Jump to content

Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC


Recommended Posts

Hi,

Last night sometime I came across this virus. I tried running Superantispyware, which found the virus and thought I deleted it, but the next morning the virus was back. Malwarebytes didn't recognize any viruses at all. Also when I was removing the viruses with SAS, I think I noticed that the virus was in the Malwarebytes file. Anyway, here are the two Attach and DDS logs. I GREATLY appreciate any help! Thank you in advance!

-Kayla

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Kayla at 15:07:59 on 2012-02-08

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1838 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Program Files\WTouch\WTouchService.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Pen_Tablet.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\WTouch\WTouchUser.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\Pen_Tablet.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\AVG\AVG10\avgscana.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [EPSON NX125 NX127 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE /FU "C:\Windows\TEMP\E_SC7B2.tmp" /EF "HKCU"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [<NO NAME>]

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 128.104.254.254 144.92.254.254

TCP: Interfaces\{9D241A6A-03D1-45D0-BA13-7443F604F1F4} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{9D241A6A-03D1-45D0-BA13-7443F604F1F4}\37F6D656478696E6763796D607C656 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D241A6A-03D1-45D0-BA13-7443F604F1F4}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D241A6A-03D1-45D0-BA13-7443F604F1F4}\6657E696E636 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D241A6A-03D1-45D0-BA13-7443F604F1F4}\6657E696E63613 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D241A6A-03D1-45D0-BA13-7443F604F1F4}\932333 : DhcpNameServer = 24.196.64.53 68.115.71.53 24.159.193.40

TCP: Interfaces\{CD3C92F6-BAA6-41E8-99BD-3767231247D9} : DhcpNameServer = 128.104.254.254 144.92.254.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll

BHO-X64: EgisPBIE - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

mRun-x64: [(Default)]

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B57b90192-5921-4eb5-96ce-6bdd42bb2d41%7D&mid=32621f2af53645499e407e14a020966a-04d5f14531e0e027ade46568425df058191b9a88&ds=AVG&v=9.0.0.18.1〈=us&pr=fr&d=2011-12-13%2014%3A46%3A05&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff10.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll

FF - component: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt\components\EgisPBFF.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: SimplePass Online Accounts Extension : {41ecbc0b-34d5-4cd4-935f-253a30e2cb7e} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4

FF - Ext: AVG Security Toolbar: avg@toolbar - C:\ProgramData\AVG Secure Search\9.0.0.18

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-31 338168]

R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-2-4 689008]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2010-8-30 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2010-8-30 128512]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]

R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]

R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-11-23 127272]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-2 167264]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-01-26 18:46:59 -------- d-----w- C:\Program Files\R

2012-01-16 02:57:25 -------- d-----w- C:\Users\Kayla\AppData\Roaming\WTablet

2012-01-16 02:57:21 -------- d-----w- C:\Users\Kayla\AppData\Roaming\WTouch

2012-01-13 22:29:23 -------- d-----w- C:\Users\Kayla\AppData\Roaming\Malwarebytes

2012-01-13 22:29:12 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-13 22:29:12 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-13 22:29:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-10 00:57:50 -------- d-----w- C:\Users\Kayla\AppData\Roaming\inkscape

2012-01-10 00:53:10 -------- d-----w- C:\Program Files (x86)\Inkscape

.

==================== Find3M ====================

.

2011-11-24 00:13:55 129784 ------w- C:\Windows\SysWow64\pxafs.dll

2011-11-24 00:13:55 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe

2011-11-24 00:13:55 10488 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2011-11-24 00:13:55 10488 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2011-11-24 00:13:54 52856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2011-11-24 00:13:54 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe

.

============= FINISH: 15:08:51.45 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/13/2010 6:43:34 PM

System Uptime: 2/8/2012 2:28:47 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 146A

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU | 1314/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 447 GiB total, 377.666 GiB free.

D: is FIXED (NTFS) - 18 GiB total, 2.666 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP88: 12/9/2011 1:22:39 PM - Scheduled Checkpoint

RP89: 12/17/2011 1:31:29 PM - Scheduled Checkpoint

RP90: 12/18/2011 8:10:19 PM - HPSF Restore Point

RP91: 12/31/2011 2:01:31 AM - Scheduled Checkpoint

RP92: 1/7/2012 11:06:08 PM - Scheduled Checkpoint

RP93: 1/15/2012 12:00:04 AM - Scheduled Checkpoint

RP94: 1/23/2012 2:28:07 AM - Scheduled Checkpoint

RP96: 1/30/2012 4:58:36 PM - Scheduled Checkpoint

RP97: 2/6/2012 6:18:59 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

7-Zip 9.20

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 7.0

Adobe Reader 9.3.3 MUI

Adobe Shockwave Player

AIM 7

Alcor Micro USB Card Reader

America's Army

Apple Application Support

Apple Software Update

Bamboo

CinemaNow Media Manager

Compatibility Pack for the 2007 Office system

ConnectUO 2.0

CyberLink DVD Suite

Download Updater (AOL LLC)

Dungeon Keeper 2

DVD Menu Pack for HP MediaSmart Video

EA Download Manager

Epson Event Manager

EPSON Scan

ESU for Microsoft Windows 7

GIMP 2.6.10

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart Video

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Photo Creations

HP QuickWeb Installer

HP Setup

HP SimplePass Identity Protection

HP Software Framework

HP Support Assistant

HP Update

HP User Guides 0207

HPAsset component for HP Active Support Library

IDT Audio

Inkscape 0.48.2

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

LabelPrint

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Choice Guard

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft WSE 3.0 Runtime

mIRC

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox (3.6.26)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Online Backup

OpenOffice.org 3.2

PhotoNow!

