whitesmoke in firefox

[zibenzi]

My computer acquired Whitesmoke mysteriously and now I cannot get rid of it. I uninstalled Whitesmoke from programs but it is still on Firefox search bar as the default search engine. Please advise how to get it off my computer completely. Any help appreciated.

Btw im running windows 7 i havent seen any error msgs i saw the whitesmoke in internet explorer, i managed to get it removed using system restore in safe mode, but im not sure if its all removed if i can get some help with that thank you

[MrCharlie]

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

-------------

Next..........

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

-------------------------

Last.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[zibenzi]

Here They are, but i didnt see an extras file tho and thanks for the reply

Farbar Service Scanner Version: 18-01-2012 01

Ran by Loki (administrator) on 18-01-2012 at 19:37:52

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

===========

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Loki [Admin rights]

Mode: Scan -- Date : 01/18/2012 19:39:42

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] OTL.exe -- C:\Users\Loki\Desktop\OTL.exe -> KILLED [TermProc]

[sUSP PATH] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]

[RESIDUE] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.google-analytics.com

127.0.0.1 ssl.google-analytics.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 0e8eb73454f1d1bb7bcc2d2b94e93811

[bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo

1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 302666 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 591554560 | Size: 17087 Mo

3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 624928768 | Size: 108 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 38352929c2d780a90a22d37c561431a2

[bSP] 9af762601db7cd550c41de07f3e1a48b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 81604 Mo

1 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 159793152 | Size: 4194 Mo

2 - [ACTIVE] FAT16 [VISIBLE] Offset (sectors): 167985152 | Size: 2097 Mo

3 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 172081152 | Size: 2097 Mo

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

OTL logfile created on: 1/18/2012 8:07:30 PM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Loki\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 56.42% Memory free

7.49 Gb Paging File | 5.37 Gb Available in Paging File | 71.77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281.88 Gb Total Space | 211.92 Gb Free Space | 75.18% Space Free | Partition Type: NTFS

Drive D: | 15.91 Gb Total Space | 2.00 Gb Free Space | 12.54% Space Free | Partition Type: NTFS

Drive F: | 99.34 Mb Total Space | 89.21 Mb Free Space | 89.80% Space Free | Partition Type: FAT32

Computer Name: LOKI-HP | User Name: Loki | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 19:23:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Loki\Desktop\OTL.exe

PRC - [2012/01/01 22:12:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/09/23 10:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/07/29 13:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe

PRC - [2011/07/05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/06/13 15:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/17 20:35:24 | 004,984,104 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe

PRC - [2010/12/11 00:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2010/12/07 17:43:48 | 001,294,848 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/01 22:12:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/11/13 09:36:34 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/08/23 18:30:23 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2011/01/11 19:00:40 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Xiph.Org\Open Codecs\dsfOggDemux2.dll

MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/28 09:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/08/19 11:22:40 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/12/15 13:09:00 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/08/23 18:31:48 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/07/29 13:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)

SRV - [2011/07/05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/12/07 17:43:48 | 001,294,848 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/12/08 19:54:46 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/09/28 09:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/09/28 08:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/09/15 22:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/09/15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011/08/23 18:31:48 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/08/23 18:30:23 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/08/19 11:22:40 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/22 11:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/12/11 00:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/11/24 06:41:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)

DRV:64bit: - [2010/06/17 07:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2010/05/14 20:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/05/14 20:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/04/29 06:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Loki\Downloads

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Loki\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Loki\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Loki\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Loki\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/31 14:11:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 22:12:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 21:49:56 | 000,000,000 | ---D | M]

[2011/06/06 10:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loki\AppData\Roaming\Mozilla\Extensions

[2012/01/15 18:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\ujx7f57i.default\extensions

[2011/10/09 11:31:59 | 000,002,410 | ---- | M] () -- C:\Users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\ujx7f57i.default\searchplugins\s-amazon.xml

[2011/11/09 20:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\LOKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJX7F57I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\LOKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJX7F57I.DEFAULT\EXTENSIONS\FIREFORM@MOZILLA.ORG.XPI

() (No name found) -- C:\USERS\LOKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJX7F57I.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2012/01/01 22:12:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/29 10:49:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/09 20:36:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: WhiteSmoke Smartbar Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Loki\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Loki\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Loki\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Loki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Loki\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Loki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google Search = C:\Users\Loki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Loki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Loki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/06/06 10:43:14 | 000,000,970 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.google-analytics.com

O1 - Hosts: 127.0.0.1 ssl.google-analytics.com

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9E4C314-269B-42D4-B5AB-5D2969BF19CC}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{41d4a794-a57f-11e0-a78b-6431508f4fa7}\Shell - "" = AutoRun

O33 - MountPoints2\{41d4a794-a57f-11e0-a78b-6431508f4fa7}\Shell\AutoRun\command - "" = I:\setup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 19:23:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Loki\Desktop\OTL.exe

[2012/01/18 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\Loki\Desktop\RK_Quarantine

[2012/01/16 19:51:31 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/01/16 19:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/01/16 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com

[2012/01/16 16:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/01/16 16:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/01/16 16:06:39 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Local\VS Revo Group

[2012/01/16 16:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/01/16 16:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/01/15 19:00:16 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Roaming\Malwarebytes

[2012/01/15 19:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/15 19:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/01/15 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Local\DDMSettings

[2012/01/12 16:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

[2011/12/30 01:27:31 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server

[2011/12/30 01:27:31 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack

[2011/12/30 01:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org

[2011/12/30 01:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org

[2011/12/30 01:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack

[2011/12/29 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Loki\AppData\Roaming\MediaMonkey

