendor: ST380817AS 3.42 Size: 76319MB BusType: 11
15:38:44.183 Disk 0 MBR read successfully
15:38:44.186 Disk 0 MBR scan
15:38:44.190 Disk 0 Windows 7 default MBR code
15:38:44.194 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:38:44.198 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
15:38:44.205 Disk 0 scanning C:\Windows\system32\drivers
15:38:46.114 Service scanning
15:38:50.186 Modules scanning
15:38:50.204 Disk 0 trace - called modules:
15:38:50.219 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:38:50.231 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009e3c130]
15:38:50.239 3 CLASSPNP.SYS[fffff880019cf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8009e48060]
15:38:50.607 AVAST engine scan C:\Windows
15:38:51.245 AVAST engine scan C:\Windows\system32
15:39:31.149 AVAST engine scan C:\Windows\system32\drivers
15:39:34.189 AVAST engine scan C:\Users\superSonicD
15:39:42.262 AVAST engine scan C:\ProgramData
15:40:00.052 Scan finished successfully
15:41:24.118 Disk 0 MBR has been saved successfully to "C:\Users\superSonicD\Desktop\MBR.dat"
15:41:24.122 The log file has been saved successfully to "C:\Users\superSonicD\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 06:58 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 07:08 PM

Okey dokey, here's the OTL.txt:

OTL logfile created on: 11/17/2012 4:02:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\superSonicD\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.75 Gb Total Physical Memory | 9.83 Gb Available Physical Memory | 83.69% Memory free
11.75 Gb Paging File | 9.84 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 99.07 Gb Free Space | 83.15% Space Free | Partition Type: NTFS
Drive L: | 74.53 Gb Total Space | 23.12 Gb Free Space | 31.02% Space Free | Partition Type: NTFS

Computer Name: SUPERSONICD-PC | User Name: superSonicD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\superSonicD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe (OLYMPUS IMAGING CORP.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\GPU Boost Driver\platform.dll ()
MOD - C:\Program Files (x86)\ASUS\GPU Boost Driver\device.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (HWiNFO32) -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS (REALiX™)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AODDriver) -- C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-140403262-2098718742-1188954995-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-140403262-2098718742-1188954995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-140403262-2098718742-1188954995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite@BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: unplug@compunach:2.052
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/17 14:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/11 08:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/10 17:05:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/08/10 17:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Extensions
[2012/08/10 17:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/17 14:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions
[2012/11/17 14:48:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/17 14:48:41 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions\FasterFox_Lite@BigRedBrent
[2012/11/17 14:48:41 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions\OneClickDownload@OneClickDownload.com
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] ("Forecastfox") -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (VeriSign EV Green Bar Extension) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\keyconfig@dorando
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com\certs
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com\chrome
[2012/11/17 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\oepjsowq.uzeThiz\extensions\evcextension@verisign.com\META-INF
[2012/09/25 19:03:52 | 000,142,851 | ---- | M] () (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions\unplug@compunach.xpi
[2012/08/22 16:00:32 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/07/24 20:52:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\superSonicD\AppData\Roaming\Mozilla\Firefox\Profiles\51yei930.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/10 17:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/17 14:41:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/11 08:39:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/11 08:39:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/11 08:39:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/17 15:17:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OS2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-140403262-2098718742-1188954995-1000..\Run: [OS2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Studio 2\SMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-140403262-2098718742-1188954995-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
O4 - Startup: C:\Users\superSonicD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-140403262-2098718742-1188954995-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-140403262-2098718742-1188954995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7E8A739-552B-48B2-BC23-C7C153BD9B97}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 16:01:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\superSonicD\Desktop\OTL.exe
[2012/11/17 15:34:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\superSonicD\Desktop\aswMBR.exe
[2012/11/17 15:33:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\superSonicD\Desktop\tdsskiller.exe
[2012/11/17 15:19:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/17 15:13:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 15:13:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 15:13:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 15:13:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 15:13:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/17 15:12:34 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\superSonicD\Desktop\ComboFix.exe
[2012/11/17 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2012/11/17 14:52:18 | 000,000,000 | ---D | C] -- C:\Users\superSonicD\Desktop\RK_Quarantine
[2012/11/17 14:02:49 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\superSonicD\Desktop\dds.scr
[2012/11/17 11:38:59 | 000,000,000 | ---D | C] -- C:\Users\superSonicD\AppData\Roaming\Malwarebytes
[2012/11/17 11:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/17 11:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/17 11:38:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/17 11:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/12 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\superSonicD\Documents\Camtasia Studio
[2012/11/12 11:49:31 | 000,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2012/11/12 11:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012/11/12 11:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/11/12 11:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 6
[2012/11/12 11:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012/11/12 11:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/10/28 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/19 09:44:27 | 000,000,000 | ---D | C] -- C:\Users\superSonicD\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/19 09:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/19 09:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/19 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