Power2Go

PowerDirector

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

RealUpgrade 1.1

Recovery Manager

Roxio CinemaNow 2.0

Soldat 1.6.0

Soldat 1.6.1

Soldat 1.6.2

The Movies

The Sims™ 3

Ultima Online: Mondain's Legacy

Update for Microsoft Office Word 2007 (KB974631)

Update for Office 2007 (KB934528)

Ventrilo Client

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Warcraft III

Warcraft III: All Products

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Kayla and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please open SUPERAntiSpyware and click on View Scan Logs. Post the latest log file to see exactly what is the problem.

Link to post
Share on other sites

Hi Maniac,

Thanks for the quick response! Heres my SAS log from 2-7-12 and 2-6-12

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 02/07/2012 at 00:54 AM

Application Version : 4.49.1000

Core Rules Database Version : 6633

Trace Rules Database Version: 4445

Scan type : Complete Scan

Total Scan Time : 00:59:32

Memory items scanned : 511

Memory threats detected : 0

Registry items scanned : 14352

Registry threats detected : 0

File items scanned : 33673

File threats detected : 241

Adware.Tracking Cookie

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@yieldmanager[1].txt

.realmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.realmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.apmebf.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.mediaplex.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.mediaplex.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.pubads.g.doubleclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.dmtracker.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adfarm1.adition.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adfarm1.adition.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad2.adfarm1.adition.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.googleads.g.doubleclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.yieldmanager.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.www.burstnet.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.traveladvertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.traveladvertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.r1-ads.ace.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.amazon-adsystem.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.amazon-adsystem.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.lucidmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ru4.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ru4.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.advertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ru4.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ru4.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.avgtechnologies.112.2o7.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.tribalfusion.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.burstnet.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.burstnet.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media.adfrontiers.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media.adfrontiers.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.fastclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.fastclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.statcounter.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.pro-market.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.pro-market.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

www.burstnet.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adxpose.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.technoratimedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

www.googleadservices.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.nextag.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.nextag.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.zedo.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.viacom.adbureau.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.2o7.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.steelhousemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.mediaplex.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.usatoday1.112.2o7.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.solvemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.solvemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.akamai.interclickproxy.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.specificclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.apmebf.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.h.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.h.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.h.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.h.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.c.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.c.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.c.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.c.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

citi.bridgetrack.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

citi.bridgetrack.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.linksynergy.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.linksynergy.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.linksynergy.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.demandwarecrocs.112.2o7.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.traveladvertising.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.account.woot.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.tacoda.at.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.tacoda.at.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.tacoda.at.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.ar.atwola.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.realmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.insightexpressai.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.account.woot.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.account.woot.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.c1.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.c1.atdmt.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.realmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

network.realmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.a1.interclick.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.revsci.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

network.realmedia.com [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\cookies.sqlite ]

Trojan.Agent/Gen-IEFake

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE

C:\Windows\Prefetch\IEXPLORE.EXE-4AF998D1.pf

C:\Windows\Prefetch\IEXPLORE.EXE-5E5FA146.pf

Trojan.Agent/Gen-IExplorer[Fake]

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE

C:\Windows\Prefetch\IEXPLORE.EXE-8DF4B077.pf

Trojan.Agent/Gen-PEC

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE

C:\Windows\Prefetch\EXPLORER.EXE-9D359EBE.pf

Trojan.Dropper/SVCHost-Fake

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 02/06/2012 at 11:53 PM

Application Version : 4.49.1000

Core Rules Database Version : 6633

Trace Rules Database Version: 4445

Scan type : Complete Scan

Total Scan Time : 00:09:05

Memory items scanned : 606

Memory threats detected : 0

Registry items scanned : 14354

Registry threats detected : 0

File items scanned : 2773

File threats detected : 16

Adware.Tracking Cookie

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@tacoda.at.atwola[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@at.atwola[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@ad.yieldmanager[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@atdmt[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@advertising[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@cdn.at.atwola[1].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@yieldmanager[1].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@ar.atwola[1].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@r1-ads.ace.advertising[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@doubleclick[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@atwola[1].txt

media10.washingtonpost.com [ C:\Users\Kayla\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MHPDXDCF ]

Trojan.Agent/Gen-IEFake

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC

C:\USERS\KAYLA\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE

Link to post
Share on other sites

Trojan.Dropper/SVCHost-Fake

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE

This is a false positive, because svchost.exe is part of Malwarebytes' Anti-Malware and specificlly from Chameleon technology.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please follow the instructions to run ComboFix from here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post it in your next reply.