[2011/12/29 12:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow

[2011/12/29 12:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow

[2011/12/29 12:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity

========== Files - Modified Within 30 Days ==========

[2012/01/18 19:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1163365333-3123920810-2663154901-1002UA.job

[2012/01/18 19:23:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Loki\Desktop\OTL.exe

[2012/01/18 17:44:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/18 17:44:27 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/18 17:41:16 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/01/18 17:41:16 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/01/18 17:41:16 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/01/18 17:36:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLoki.job

[2012/01/18 17:36:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/18 17:36:43 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/16 19:50:11 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/15 15:56:05 | 000,344,064 | ---- | M] () -- C:\Users\Loki\Documents\Database2.accdb

[2012/01/12 16:47:09 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012/01/12 16:43:52 | 000,002,268 | ---- | M] () -- C:\Users\Loki\Documents\cc_20120112_164348.reg

[2012/01/12 16:38:38 | 000,015,826 | ---- | M] () -- C:\Users\Loki\Documents\cc_20120112_163833.reg

[2012/01/10 16:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1163365333-3123920810-2663154901-1002Core.job

[2012/01/06 22:44:03 | 000,002,395 | ---- | M] () -- C:\Users\Loki\Desktop\Google Chrome.lnk

[2012/01/01 23:35:12 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\REAPER (x64).lnk

[2011/12/31 06:09:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLOKI-HP$.job

[2011/12/30 13:08:22 | 000,002,006 | ---- | M] () -- C:\Users\Loki\Application Data\Microsoft\Internet Explorer\Quick Launch\Zipeg.lnk

[2011/12/30 01:27:31 | 000,002,053 | ---- | M] () -- C:\Users\Loki\Desktop\TVersity.lnk

[2011/12/29 21:38:23 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk

[2011/12/29 13:12:21 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/12/21 20:47:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/01/16 19:50:11 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/15 15:55:42 | 000,344,064 | ---- | C] () -- C:\Users\Loki\Documents\Database2.accdb

[2012/01/12 16:47:09 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012/01/12 16:43:51 | 000,002,268 | ---- | C] () -- C:\Users\Loki\Documents\cc_20120112_164348.reg

[2012/01/12 16:38:35 | 000,015,826 | ---- | C] () -- C:\Users\Loki\Documents\cc_20120112_163833.reg

[2011/12/30 01:27:31 | 000,002,053 | ---- | C] () -- C:\Users\Loki\Desktop\TVersity.lnk

[2011/12/29 12:31:11 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/12/29 12:31:11 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm

[2011/09/23 11:11:10 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/09/20 12:40:50 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg

[2011/09/20 12:40:49 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe

[2011/09/18 11:22:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll

[2011/09/18 11:21:16 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2011/09/18 11:21:00 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2011/08/24 17:52:58 | 000,187,228 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/06/25 23:00:43 | 000,000,000 | ---- | C] () -- C:\Windows\cdplayer.ini

[2011/06/25 22:37:44 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2011/04/19 11:05:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/12/16 20:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/25 22:54:12 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Acoustica

[2012/01/07 09:59:12 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Audacity

[2011/06/09 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Canneverbe Limited

[2011/06/26 09:33:53 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Canon

[2011/07/12 12:58:26 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Deckadance16

[2011/06/03 03:29:04 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\IDT

[2011/09/18 19:16:04 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\MAGIX

[2012/01/17 19:03:30 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\MediaMonkey

[2011/08/19 09:02:49 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Mp3tag

[2011/09/21 08:40:13 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Propellerhead Software

[2011/12/31 17:15:33 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\REAPER

[2011/07/07 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\rockbox.org

[2011/07/07 18:25:10 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\SanDisk

[2011/09/20 07:03:06 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Steinberg

[2011/06/02 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Synaptics

[2011/10/29 15:27:44 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\uTorrent

[2011/06/25 11:54:34 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\Xilisoft

[2011/09/23 11:21:56 | 000,000,000 | ---D | M] -- C:\Users\Loki\AppData\Roaming\XWindows Dock

[2012/01/09 06:16:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/06/30 20:49:22 | 000,000,000 | ---D | M](C:\Users\Loki\AppData\Roaming\???????sAppData) -- C:\Users\Loki\AppData\Roaming\敎潲䍄敔灭慬整sAppData

[2011/06/30 20:49:22 | 000,000,000 | ---D | M](C:\Users\Loki\AppData\Roaming\???????sAppData) -- C:\Users\Loki\AppData\Roaming\敎潲䍄敔灭慬整sAppData

(C:\Users\Loki\AppData\Roaming\???????sAppData) -- C:\Users\Loki\AppData\Roaming\敎潲䍄敔灭慬整sAppData

< End of report >

[MrCharlie]

Please download and run TDSSKiller as outlined in the post below:

http://forums.malwar...ndpost&p=499595

If a suspicious object is detected, the default action will be Skip, click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Post back the log, MrC

[zibenzi]

no threats were found

06:13:49.0722 3736 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24

06:13:50.0100 3736 ============================================================

06:13:50.0100 3736 Current date / time: 2012/01/19 06:13:50.0100

06:13:50.0100 3736 SystemInfo:

06:13:50.0100 3736

06:13:50.0101 3736 OS Version: 6.1.7601 ServicePack: 1.0

06:13:50.0101 3736 Product type: Workstation

06:13:50.0101 3736 ComputerName: LOKI-HP

06:13:50.0101 3736 UserName: Loki

06:13:50.0101 3736 Windows directory: C:\Windows

06:13:50.0101 3736 System windows directory: C:\Windows

06:13:50.0101 3736 Running under WOW64

06:13:50.0101 3736 Processor architecture: Intel x64

06:13:50.0102 3736 Number of processors: 2

06:13:50.0102 3736 Page size: 0x1000

06:13:50.0102 3736 Boot type: Normal boot

06:13:50.0102 3736 ============================================================

06:13:51.0265 3736 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:13:51.0351 3736 Initialize success

06:14:16.0995 4692 ============================================================

06:14:16.0995 4692 Scan started

06:14:16.0995 4692 Mode: Manual; SigCheck; TDLFS;

06:14:16.0995 4692 ============================================================

06:14:17.0496 4692 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

06:14:17.0650 4692 1394ohci - ok

06:14:17.0757 4692 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

06:14:17.0783 4692 ACPI - ok

06:14:17.0873 4692 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

06:14:17.0980 4692 AcpiPmi - ok

06:14:18.0134 4692 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

06:14:18.0178 4692 adp94xx - ok

06:14:18.0285 4692 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

06:14:18.0324 4692 adpahci - ok

06:14:18.0423 4692 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

06:14:18.0464 4692 adpu320 - ok

06:14:18.0584 4692 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

06:14:18.0705 4692 AFD - ok

06:14:18.0799 4692 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

06:14:18.0829 4692 agp440 - ok

06:14:18.0941 4692 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

06:14:18.0971 4692 aliide - ok

06:14:19.0130 4692 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

06:14:19.0161 4692 amdide - ok

06:14:19.0261 4692 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

06:14:19.0327 4692 amdiox64 - ok

06:14:19.0521 4692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

06:14:19.0604 4692 AmdK8 - ok

06:14:19.0940 4692 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys

06:14:20.0319 4692 amdkmdag - ok

06:14:20.0446 4692 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys

06:14:20.0500 4692 amdkmdap - ok

06:14:20.0601 4692 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

06:14:20.0652 4692 AmdPPM - ok

06:14:20.0756 4692 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

06:14:20.0783 4692 amdsata - ok

06:14:20.0892 4692 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

06:14:20.0929 4692 amdsbs - ok

06:14:21.0020 4692 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

06:14:21.0047 4692 amdxata - ok

06:14:21.0127 4692 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys

06:14:21.0147 4692 amd_sata - ok

06:14:21.0239 4692 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys

06:14:21.0266 4692 amd_xata - ok

06:14:21.0441 4692 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

06:14:21.0574 4692 AppID - ok

06:14:21.0701 4692 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

06:14:21.0737 4692 arc - ok

06:14:21.0833 4692 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

06:14:21.0863 4692 arcsas - ok

06:14:22.0011 4692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

06:14:22.0139 4692 AsyncMac - ok

06:14:22.0240 4692 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

06:14:22.0273 4692 atapi - ok

06:14:22.0456 4692 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys

06:14:22.0563 4692 athr - ok

06:14:22.0682 4692 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

06:14:22.0717 4692 AtiHdmiService - ok

06:14:22.0804 4692 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

06:14:22.0828 4692 AtiPcie - ok

06:14:22.0967 4692 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

06:14:23.0003 4692 avgntflt - ok

06:14:23.0123 4692 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys

06:14:23.0161 4692 avipbb - ok

06:14:23.0260 4692 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

06:14:23.0290 4692 avkmgr - ok

06:14:23.0395 4692 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

06:14:23.0488 4692 b06bdrv - ok

06:14:23.0600 4692 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

06:14:23.0660 4692 b57nd60a - ok

06:14:23.0760 4692 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

06:14:23.0855 4692 Beep - ok

06:14:23.0974 4692 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

06:14:24.0030 4692 blbdrive - ok

06:14:24.0326 4692 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

06:14:24.0437 4692 bowser - ok

06:14:24.0760 4692 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

06:14:24.0873 4692 BrFiltLo - ok

06:14:25.0111 4692 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

06:14:25.0153 4692 BrFiltUp - ok

06:14:25.0398 4692 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

06:14:25.0476 4692 Brserid - ok

06:14:25.0720 4692 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

06:14:25.0806 4692 BrSerWdm - ok

06:14:26.0070 4692 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

06:14:26.0113 4692 BrUsbMdm - ok