[2012/11/17 16:00:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\superSonicD\Desktop\OTL.exe
[2012/11/17 15:54:21 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/17 15:54:21 | 000,625,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/17 15:54:21 | 000,106,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/17 15:41:24 | 000,000,512 | ---- | M] () -- C:\Users\superSonicD\Desktop\MBR.dat
[2012/11/17 15:34:01 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\superSonicD\Desktop\aswMBR.exe
[2012/11/17 15:33:04 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\superSonicD\Desktop\tdsskiller.exe
[2012/11/17 15:17:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/17 15:08:04 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\superSonicD\Desktop\ComboFix.exe
[2012/11/17 14:41:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/17 14:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/17 14:34:40 | 000,725,504 | ---- | M] () -- C:\Users\superSonicD\Desktop\RogueKiller.exe
[2012/11/17 14:34:28 | 000,543,531 | ---- | M] () -- C:\Users\superSonicD\Desktop\adwcleaner.exe
[2012/11/17 13:57:52 | 000,000,000 | ---- | M] () -- C:\Users\superSonicD\defogger_reenable
[2012/11/17 13:55:55 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\superSonicD\Desktop\dds.scr
[2012/11/17 13:54:48 | 000,881,833 | ---- | M] () -- C:\Users\superSonicD\Desktop\SecurityCheck.exe
[2012/11/17 13:53:20 | 000,050,477 | ---- | M] () -- C:\Users\superSonicD\Desktop\Defogger.exe
[2012/11/17 13:42:47 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 13:42:47 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 11:38:35 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\MWB.lnk
[2012/11/14 18:03:51 | 000,127,488 | ---- | M] () -- C:\Users\superSonicD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/12 11:49:27 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia.lnk
[2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 15:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 15:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 15:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/19 09:44:00 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSp.lnk

========== Files Created - No Company Name ==========

[2012/11/17 15:41:24 | 000,000,512 | ---- | C] () -- C:\Users\superSonicD\Desktop\MBR.dat
[2012/11/17 15:13:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 15:13:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 15:13:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 15:13:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 15:13:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/17 14:35:04 | 000,725,504 | ---- | C] () -- C:\Users\superSonicD\Desktop\RogueKiller.exe
[2012/11/17 14:35:04 | 000,543,531 | ---- | C] () -- C:\Users\superSonicD\Desktop\adwcleaner.exe
[2012/11/17 13:57:52 | 000,000,000 | ---- | C] () -- C:\Users\superSonicD\defogger_reenable
[2012/11/17 13:55:13 | 000,881,833 | ---- | C] () -- C:\Users\superSonicD\Desktop\SecurityCheck.exe
[2012/11/17 13:53:46 | 000,050,477 | ---- | C] () -- C:\Users\superSonicD\Desktop\Defogger.exe
[2012/11/17 11:38:35 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\MWB.lnk
[2012/11/12 11:49:27 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia.lnk
[2012/10/19 09:44:00 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSp.lnk
[2012/09/27 17:37:04 | 000,000,244 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012/09/10 09:55:33 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012/09/05 11:05:54 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/09/05 11:05:51 | 000,015,613 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/09/05 11:05:10 | 000,850,152 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/09/05 11:05:10 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/08/13 11:16:43 | 000,127,488 | ---- | C] () -- C:\Users\superSonicD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/10 23:30:33 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2012/08/10 15:48:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/10 15:30:07 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/08/10 15:30:06 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/08/10 15:30:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/08/10 15:30:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/08/10 13:32:49 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/08/10 13:27:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/10 13:27:24 | 000,035,145 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 19:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 19:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 1048 bytes -> C:\Users\superSonicD\Cookies:TvxUMtBV6Rxm2N1iegyJwE9H

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 07:17 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 1048 bytes -> C:\Users\superSonicD\Cookies:TvxUMtBV6Rxm2N1iegyJwE9H  
    [2012/10/28 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 07:24 PM

It is done. No prompt to reboot--but it did shut down the running Firefox. Coupon dropdown still happening when I re-opened; perhaps after I send you the OTL report I'll try rebooting.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Unable to delete ADS C:\Users\superSonicD\Cookies:TvxUMtBV6Rxm2N1iegyJwE9H .
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpIcons folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg\en_US folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\PremierePro\CS5\Using folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\PremierePro\CS5 folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\PremierePro folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\OnLocation\CS5\Using folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\OnLocation\CS5 folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\OnLocation folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\MediaEncoder\CS5\Using folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\MediaEncoder\CS5 folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\MediaEncoder folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\Encore\CS5\Using folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\Encore\CS5 folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\Encore folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\DeviceCentral\CS5\Using folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\DeviceCentral\CS5 folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\DeviceCentral folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite\CS5\Using folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite\CS5 folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US\CreativeSuite folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help\en_US folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\Help folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store folder moved successfully.
C:\Users\superSonicD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\superSonicD\Desktop\cmd.bat deleted successfully.
C:\Users\superSonicD\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: superSonicD

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: superSonicD
->Flash cache emptied: 57776 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172012_162029

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 November 2012 - 07:28 PM

Yes reboot and then check also let me know which browser it happens in


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fixMeMommy

fixMeMommy
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 November 2012 - 07:36 PM

Yeah I just rebooted and in Firefox 12.0 it's still there (coupon dropdown box over random highlighted words).

Thanx Gr.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users