In your next reply, please post the following log files:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Here are my logs:

15:55:33.0518 0372 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

15:55:33.0799 0372 ============================================================

15:55:33.0799 0372 Current date / time: 2012/02/09 15:55:33.0799

15:55:33.0799 0372 SystemInfo:

15:55:33.0799 0372

15:55:33.0799 0372 OS Version: 6.1.7600 ServicePack: 0.0

15:55:33.0799 0372 Product type: Workstation

15:55:33.0799 0372 ComputerName: KAYLA-PC

15:55:33.0799 0372 UserName: Kayla

15:55:33.0799 0372 Windows directory: C:\Windows

15:55:33.0799 0372 System windows directory: C:\Windows

15:55:33.0799 0372 Running under WOW64

15:55:33.0799 0372 Processor architecture: Intel x64

15:55:33.0799 0372 Number of processors: 4

15:55:33.0799 0372 Page size: 0x1000

15:55:33.0799 0372 Boot type: Normal boot

15:55:33.0799 0372 ============================================================

15:55:34.0173 0372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:55:34.0189 0372 \Device\Harddisk0\DR0:

15:55:34.0189 0372 MBR used

15:55:34.0189 0372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

15:55:34.0189 0372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37E09800

15:55:34.0189 0372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37E6D800, BlocksNum 0x24E4800

15:55:34.0189 0372 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

15:55:34.0267 0372 Initialize success

15:55:34.0267 0372 ============================================================

15:56:23.0048 5948 ============================================================

15:56:23.0048 5948 Scan started

15:56:23.0048 5948 Mode: Manual; SigCheck; TDLFS;

15:56:23.0048 5948 ============================================================

15:56:23.0392 5948 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

15:56:23.0470 5948 1394ohci - ok

15:56:23.0516 5948 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys

15:56:23.0548 5948 Accelerometer - ok

15:56:23.0594 5948 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

15:56:23.0610 5948 ACPI - ok

15:56:23.0626 5948 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

15:56:23.0641 5948 AcpiPmi - ok

15:56:23.0704 5948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:56:23.0735 5948 adp94xx - ok

15:56:23.0766 5948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:56:23.0782 5948 adpahci - ok

15:56:23.0813 5948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:56:23.0828 5948 adpu320 - ok

15:56:23.0891 5948 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

15:56:23.0922 5948 AFD - ok

15:56:23.0953 5948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

15:56:23.0969 5948 agp440 - ok

15:56:24.0000 5948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

15:56:24.0000 5948 aliide - ok

15:56:24.0031 5948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

15:56:24.0031 5948 amdide - ok

15:56:24.0062 5948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:56:24.0094 5948 AmdK8 - ok

15:56:24.0109 5948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:56:24.0125 5948 AmdPPM - ok

15:56:24.0156 5948 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

15:56:24.0156 5948 amdsata - ok

15:56:24.0203 5948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:56:24.0218 5948 amdsbs - ok

15:56:24.0234 5948 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

15:56:24.0234 5948 amdxata - ok

15:56:24.0281 5948 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS

15:56:24.0281 5948 AmUStor - ok

15:56:24.0312 5948 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

15:56:24.0343 5948 AppID - ok

15:56:24.0374 5948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:56:24.0390 5948 arc - ok

15:56:24.0437 5948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:56:24.0452 5948 arcsas - ok

15:56:24.0468 5948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:56:24.0515 5948 AsyncMac - ok

15:56:24.0530 5948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

15:56:24.0546 5948 atapi - ok

15:56:24.0624 5948 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

15:56:24.0640 5948 AVGIDSDriver - ok

15:56:24.0671 5948 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

15:56:24.0671 5948 AVGIDSEH - ok

15:56:24.0686 5948 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

15:56:24.0702 5948 AVGIDSFilter - ok

15:56:24.0733 5948 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys

15:56:24.0749 5948 Avgldx64 - ok

15:56:24.0764 5948 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys

15:56:24.0780 5948 Avgmfx64 - ok

15:56:24.0811 5948 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys

15:56:24.0827 5948 Avgrkx64 - ok

15:56:24.0858 5948 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys

15:56:24.0874 5948 Avgtdia - ok

15:56:24.0952 5948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:56:24.0983 5948 b06bdrv - ok

15:56:25.0030 5948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:56:25.0061 5948 b57nd60a - ok

15:56:25.0139 5948 BCM43XX (35756e37d5fdee22fbf27090a14fe608) C:\Windows\system32\DRIVERS\bcmwl664.sys

15:56:25.0201 5948 BCM43XX - ok

15:56:25.0232 5948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:56:25.0279 5948 Beep - ok

15:56:25.0326 5948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:56:25.0342 5948 blbdrive - ok

15:56:25.0357 5948 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

15:56:25.0404 5948 bowser - ok

15:56:25.0420 5948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:56:25.0435 5948 BrFiltLo - ok

15:56:25.0451 5948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:56:25.0482 5948 BrFiltUp - ok

15:56:25.0498 5948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:56:25.0513 5948 Brserid - ok

15:56:25.0529 5948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:56:25.0544 5948 BrSerWdm - ok

15:56:25.0560 5948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:56:25.0591 5948 BrUsbMdm - ok