06:14:26.0395 4692 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

06:14:26.0472 4692 BrUsbSer - ok

06:14:26.0922 4692 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

06:14:27.0036 4692 BTHMODEM - ok

06:14:27.0317 4692 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

06:14:27.0421 4692 cdfs - ok

06:14:27.0707 4692 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

06:14:27.0816 4692 cdrom - ok

06:14:28.0039 4692 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

06:14:28.0110 4692 circlass - ok

06:14:28.0362 4692 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

06:14:28.0382 4692 CLFS - ok

06:14:28.0764 4692 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

06:14:28.0779 4692 clwvd - ok

06:14:29.0067 4692 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

06:14:29.0115 4692 CmBatt - ok

06:14:29.0363 4692 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

06:14:29.0389 4692 cmdide - ok

06:14:29.0561 4692 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

06:14:29.0595 4692 CNG - ok

06:14:29.0700 4692 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

06:14:29.0713 4692 Compbatt - ok

06:14:29.0802 4692 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

06:14:29.0857 4692 CompositeBus - ok

06:14:29.0977 4692 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

06:14:29.0991 4692 crcdisk - ok

06:14:30.0141 4692 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

06:14:30.0213 4692 DfsC - ok

06:14:30.0328 4692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

06:14:30.0397 4692 discache - ok

06:14:30.0512 4692 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

06:14:30.0530 4692 Disk - ok

06:14:30.0643 4692 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

06:14:30.0707 4692 drmkaud - ok

06:14:30.0839 4692 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

06:14:30.0888 4692 DXGKrnl - ok

06:14:31.0065 4692 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

06:14:31.0166 4692 ebdrv - ok

06:14:31.0281 4692 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

06:14:31.0322 4692 elxstor - ok

06:14:31.0409 4692 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

06:14:31.0474 4692 ErrDev - ok

06:14:31.0608 4692 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

06:14:31.0700 4692 exfat - ok

06:14:31.0807 4692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

06:14:31.0894 4692 fastfat - ok

06:14:32.0020 4692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

06:14:32.0074 4692 fdc - ok

06:14:32.0197 4692 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

06:14:32.0233 4692 FileInfo - ok

06:14:32.0327 4692 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

06:14:32.0430 4692 Filetrace - ok

06:14:32.0532 4692 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

06:14:32.0567 4692 flpydisk - ok

06:14:32.0671 4692 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

06:14:32.0723 4692 FltMgr - ok

06:14:32.0822 4692 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

06:14:32.0859 4692 FsDepends - ok

06:14:32.0954 4692 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

06:14:32.0985 4692 Fs_Rec - ok

06:14:33.0097 4692 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

06:14:33.0135 4692 fvevol - ok

06:14:33.0223 4692 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

06:14:33.0259 4692 gagp30kx - ok

06:14:33.0358 4692 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

06:14:33.0378 4692 GEARAspiWDM - ok

06:14:33.0467 4692 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

06:14:33.0547 4692 hcw85cir - ok

06:14:33.0652 4692 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

06:14:33.0737 4692 HdAudAddService - ok

06:14:33.0830 4692 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

06:14:33.0886 4692 HDAudBus - ok

06:14:34.0055 4692 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

06:14:34.0095 4692 HidBatt - ok

06:14:34.0189 4692 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

06:14:34.0262 4692 HidBth - ok

06:14:34.0358 4692 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

06:14:34.0425 4692 HidIr - ok

06:14:34.0555 4692 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

06:14:34.0622 4692 HidUsb - ok

06:14:34.0836 4692 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

06:14:34.0873 4692 HpSAMD - ok

06:14:35.0007 4692 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

06:14:35.0099 4692 HTTP - ok

06:14:35.0202 4692 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

06:14:35.0225 4692 hwpolicy - ok

06:14:35.0335 4692 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

06:14:35.0382 4692 i8042prt - ok

06:14:35.0484 4692 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

06:14:35.0537 4692 iaStorV - ok

06:14:35.0819 4692 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

06:14:36.0096 4692 igfx - ok

06:14:36.0198 4692 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

06:14:36.0227 4692 iirsp - ok

06:14:36.0321 4692 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

06:14:36.0352 4692 intelide - ok

06:14:36.0465 4692 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

06:14:36.0524 4692 intelppm - ok

06:14:36.0641 4692 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:14:36.0751 4692 IpFilterDriver - ok