15:56:25.0607 5948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:56:25.0622 5948 BrUsbSer - ok

15:56:25.0654 5948 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

15:56:25.0669 5948 BthEnum - ok

15:56:25.0685 5948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:56:25.0716 5948 BTHMODEM - ok

15:56:25.0732 5948 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

15:56:25.0747 5948 BthPan - ok

15:56:25.0778 5948 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

15:56:25.0794 5948 BTHPORT - ok

15:56:25.0825 5948 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

15:56:25.0841 5948 BTHUSB - ok

15:56:25.0872 5948 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

15:56:25.0888 5948 btwaudio - ok

15:56:25.0903 5948 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys

15:56:25.0919 5948 btwavdt - ok

15:56:25.0950 5948 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

15:56:25.0966 5948 btwl2cap - ok

15:56:25.0981 5948 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

15:56:25.0981 5948 btwrchid - ok

15:56:25.0997 5948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:56:26.0044 5948 cdfs - ok

15:56:26.0059 5948 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

15:56:26.0075 5948 cdrom - ok

15:56:26.0106 5948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:56:26.0137 5948 circlass - ok

15:56:26.0184 5948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:56:26.0200 5948 CLFS - ok

15:56:26.0215 5948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:56:26.0246 5948 CmBatt - ok

15:56:26.0262 5948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

15:56:26.0262 5948 cmdide - ok

15:56:26.0293 5948 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

15:56:26.0309 5948 CNG - ok

15:56:26.0340 5948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:56:26.0340 5948 Compbatt - ok

15:56:26.0371 5948 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:56:26.0402 5948 CompositeBus - ok

15:56:26.0434 5948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:56:26.0449 5948 crcdisk - ok

15:56:26.0480 5948 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

15:56:26.0527 5948 DfsC - ok

15:56:26.0558 5948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:56:26.0590 5948 discache - ok

15:56:26.0621 5948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:56:26.0621 5948 Disk - ok

15:56:26.0652 5948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:56:26.0668 5948 drmkaud - ok

15:56:26.0714 5948 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys

15:56:26.0746 5948 DVMIO - ok

15:56:26.0777 5948 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

15:56:26.0808 5948 DXGKrnl - ok

15:56:26.0886 5948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:56:26.0995 5948 ebdrv - ok

15:56:27.0058 5948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:56:27.0073 5948 elxstor - ok

15:56:27.0136 5948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

15:56:27.0151 5948 ErrDev - ok

15:56:27.0182 5948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:56:27.0229 5948 exfat - ok

15:56:27.0245 5948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:56:27.0276 5948 fastfat - ok

15:56:27.0307 5948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:56:27.0323 5948 fdc - ok

15:56:27.0338 5948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:56:27.0354 5948 FileInfo - ok

15:56:27.0370 5948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:56:27.0416 5948 Filetrace - ok

15:56:27.0448 5948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:56:27.0463 5948 flpydisk - ok

15:56:27.0479 5948 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

15:56:27.0494 5948 FltMgr - ok

15:56:27.0526 5948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:56:27.0526 5948 FsDepends - ok

15:56:27.0541 5948 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:56:27.0557 5948 Fs_Rec - ok

15:56:27.0572 5948 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

15:56:27.0588 5948 fvevol - ok

15:56:27.0604 5948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:56:27.0619 5948 gagp30kx - ok

15:56:27.0635 5948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:56:27.0650 5948 GEARAspiWDM - ok

15:56:27.0666 5948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:56:27.0682 5948 hcw85cir - ok

15:56:27.0728 5948 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

15:56:27.0744 5948 HdAudAddService - ok

15:56:27.0760 5948 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:56:27.0775 5948 HDAudBus - ok

15:56:27.0806 5948 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

15:56:27.0806 5948 HECIx64 - ok

15:56:27.0822 5948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:56:27.0853 5948 HidBatt - ok

15:56:27.0869 5948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:56:27.0900 5948 HidBth - ok

15:56:27.0931 5948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:56:27.0947 5948 HidIr - ok

15:56:27.0962 5948 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

15:56:27.0978 5948 HidUsb - ok

15:56:28.0025 5948 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys

15:56:28.0025 5948 hpdskflt - ok

15:56:28.0056 5948 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:56:28.0072 5948 HpSAMD - ok

15:56:28.0103 5948 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

15:56:28.0165 5948 HTTP - ok

15:56:28.0181 5948 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

15:56:28.0181 5948 hwpolicy - ok

15:56:28.0212 5948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

15:56:28.0212 5948 i8042prt - ok

15:56:28.0259 5948 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys

15:56:28.0259 5948 iaStor - ok

15:56:28.0306 5948 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

15:56:28.0321 5948 iaStorV - ok

15:56:28.0493 5948 igfx (90afab2b5962b1cd5bb23320675d6174) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:56:28.0696 5948 igfx - ok

15:56:28.0711 5948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:56:28.0727 5948 iirsp - ok

15:56:28.0742 5948 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys

15:56:28.0758 5948 Impcd - ok

15:56:28.0789 5948 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:56:28.0805 5948 IntcDAud - ok

15:56:28.0836 5948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

15:56:28.0852 5948 intelide - ok

15:56:28.0867 5948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:56:28.0883 5948 intelppm - ok

15:56:28.0914 5948 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:56:28.0945 5948 IpFilterDriver - ok

15:56:28.0976 5948 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:56:28.0976 5948 IPMIDRV - ok

15:56:28.0992 5948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:56:29.0039 5948 IPNAT - ok

15:56:29.0054 5948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:56:29.0070 5948 IRENUM - ok

15:56:29.0086 5948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

15:56:29.0101 5948 isapnp - ok

15:56:29.0132 5948 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

15:56:29.0148 5948 iScsiPrt - ok

15:56:29.0164 5948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:56:29.0179 5948 kbdclass - ok

15:56:29.0195 5948 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

15:56:29.0226 5948 kbdhid - ok

15:56:29.0242 5948 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

15:56:29.0242 5948 KSecDD - ok

15:56:29.0288 5948 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

15:56:29.0288 5948 KSecPkg - ok

15:56:29.0320 5948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:56:29.0366 5948 ksthunk - ok

15:56:29.0398 5948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:56:29.0444 5948 lltdio - ok

15:56:29.0476 5948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:56:29.0491 5948 LSI_FC - ok

15:56:29.0507 5948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:56:29.0522 5948 LSI_SAS - ok

15:56:29.0538 5948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:56:29.0554 5948 LSI_SAS2 - ok

15:56:29.0569 5948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:56:29.0585 5948 LSI_SCSI - ok

15:56:29.0600 5948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:56:29.0647 5948 luafv - ok

15:56:29.0678 5948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:56:29.0694 5948 megasas - ok

15:56:29.0710 5948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:56:29.0725 5948 MegaSR - ok

15:56:29.0741 5948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:56:29.0788 5948 Modem - ok

15:56:29.0819 5948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:56:29.0834 5948 monitor - ok

15:56:29.0850 5948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:56:29.0850 5948 mouclass - ok

15:56:29.0881 5948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:56:29.0897 5948 mouhid - ok

15:56:29.0912 5948 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

15:56:29.0928 5948 mountmgr - ok

15:56:29.0944 5948 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

15:56:29.0959 5948 mpio - ok

15:56:29.0975 5948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:56:30.0006 5948 mpsdrv - ok

15:56:30.0037 5948 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

15:56:30.0053 5948 MRxDAV - ok

15:56:30.0084 5948 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:56:30.0100 5948 mrxsmb - ok

15:56:30.0100 5948 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:56:30.0115 5948 mrxsmb10 - ok

15:56:30.0131 5948 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:56:30.0146 5948 mrxsmb20 - ok

15:56:30.0162 5948 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

15:56:30.0162 5948 msahci - ok

15:56:30.0193 5948 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

15:56:30.0209 5948 msdsm - ok

15:56:30.0224 5948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:56:30.0271 5948 Msfs - ok

15:56:30.0287 5948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:56:30.0318 5948 mshidkmdf - ok

15:56:30.0334 5948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

15:56:30.0334 5948 msisadrv - ok

15:56:30.0380 5948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:56:30.0427 5948 MSKSSRV - ok

15:56:30.0443 5948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:56:30.0474 5948 MSPCLOCK - ok

15:56:30.0505 5948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:56:30.0552 5948 MSPQM - ok

15:56:30.0568 5948 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

15:56:30.0583 5948 MsRPC - ok

15:56:30.0599 5948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

15:56:30.0614 5948 mssmbios - ok

15:56:30.0630 5948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:56:30.0677 5948 MSTEE - ok

15:56:30.0692 5948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:56:30.0692 5948 MTConfig - ok

15:56:30.0724 5948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:56:30.0724 5948 Mup - ok

15:56:30.0755 5948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:56:30.0786 5948 NativeWifiP - ok

15:56:30.0817 5948 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

15:56:30.0848 5948 NDIS - ok

15:56:30.0864 5948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:56:30.0895 5948 NdisCap - ok

15:56:30.0926 5948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:56:30.0958 5948 NdisTapi - ok

15:56:30.0989 5948 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

15:56:31.0036 5948 Ndisuio - ok

15:56:31.0051 5948 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:56:31.0082 5948 NdisWan - ok

15:56:31.0114 5948 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

15:56:31.0160 5948 NDProxy - ok

15:56:31.0176 5948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:56:31.0223 5948 NetBIOS - ok

15:56:31.0238 5948 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

15:56:31.0270 5948 NetBT - ok

15:56:31.0394 5948 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

15:56:31.0550 5948 netw5v64 - ok

15:56:31.0566 5948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:56:31.0582 5948 nfrd960 - ok

15:56:31.0597 5948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:56:31.0628 5948 Npfs - ok

15:56:31.0644 5948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:56:31.0675 5948 nsiproxy - ok

15:56:31.0722 5948 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

15:56:31.0769 5948 Ntfs - ok

15:56:31.0784 5948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:56:31.0831 5948 Null - ok

15:56:31.0862 5948 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

15:56:31.0862 5948 nvraid - ok

15:56:31.0894 5948 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

15:56:31.0909 5948 nvstor - ok

15:56:31.0925 5948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

15:56:31.0940 5948 nv_agp - ok

15:56:31.0987 5948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

15:56:32.0003 5948 ohci1394 - ok

15:56:32.0034 5948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:56:32.0034 5948 Parport - ok