06:14:36.0848 4692 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

06:14:36.0871 4692 IPMIDRV - ok

06:14:36.0957 4692 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

06:14:37.0032 4692 IPNAT - ok

06:14:37.0153 4692 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

06:14:37.0223 4692 IRENUM - ok

06:14:37.0315 4692 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

06:14:37.0348 4692 isapnp - ok

06:14:37.0451 4692 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

06:14:37.0503 4692 iScsiPrt - ok

06:14:37.0596 4692 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys

06:14:37.0624 4692 ivusb - ok

06:14:37.0716 4692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

06:14:37.0752 4692 kbdclass - ok

06:14:37.0844 4692 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

06:14:37.0906 4692 kbdhid - ok

06:14:38.0016 4692 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

06:14:38.0054 4692 KSecDD - ok

06:14:38.0168 4692 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

06:14:38.0207 4692 KSecPkg - ok

06:14:38.0299 4692 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

06:14:38.0374 4692 ksthunk - ok

06:14:38.0496 4692 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

06:14:38.0619 4692 lltdio - ok

06:14:38.0779 4692 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

06:14:38.0810 4692 LSI_FC - ok

06:14:38.0929 4692 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

06:14:38.0961 4692 LSI_SAS - ok

06:14:39.0058 4692 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

06:14:39.0084 4692 LSI_SAS2 - ok

06:14:39.0200 4692 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

06:14:39.0231 4692 LSI_SCSI - ok

06:14:39.0325 4692 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

06:14:39.0413 4692 luafv - ok

06:14:39.0520 4692 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

06:14:39.0546 4692 MBAMProtector - ok

06:14:39.0638 4692 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

06:14:39.0672 4692 megasas - ok

06:14:39.0765 4692 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

06:14:39.0804 4692 MegaSR - ok

06:14:40.0020 4692 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

06:14:40.0089 4692 Modem - ok

06:14:40.0368 4692 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

06:14:40.0430 4692 monitor - ok

06:14:40.0549 4692 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

06:14:40.0567 4692 mouclass - ok

06:14:40.0701 4692 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

06:14:40.0751 4692 mouhid - ok

06:14:40.0920 4692 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

06:14:40.0946 4692 mountmgr - ok

06:14:41.0162 4692 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

06:14:41.0206 4692 mpio - ok

06:14:41.0309 4692 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

06:14:41.0377 4692 mpsdrv - ok

06:14:41.0476 4692 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

06:14:41.0564 4692 MRxDAV - ok

06:14:41.0648 4692 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

06:14:41.0717 4692 mrxsmb - ok

06:14:41.0825 4692 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

06:14:41.0856 4692 mrxsmb10 - ok

06:14:41.0947 4692 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

06:14:41.0973 4692 mrxsmb20 - ok

06:14:42.0070 4692 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

06:14:42.0104 4692 msahci - ok

06:14:42.0191 4692 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

06:14:42.0228 4692 msdsm - ok

06:14:42.0331 4692 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

06:14:42.0383 4692 Msfs - ok

06:14:42.0461 4692 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

06:14:42.0574 4692 mshidkmdf - ok

06:14:42.0661 4692 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

06:14:42.0692 4692 msisadrv - ok

06:14:42.0793 4692 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

06:14:42.0885 4692 MSKSSRV - ok

06:14:42.0983 4692 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

06:14:43.0084 4692 MSPCLOCK - ok

06:14:43.0183 4692 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

06:14:43.0286 4692 MSPQM - ok

06:14:43.0394 4692 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

06:14:43.0447 4692 MsRPC - ok

06:14:43.0542 4692 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

06:14:43.0566 4692 mssmbios - ok

06:14:43.0657 4692 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

06:14:43.0762 4692 MSTEE - ok

06:14:43.0840 4692 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

06:14:43.0876 4692 MTConfig - ok

06:14:43.0967 4692 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

06:14:43.0999 4692 Mup - ok

06:14:44.0103 4692 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

06:14:44.0156 4692 NativeWifiP - ok

06:14:44.0344 4692 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

06:14:44.0380 4692 NDIS - ok

06:14:44.0473 4692 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

06:14:44.0596 4692 NdisCap - ok

06:14:44.0694 4692 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

06:14:44.0791 4692 NdisTapi - ok

06:14:44.0905 4692 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

06:14:44.0985 4692 Ndisuio - ok

06:14:45.0096 4692 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

06:14:45.0206 4692 NdisWan - ok

06:14:45.0297 4692 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

06:14:45.0379 4692 NDProxy - ok

06:14:45.0483 4692 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

06:14:45.0578 4692 NetBIOS - ok

06:14:45.0682 4692 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

06:14:45.0781 4692 NetBT - ok

06:14:46.0046 4692 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

06:14:46.0318 4692 netw5v64 - ok

06:14:46.0419 4692 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

06:14:46.0454 4692 nfrd960 - ok

06:14:46.0588 4692 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

06:14:46.0687 4692 Npfs - ok

06:14:46.0781 4692 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

06:14:46.0872 4692 nsiproxy - ok

06:14:47.0020 4692 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

06:14:47.0088 4692 Ntfs - ok

06:14:47.0172 4692 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

06:14:47.0235 4692 Null - ok

06:14:47.0333 4692 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

06:14:47.0364 4692 nvraid - ok

06:14:47.0469 4692 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

06:14:47.0489 4692 nvstor - ok

06:14:47.0575 4692 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

06:14:47.0606 4692 nv_agp - ok

06:14:47.0694 4692 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

06:14:47.0762 4692 ohci1394 - ok

06:14:47.0902 4692 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

06:14:47.0934 4692 Parport - ok

06:14:48.0028 4692 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

06:14:48.0055 4692 partmgr - ok

06:14:48.0151 4692 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

06:14:48.0181 4692 pci - ok

06:14:48.0271 4692 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

06:14:48.0301 4692 pciide - ok

06:14:48.0385 4692 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

06:14:48.0434 4692 pcmcia - ok

06:14:48.0514 4692 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

06:14:48.0550 4692 pcw - ok

06:14:48.0656 4692 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

06:14:48.0756 4692 PEAUTH - ok

06:14:48.0901 4692 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

06:14:49.0000 4692 PptpMiniport - ok

06:14:49.0093 4692 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

06:14:49.0141 4692 Processor - ok

06:14:49.0267 4692 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

06:14:49.0350 4692 Psched - ok

06:14:49.0495 4692 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

06:14:49.0558 4692 ql2300 - ok

06:14:49.0663 4692 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

06:14:49.0699 4692 ql40xx - ok

06:14:49.0785 4692 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

06:14:49.0858 4692 QWAVEdrv - ok

06:14:49.0956 4692 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

06:14:50.0050 4692 RasAcd - ok

06:14:50.0211 4692 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

06:14:50.0287 4692 RasAgileVpn - ok

06:14:50.0381 4692 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

06:14:50.0472 4692 Rasl2tp - ok

06:14:50.0574 4692 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

06:14:50.0656 4692 RasPppoe - ok

06:14:50.0760 4692 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

06:14:50.0859 4692 RasSstp - ok

06:14:50.0956 4692 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

06:14:51.0066 4692 rdbss - ok

06:14:51.0170 4692 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

06:14:51.0234 4692 rdpbus - ok

06:14:51.0327 4692 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

06:14:51.0418 4692 RDPCDD - ok

06:14:51.0516 4692 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

06:14:51.0604 4692 RDPENCDD - ok

06:14:51.0701 4692 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

06:14:51.0764 4692 RDPREFMP - ok

06:14:51.0864 4692 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

06:14:51.0956 4692 RDPWD - ok

06:14:52.0049 4692 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

06:14:52.0095 4692 rdyboost - ok

06:14:52.0226 4692 RSPCIESTOR (cfdfd15d2d26bb50b6f4bf2d4fe6fa70) C:\Windows\system32\DRIVERS\RtsPStor.sys