15:56:32.0065 5948 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

15:56:32.0065 5948 partmgr - ok

15:56:32.0096 5948 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

15:56:32.0096 5948 pci - ok

15:56:32.0128 5948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

15:56:32.0128 5948 pciide - ok

15:56:32.0159 5948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:56:32.0174 5948 pcmcia - ok

15:56:32.0190 5948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:56:32.0206 5948 pcw - ok

15:56:32.0221 5948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:56:32.0284 5948 PEAUTH - ok

15:56:32.0346 5948 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

15:56:32.0377 5948 PptpMiniport - ok

15:56:32.0408 5948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:56:32.0408 5948 Processor - ok

15:56:32.0455 5948 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

15:56:32.0502 5948 Psched - ok

15:56:32.0518 5948 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys

15:56:32.0533 5948 PxHlpa64 - ok

15:56:32.0564 5948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:56:32.0611 5948 ql2300 - ok

15:56:32.0642 5948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:56:32.0642 5948 ql40xx - ok

15:56:32.0674 5948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:56:32.0689 5948 QWAVEdrv - ok

15:56:32.0705 5948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:56:32.0736 5948 RasAcd - ok

15:56:32.0752 5948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:56:32.0798 5948 RasAgileVpn - ok

15:56:32.0814 5948 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:56:32.0861 5948 Rasl2tp - ok

15:56:32.0876 5948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:56:32.0908 5948 RasPppoe - ok

15:56:32.0923 5948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:56:32.0970 5948 RasSstp - ok

15:56:33.0001 5948 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

15:56:33.0032 5948 rdbss - ok

15:56:33.0048 5948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:56:33.0064 5948 rdpbus - ok

15:56:33.0079 5948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:56:33.0126 5948 RDPCDD - ok

15:56:33.0157 5948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:56:33.0188 5948 RDPENCDD - ok

15:56:33.0204 5948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:56:33.0235 5948 RDPREFMP - ok

15:56:33.0251 5948 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

15:56:33.0298 5948 RDPWD - ok

15:56:33.0313 5948 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

15:56:33.0329 5948 rdyboost - ok

15:56:33.0376 5948 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

15:56:33.0407 5948 RFCOMM - ok

15:56:33.0422 5948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:56:33.0469 5948 rspndr - ok

15:56:33.0516 5948 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:56:33.0516 5948 RTL8167 - ok

15:56:33.0594 5948 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

15:56:33.0610 5948 SASDIFSV - ok

15:56:33.0625 5948 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

15:56:33.0641 5948 SASKUTIL - ok

15:56:33.0672 5948 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

15:56:33.0672 5948 sbp2port - ok

15:56:33.0703 5948 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

15:56:33.0750 5948 scfilter - ok

15:56:33.0766 5948 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

15:56:33.0781 5948 sdbus - ok

15:56:33.0828 5948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:56:33.0859 5948 secdrv - ok

15:56:33.0890 5948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:56:33.0890 5948 Serenum - ok

15:56:33.0906 5948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:56:33.0922 5948 Serial - ok

15:56:33.0937 5948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:56:33.0953 5948 sermouse - ok

15:56:33.0984 5948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

15:56:34.0015 5948 sffdisk - ok

15:56:34.0031 5948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:56:34.0046 5948 sffp_mmc - ok

15:56:34.0078 5948 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:56:34.0093 5948 sffp_sd - ok

15:56:34.0109 5948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:56:34.0124 5948 sfloppy - ok

15:56:34.0156 5948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:56:34.0171 5948 SiSRaid2 - ok

15:56:34.0187 5948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:56:34.0202 5948 SiSRaid4 - ok

15:56:34.0234 5948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:56:34.0265 5948 Smb - ok

15:56:34.0296 5948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:56:34.0296 5948 spldr - ok

15:56:34.0343 5948 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys

15:56:34.0358 5948 srv - ok

15:56:34.0390 5948 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys

15:56:34.0405 5948 srv2 - ok

15:56:34.0436 5948 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

15:56:34.0468 5948 SrvHsfHDA - ok

15:56:34.0514 5948 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

15:56:34.0561 5948 SrvHsfV92 - ok

15:56:34.0577 5948 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

15:56:34.0608 5948 SrvHsfWinac - ok

15:56:34.0639 5948 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys

15:56:34.0670 5948 srvnet - ok

15:56:34.0702 5948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:56:34.0702 5948 stexstor - ok

15:56:34.0748 5948 STHDA (f991751c2477257bbcedb364a0f449b4) C:\Windows\system32\DRIVERS\stwrt64.sys

15:56:34.0780 5948 STHDA - ok

15:56:34.0795 5948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

15:56:34.0811 5948 swenum - ok

15:56:34.0889 5948 SynTP (be2b928de9af2848289db7a54c7e2398) C:\Windows\system32\DRIVERS\SynTP.sys