06:14:52.0258 4692 RSPCIESTOR - ok

06:14:52.0349 4692 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

06:14:52.0463 4692 rspndr - ok

06:14:52.0589 4692 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

06:14:52.0638 4692 RTL8167 - ok

06:14:52.0703 4692 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

06:14:52.0721 4692 SASDIFSV - ok

06:14:52.0794 4692 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

06:14:52.0810 4692 SASKUTIL - ok

06:14:52.0900 4692 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

06:14:52.0935 4692 sbp2port - ok

06:14:53.0033 4692 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

06:14:53.0100 4692 scfilter - ok

06:14:53.0231 4692 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

06:14:53.0282 4692 sdbus - ok

06:14:53.0385 4692 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

06:14:53.0474 4692 secdrv - ok

06:14:53.0574 4692 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

06:14:53.0626 4692 Serenum - ok

06:14:53.0723 4692 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

06:14:53.0767 4692 Serial - ok

06:14:53.0852 4692 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

06:14:53.0908 4692 sermouse - ok

06:14:54.0027 4692 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

06:14:54.0086 4692 sffdisk - ok

06:14:54.0179 4692 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

06:14:54.0229 4692 sffp_mmc - ok

06:14:54.0350 4692 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

06:14:54.0397 4692 sffp_sd - ok

06:14:54.0500 4692 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

06:14:54.0554 4692 sfloppy - ok

06:14:54.0669 4692 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

06:14:54.0704 4692 SiSRaid2 - ok

06:14:54.0787 4692 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

06:14:54.0823 4692 SiSRaid4 - ok

06:14:54.0925 4692 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

06:14:55.0020 4692 Smb - ok

06:14:55.0123 4692 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

06:14:55.0154 4692 spldr - ok

06:14:55.0275 4692 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

06:14:55.0360 4692 srv - ok

06:14:55.0473 4692 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

06:14:55.0523 4692 srv2 - ok

06:14:55.0631 4692 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

06:14:55.0672 4692 SrvHsfHDA - ok

06:14:55.0809 4692 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

06:14:55.0899 4692 SrvHsfV92 - ok

06:14:56.0020 4692 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

06:14:56.0072 4692 SrvHsfWinac - ok

06:14:56.0180 4692 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

06:14:56.0242 4692 srvnet - ok

06:14:56.0378 4692 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

06:14:56.0411 4692 stexstor - ok

06:14:56.0522 4692 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys

06:14:56.0655 4692 STHDA - ok

06:14:56.0750 4692 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

06:14:56.0778 4692 swenum - ok

06:14:56.0906 4692 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

06:14:56.0965 4692 SynTP - ok

06:14:57.0131 4692 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

06:14:57.0197 4692 Tcpip - ok

06:14:57.0350 4692 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

06:14:57.0409 4692 TCPIP6 - ok

06:14:57.0503 4692 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

06:14:57.0559 4692 tcpipreg - ok

06:14:57.0654 4692 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

06:14:57.0732 4692 TDPIPE - ok

06:14:57.0833 4692 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

06:14:57.0934 4692 TDTCP - ok

06:14:58.0052 4692 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

06:14:58.0123 4692 tdx - ok

06:14:58.0216 4692 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

06:14:58.0247 4692 TermDD - ok

06:14:58.0363 4692 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

06:14:58.0468 4692 tssecsrv - ok

06:14:58.0573 4692 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

06:14:58.0627 4692 TsUsbFlt - ok

06:14:58.0750 4692 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

06:14:58.0835 4692 tunnel - ok

06:14:58.0953 4692 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

06:14:58.0990 4692 uagp35 - ok

06:14:59.0081 4692 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

06:14:59.0159 4692 udfs - ok

06:14:59.0265 4692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

06:14:59.0297 4692 uliagpkx - ok

06:14:59.0383 4692 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

06:14:59.0445 4692 umbus - ok

06:14:59.0550 4692 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

06:14:59.0610 4692 UmPass - ok

06:14:59.0717 4692 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

06:14:59.0775 4692 USBAAPL64 - ok

06:14:59.0889 4692 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

06:14:59.0932 4692 usbaudio - ok

06:15:00.0020 4692 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

06:15:00.0062 4692 usbccgp - ok

06:15:00.0157 4692 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

06:15:00.0236 4692 usbcir - ok

06:15:00.0331 4692 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

06:15:00.0388 4692 usbehci - ok

06:15:00.0496 4692 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys

06:15:00.0522 4692 usbfilter - ok

06:15:00.0635 4692 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

06:15:00.0698 4692 usbhub - ok

06:15:00.0796 4692 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

06:15:00.0848 4692 usbohci - ok

06:15:00.0954 4692 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

06:15:01.0021 4692 usbprint - ok

06:15:01.0132 4692 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

06:15:01.0189 4692 usbscan - ok

06:15:01.0283 4692 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

06:15:01.0336 4692 USBSTOR - ok

06:15:01.0436 4692 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

06:15:01.0482 4692 usbuhci - ok

06:15:01.0582 4692 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

06:15:01.0634 4692 usbvideo - ok

06:15:01.0729 4692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

06:15:01.0742 4692 vdrvroot - ok

06:15:01.0826 4692 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

06:15:01.0843 4692 vga - ok

06:15:01.0925 4692 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

06:15:01.0980 4692 VgaSave - ok

06:15:02.0083 4692 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

06:15:02.0105 4692 vhdmp - ok

06:15:02.0201 4692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

06:15:02.0215 4692 viaide - ok

06:15:02.0341 4692 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

06:15:02.0380 4692 volmgr - ok

06:15:02.0480 4692 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

06:15:02.0509 4692 volmgrx - ok

06:15:02.0606 4692 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

06:15:02.0656 4692 volsnap - ok

06:15:02.0739 4692 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

06:15:02.0781 4692 vsmraid - ok

06:15:02.0878 4692 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

06:15:02.0946 4692 vwifibus - ok

06:15:03.0038 4692 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

06:15:03.0108 4692 vwififlt - ok

06:15:03.0219 4692 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

06:15:03.0260 4692 vwifimp - ok

06:15:03.0362 4692 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

06:15:03.0403 4692 WacomPen - ok

06:15:03.0526 4692 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

06:15:03.0628 4692 WANARP - ok

06:15:03.0682 4692 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

06:15:03.0736 4692 Wanarpv6 - ok

06:15:03.0846 4692 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

06:15:03.0878 4692 Wd - ok

06:15:03.0973 4692 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

06:15:03.0996 4692 WDC_SAM - ok

06:15:04.0105 4692 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

06:15:04.0151 4692 Wdf01000 - ok

06:15:04.0252 4692 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

06:15:04.0326 4692 WfpLwf - ok

06:15:04.0409 4692 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

06:15:04.0433 4692 WIMMount - ok

06:15:04.0578 4692 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

06:15:04.0633 4692 WinUsb - ok

06:15:04.0731 4692 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

06:15:04.0778 4692 WmiAcpi - ok

06:15:04.0903 4692 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

06:15:05.0024 4692 ws2ifsl - ok

06:15:05.0135 4692 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

06:15:05.0245 4692 WudfPf - ok

06:15:05.0356 4692 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

06:15:05.0441 4692 WUDFRd - ok

06:15:05.0559 4692 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

06:15:05.0607 4692 yukonw7 - ok

06:15:05.0649 4692 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

06:15:06.0593 4692 \Device\Harddisk0\DR0 - ok

06:15:06.0603 4692 Boot (0x1200) (f62e1d29419ef01822d028837783d15a) \Device\Harddisk0\DR0\Partition0

06:15:06.0605 4692 \Device\Harddisk0\DR0\Partition0 - ok

06:15:06.0625 4692 Boot (0x1200) (de53dcaf7fb39d39e3efae8891d35670) \Device\Harddisk0\DR0\Partition1

06:15:06.0627 4692 \Device\Harddisk0\DR0\Partition1 - ok

06:15:06.0663 4692 Boot (0x1200) (d3cdf4659972750d975e261a26af49d4) \Device\Harddisk0\DR0\Partition2

06:15:06.0664 4692 \Device\Harddisk0\DR0\Partition2 - ok

06:15:06.0679 4692 Boot (0x1200) (c0edc770e96021bdfc4ce4694ab37b13) \Device\Harddisk0\DR0\Partition3

06:15:06.0679 4692 \Device\Harddisk0\DR0\Partition3 - ok

06:15:06.0680 4692 ============================================================

06:15:06.0680 4692 Scan finished

06:15:06.0680 4692 ============================================================

06:15:06.0697 1472 Detected object count: 0

06:15:06.0697 1472 Actual detected object count: 0

[MrCharlie]

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

------------------

Please download and run the Bitdefender Bootkit Removal Tool 64-bit version

http://www.malwareci...ction-1238.html

It runs very quickly, let me know if it find anything.

MrC

[zibenzi]

it didnt find anything

[MrCharlie]

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

[zibenzi]

ComboFix 12-01-19.01 - Loki 01/19/2012 16:40:00.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2592 [GMT -6:00]

Running from: c:\users\Loki\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.txt

c:\windows\system32\java.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))

.

.

2012-01-19 22:46 . 2012-01-19 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-19 22:46 . 2012-01-19 22:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-01-19 21:50 . 2012-01-19 21:50 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys

2012-01-17 01:51 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-16 22:11 . 2012-01-16 22:11 -------- d-----w- c:\users\Loki\AppData\Roaming\SUPERAntiSpyware.com

2012-01-16 22:10 . 2012-01-17 01:50 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-01-16 22:10 . 2012-01-16 22:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-01-16 22:06 . 2012-01-16 22:06 -------- d-----w- c:\users\Loki\AppData\Local\VS Revo Group

2012-01-16 22:06 . 2012-01-16 22:06 -------- d-----w- c:\program files\VS Revo Group

2012-01-16 01:00 . 2012-01-16 01:00 -------- d-----w- c:\users\Loki\AppData\Roaming\Malwarebytes

2012-01-16 01:00 . 2012-01-16 01:00 -------- d-----w- c:\programdata\Malwarebytes

2012-01-16 01:00 . 2012-01-17 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-15 14:16 . 2012-01-15 14:16 -------- d-----w- c:\users\Loki\AppData\Local\DDMSettings

2012-01-11 22:37 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 22:37 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 22:37 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 22:37 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 22:37 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 22:37 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 22:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 22:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-02 04:12 . 2012-01-02 04:12 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-02 04:12 . 2012-01-02 04:12 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-02 04:12 . 2012-01-02 04:12 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-02 04:12 . 2012-01-02 04:12 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-30 07:27 . 2011-12-30 07:27 -------- d-----w- c:\program files (x86)\Xiph.Org

2011-12-30 07:27 . 2011-12-30 07:27 -------- d-----w- c:\program files (x86)\TVersity Codec Pack

2011-12-30 03:38 . 2012-01-18 01:03 -------- d-----w- c:\users\Loki\AppData\Roaming\MediaMonkey