15:56:34.0904 5948 SynTP - ok

15:56:35.0014 5948 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

15:56:35.0076 5948 Tcpip - ok

15:56:35.0107 5948 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

15:56:35.0154 5948 TCPIP6 - ok

15:56:35.0170 5948 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

15:56:35.0216 5948 tcpipreg - ok

15:56:35.0232 5948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:56:35.0263 5948 TDPIPE - ok

15:56:35.0279 5948 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

15:56:35.0326 5948 TDTCP - ok

15:56:35.0341 5948 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

15:56:35.0372 5948 tdx - ok

15:56:35.0388 5948 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

15:56:35.0404 5948 TermDD - ok

15:56:35.0435 5948 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:56:35.0466 5948 tssecsrv - ok

15:56:35.0497 5948 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

15:56:35.0544 5948 tunnel - ok

15:56:35.0560 5948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:56:35.0560 5948 uagp35 - ok

15:56:35.0591 5948 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys

15:56:35.0606 5948 udfs - ok

15:56:35.0622 5948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:56:35.0638 5948 uliagpkx - ok

15:56:35.0653 5948 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

15:56:35.0669 5948 umbus - ok

15:56:35.0684 5948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:56:35.0700 5948 UmPass - ok

15:56:35.0731 5948 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

15:56:35.0747 5948 USBAAPL64 - ok

15:56:35.0762 5948 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

15:56:35.0778 5948 usbccgp - ok

15:56:35.0794 5948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

15:56:35.0809 5948 usbcir - ok

15:56:35.0840 5948 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys

15:56:35.0840 5948 usbehci - ok

15:56:35.0872 5948 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys

15:56:35.0887 5948 usbhub - ok

15:56:35.0918 5948 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

15:56:35.0934 5948 usbohci - ok

15:56:35.0950 5948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:56:35.0965 5948 usbprint - ok

15:56:35.0996 5948 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:56:36.0012 5948 usbscan - ok

15:56:36.0028 5948 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:56:36.0043 5948 USBSTOR - ok

15:56:36.0059 5948 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

15:56:36.0074 5948 usbuhci - ok

15:56:36.0106 5948 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

15:56:36.0137 5948 usbvideo - ok

15:56:36.0152 5948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:56:36.0168 5948 vdrvroot - ok

15:56:36.0199 5948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:56:36.0215 5948 vga - ok

15:56:36.0230 5948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:56:36.0277 5948 VgaSave - ok

15:56:36.0293 5948 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

15:56:36.0308 5948 vhdmp - ok

15:56:36.0324 5948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

15:56:36.0340 5948 viaide - ok

15:56:36.0355 5948 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

15:56:36.0371 5948 volmgr - ok

15:56:36.0386 5948 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

15:56:36.0402 5948 volmgrx - ok

15:56:36.0418 5948 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

15:56:36.0433 5948 volsnap - ok

15:56:36.0449 5948 vpnva - ok

15:56:36.0480 5948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:56:36.0480 5948 vsmraid - ok

15:56:36.0511 5948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:56:36.0527 5948 vwifibus - ok

15:56:36.0558 5948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:56:36.0574 5948 vwififlt - ok

15:56:36.0620 5948 wacmoumonitor (4f1fbd963f8520b7ce80ffa73ef7de1d) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

15:56:36.0636 5948 wacmoumonitor - ok

15:56:36.0683 5948 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

15:56:36.0698 5948 wacommousefilter - ok

15:56:36.0730 5948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:56:36.0745 5948 WacomPen - ok

15:56:36.0776 5948 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys

15:56:36.0792 5948 wacomvhid - ok

15:56:36.0808 5948 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys

15:56:36.0808 5948 WacomVKHid - ok

15:56:36.0839 5948 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:56:36.0870 5948 WANARP - ok

15:56:36.0886 5948 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:56:36.0932 5948 Wanarpv6 - ok

15:56:36.0948 5948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:56:36.0948 5948 Wd - ok

15:56:36.0979 5948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:56:36.0995 5948 Wdf01000 - ok

15:56:37.0042 5948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:56:37.0073 5948 WfpLwf - ok

15:56:37.0088 5948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:56:37.0104 5948 WIMMount - ok

15:56:37.0135 5948 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys

15:56:37.0151 5948 WinUSB - ok

15:56:37.0166 5948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:56:37.0182 5948 WmiAcpi - ok

15:56:37.0213 5948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:56:37.0260 5948 ws2ifsl - ok

15:56:37.0276 5948 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

15:56:37.0322 5948 WudfPf - ok

15:56:37.0369 5948 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:56:37.0416 5948 WUDFRd - ok

15:56:37.0447 5948 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

15:56:37.0478 5948 yukonw7 - ok

15:56:37.0494 5948 MBR (0x1B8) (14f805a6a3c9f9682974eec8426e7418) \Device\Harddisk0\DR0

15:56:37.0572 5948 \Device\Harddisk0\DR0 - ok

15:56:37.0603 5948 Boot (0x1200) (b17708d510c0f0bf2030f1c9befefb6b) \Device\Harddisk0\DR0\Partition0

15:56:37.0603 5948 \Device\Harddisk0\DR0\Partition0 - ok

15:56:37.0603 5948 Boot (0x1200) (02fe196921a42cbf066530155025dc49) \Device\Harddisk0\DR0\Partition1

15:56:37.0603 5948 \Device\Harddisk0\DR0\Partition1 - ok

15:56:37.0634 5948 Boot (0x1200) (8343c3fe17d2aeb8821a910f1bdc2ee6) \Device\Harddisk0\DR0\Partition2

15:56:37.0634 5948 \Device\Harddisk0\DR0\Partition2 - ok

15:56:37.0650 5948 Boot (0x1200) (66c99a9c073fd254eec3d5aa1cfb0e0e) \Device\Harddisk0\DR0\Partition3

15:56:37.0650 5948 \Device\Harddisk0\DR0\Partition3 - ok

15:56:37.0650 5948 ============================================================

15:56:37.0650 5948 Scan finished

15:56:37.0650 5948 ============================================================

15:56:37.0666 5924 Detected object count: 0

15:56:37.0666 5924 Actual detected object count: 0

ComboFix 12-02-09.04 - Kayla 02/09/2012 16:10:33.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2308 [GMT -6:00]

Running from: c:\users\Kayla\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Kayla\AppData\Roaming\Local

.

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

.

2012-02-09 22:15 . 2012-02-09 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-26 18:46 . 2012-01-26 18:46 -------- d-----w- c:\program files\R

2012-01-16 02:57 . 2012-02-09 22:17 -------- d-----w- c:\users\Kayla\AppData\Roaming\WTablet

2012-01-16 02:57 . 2012-01-16 03:25 -------- d-----w- c:\users\Kayla\AppData\Roaming\WTouch

2012-01-13 22:29 . 2012-01-13 22:29 -------- d-----w- c:\users\Kayla\AppData\Roaming\Malwarebytes

2012-01-13 22:29 . 2012-01-14 01:47 -------- d-----w- c:\programdata\Malwarebytes

2012-01-13 22:29 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-13 22:29 . 2012-02-07 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-24 00:13 . 2011-11-24 00:13 129784 ------w- c:\windows\SysWow64\pxafs.dll

2011-11-24 00:13 . 2011-11-24 00:13 116472 ------w- c:\windows\SysWow64\pxcpyi64.exe

2011-11-24 00:13 . 2011-11-24 00:13 10488 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-11-24 00:13 . 2011-11-24 00:13 10488 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-11-24 00:13 . 2011-11-24 00:13 52856 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2011-11-24 00:13 . 2011-11-24 00:13 118520 ------w- c:\windows\SysWow64\pxinsi64.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-20 00:59 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-20 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2987976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]

"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-02-04 379248]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-03-14 273544]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-20 939872]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-04-01 338168]

S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-02-04 689008]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-20 909152]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF15793.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 128.104.254.254 144.92.254.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\6e404xgr.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B57b90192-5921-4eb5-96ce-6bdd42bb2d41%7D&mid=32621f2af53645499e407e14a020966a-04d5f14531e0e027ade46568425df058191b9a88&ds=AVG&v=9.0.0.18.1〈=us&pr=fr&d=2011-12-13%2014%3A46%3A05&sap=ku&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: SimplePass Online Accounts Extension : {41ecbc0b-34d5-4cd4-935f-253a30e2cb7e} - c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4

FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\9.0.0.18

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-02-09 16:21:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-09 22:21

.

Pre-Run: 405,411,573,760 bytes free

Post-Run: 404,870,664,192 bytes free

.

- - End Of File - - 372ACE04E9CEDC3EF9CAEB37E145F751

Link to post
Share on other sites

I updated SAS and reran it. No problems popped up this time. Although it wouldn't let me view my logs this time around, not sure why that is. I couldn't locate the logs elsewhere either. It looks like the problem is gone though... or I guess there never really was a problem other than my lack of updating SAS! I'll be sure to keep on top of that in the future, haha. If you happen to know why I'm unable to view the logs now, I'd appreciate knowing (I can delete them, just not view), but otherwise, thanks for all your help, Maniac!

Link to post
Share on other sites

In your case, SAS log files are located in C:\Users\Kayla\AppData\Roaming\SUPERAntiSpyware\Logs . If you have any issue with SAS I suggest you to turn to their technical support.

http://superantispyware.com/support.html

Glad I could help! :)

Follow the instructions here to uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Please manually delete DDS and TDSSKiller.

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing! :)

Link to post
Share on other sites

Ah.. just had to restart. Here's the logs, but it's clean anyway! And thanks again!!!

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 02/09/2012 at 05:06 PM

Application Version : 4.49.1000

Core Rules Database Version : 8206

Trace Rules Database Version: 6018

Scan type : Complete Scan

Total Scan Time : 00:28:39

Memory items scanned : 557

Memory threats detected : 0

Registry items scanned : 14349

Registry threats detected : 0

File items scanned : 33438

File threats detected : 7

Adware.Tracking Cookie

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@tacoda.at.atwola[1].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@at.atwola[1].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@advertising[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@cdn.at.atwola[1].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@ar.atwola[2].txt

C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Cookies\kayla@atwola[2].txt

konac.kontera.com [ C:\Users\Kayla\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MHPDXDCF ]

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.