2011-12-29 18:31 . 2009-12-06 01:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2011-12-29 18:31 . 2009-12-06 01:41 50688 ----a-w- c:\windows\SysWow64\ff_acm.acm

2011-12-29 18:31 . 2011-12-29 18:31 -------- d-----w- c:\program files (x86)\ffdshow

2011-12-29 18:27 . 2011-12-30 07:27 -------- d-----w- c:\programdata\TVersity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-09 01:54 . 2011-10-14 17:07 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-11-24 04:52 . 2011-12-14 22:20 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-13 15:36 . 2011-06-06 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:32 . 2011-12-14 22:20 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:26 . 2011-12-14 22:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-15 02:28 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-15 02:28 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-15 02:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-15 02:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-15 02:28 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-15 02:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-15 02:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-15 02:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 22:27 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Scrybe.lnk - c:\windows\Installer\{C23719AF-BFEA-436F-9AAD-CB05ABE6D160}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-6-2 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-24 2375168]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-12-07 1294848]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-04-16 17:07 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1163365333-3123920810-2663154901-1002Core.job

- c:\users\Loki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 02:08]

.

2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1163365333-3123920810-2663154901-1002UA.job

- c:\users\Loki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 02:08]

.

2011-12-31 c:\windows\Tasks\HPCeeScheduleForLOKI-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-01-18 c:\windows\Tasks\HPCeeScheduleForLoki.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-19 1128448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\ujx7f57i.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\programdata\TVersity\Media Server\MediaServer.exe

.

**************************************************************************

.

Completion time: 2012-01-19 16:52:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-19 22:52

.

Pre-Run: 227,197,337,600 bytes free

Post-Run: 226,671,120,384 bytes free

.

- - End Of File - - 257555B73BC98119AC58384B41322E32

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

[zibenzi]

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.19.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Loki :: LOKI-HP [administrator]

Protection: Enabled

1/19/2012 9:25:42 PM

mbam-log-2012-01-19 (21-25-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198166

Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Any improvement? MrC

-------------------------

If not..........

Download DDS by sUBs and post the scan results using Copy / Paste.

http://download.blee...om/sUBs/dds.scr

http://download.blee...om/sUBs/dds.com

http://www.forospyware.com/sUBs/dds

1. Double click dds.scr to run the tool.

2. When done, two DDS.txt's will open.

3. Save both reports to your desktop.

4. Please copy and paste the contents of DDS.txt back here.

[zibenzi]

the computer wasnt really running bad, but i jus wasnt sure if i had removed it all.

heres the log thanks again

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Loki at 15:57:15 on 2012-01-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2334 [GMT -6:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\ProgramData\TVersity\Media Server\MediaServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Loki\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{C23719AF-BFEA-436F-9AAD-CB05ABE6D160}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D9E4C314-269B-42D4-B5AB-5D2969BF19CC} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Loki\AppData\Roaming\Mozilla\Firefox\Profiles\ujx7f57i.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Loki\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Loki\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Loki\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-14 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-14 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-23 2375168]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-16 652872]

R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-12-7 1294848]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-01-19 22:47:44 -------- d-----w- C:\$RECYCLE.BIN

2012-01-19 22:37:29 98816 ----a-w- C:\Windows\sed.exe

2012-01-19 22:37:29 518144 ----a-w- C:\Windows\SWREG.exe

2012-01-19 22:37:29 256000 ----a-w- C:\Windows\PEV.exe

2012-01-19 22:37:29 208896 ----a-w- C:\Windows\MBR.exe

2012-01-19 21:50:57 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys

2012-01-17 01:51:31 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-16 22:11:10 -------- d-----w- C:\Users\Loki\AppData\Roaming\SUPERAntiSpyware.com

2012-01-16 22:10:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-01-16 22:10:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-01-16 22:06:39 -------- d-----w- C:\Users\Loki\AppData\Local\VS Revo Group

2012-01-16 22:06:31 -------- d-----w- C:\Program Files\VS Revo Group

2012-01-16 01:00:16 -------- d-----w- C:\Users\Loki\AppData\Roaming\Malwarebytes

2012-01-16 01:00:08 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-16 01:00:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-15 14:16:54 -------- d-----w- C:\Users\Loki\AppData\Local\DDMSettings

2012-01-11 22:37:52 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 22:37:52 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 22:37:52 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 22:37:52 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 22:37:48 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 22:37:48 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 22:37:47 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 22:37:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-02 04:12:24 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-02 04:12:24 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-02 04:12:24 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-02 04:12:24 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-30 07:27:26 -------- d-----w- C:\Program Files (x86)\Xiph.Org

2011-12-30 07:27:19 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack

2011-12-30 03:38:12 -------- d-----w- C:\Users\Loki\AppData\Roaming\MediaMonkey

2011-12-29 18:31:11 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-12-29 18:31:11 50688 ----a-w- C:\Windows\SysWow64\ff_acm.acm

2011-12-29 18:31:10 -------- d-----w- C:\Program Files (x86)\ffdshow

2011-12-29 18:27:31 -------- d-----w- C:\ProgramData\TVersity

.

==================== Find3M ====================

.

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-11-13 15:36:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 15:59:27.99 ===============

[MrCharlie]

It looks OK, the link below shows how to reset FF if whitesmoke is still in the there:

http://www.howtogeek...ninstalling-it/

Let me know, MrC

[zibenzi]

ok i got that changed. thank you for the pirce of mind

[MrCharlie]

Good

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

If I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.