Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Northenlad60 on February 05, 2012, 08:01:37 AM
-
Hi,
My PC is running Windows 7 64bit and has 4gb Ram with an AMD Phenom(tm) II x4 955 processor 3.20 gb. When I first built the PC it would take roughly 15 seconds from pressing the power button to it being ready for me to type my password. After doing so would take another 15secs at the most to be at the desktop.
However, for a while now this has increased dramatically to the point that 2 minutes in it is still loading up the standard applications.
I know the PC is by no means the fastest of PC's but my work PC takes less time to boot now and it is running Win XP, with production of the PC stopping in 2004, making my PC embarrasingly slow.
I have run the likes of CCCleaner and have run "SUPERAntiSpyware" (log below) and will run "Malwarebytes' Anti-Malware (MBAM)" and post the log once finished.
Question is, have I got some kind of infections on the PC?
Many Thanks guys
Richard
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/05/2012 at 02:37 PM
Application Version : 5.0.1144
Core Rules Database Version : 8203
Trace Rules Database Version: 6015
Scan type : Quick Scan
Total Scan Time : 00:24:10
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 57438
Registry threats detected : 0
File items scanned : 10918
File threats detected : 122
Adware.Tracking Cookie
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SB7TY8K.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0YKSMMX.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIJ5EI1K.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@specificclick[2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4Z8IM8P.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHNE2FIV.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JN57JYAV.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYMLXVTQ.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWLQK3U7.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dmtracker[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@intelligentelite[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@openstat[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FXRX134.txt [ Cookie:[email protected]/touchplc/local/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P29NGFST.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5W11T1X.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BC8YQ45.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0J1B4OAT.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U21PPBVO.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUD6ME1K.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT1T05LK.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RMBRZGLD.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OR0EYMN.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISGTI423.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJQJ0TF2.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@legolas-media[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@yadro[2].txt [ *Blocked Russian URL*/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JUQFMFV.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3THP3NXC.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXZ49O02.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GTJF8WM.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/eurosport/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVEIYAR4.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0F0JDQRM.txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2I6BCUB6.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYF02KEZ.txt [ Cookie:[email protected]/ak/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MDD579MH.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8TI010U.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O91DA2PF.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKHA4RMM.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G1LZQ7E.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@virginmedia[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@kantarmedia[2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH1B5BLP.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adsonar[1].txt [ Cookie:[email protected]/adserving ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@clickbank[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@xiti[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2S4YDNJP.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3JRTFYI.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NVQL3A2.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PFZ5Z1D.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCFPHJD9.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWNYJD39.txt [ Cookie:[email protected]/Venue-Finding/Christmas-Parties-2011/UK-Exclusive-Parties/Northamptonshire-Towcester-Racecourse-Midnight-in-Monte-Carlo/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/eurosport/yahoouk/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8R95HNW.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RVOJYZGM.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MX0V6S6.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dealtime[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHDY0TIW.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KE6JTOC4.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCVH7WP0.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2UYD3M2.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6KF7C26.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@indieclick[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EAJ0JJ9X.txt [ Cookie:[email protected]/servlet/ajrotator/track/pt145041 ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adxpose[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOTD9229.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6UU39QV3.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU9R8MG0.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KK8MYVV.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FPLLDOE.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@77tracking[2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGKQBPIY.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\REBTB031.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0R6XBEV.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRWOYFS2.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHOHGPNX.txt [ Cookie:[email protected]/media/177698/Autumn_Tree_3D_Screensaver/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@traveladvertising[2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\18MF1H5R.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
C:\USERS\MYRNA\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
C:\USERS\MYRNA\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
C:\USERS\RICHARD\AppData\Roaming\Microsoft\Windows\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\RICHARD\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]
-
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.05.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Richard :: MYRNAS-PICS [administrator]
Protection: Disabled
05/02/2012 15:04:54
mbam-log-2012-02-05 (15-04-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Scan options disabled: PUM | P2P
Objects scanned: 239979
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
DDS Log is below:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Richard at 15:18:47 on 2012-02-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2390 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBOE.EXE /FU "C:\Users\Richard\AppData\Local\Temp\E_S1D82.tmp" /EF "HKCU"
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NWEReboot]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9C68076B-4412-4DE7-8A92-44541465B4F0} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [NWEReboot]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-6 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-2-23 14904]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-9 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-9 30528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-1-9 219360]
S4 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-1-9 68136]
.
=============== Created Last 30 ================
.
2012-02-05 15:18:16 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-05 15:03:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12:01 -------- d-----w- C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 14:10:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-05 09:05:55 8602168 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-27 20:27:04 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27:04 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27:04 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27:04 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 19:20:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 19:20:43 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 19:20:43 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 19:20:39 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 19:20:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 19:20:37 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 19:20:37 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-27 00:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-11 11:02:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:19:42.40 ===============
-
ATTACH.TXT from DDS application is below.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2011 10:01:18
System Uptime: 05/02/2012 14:39:19 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770T-UD3
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 112.413 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 186.138 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 13.746 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.028 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 15/01/2012 17:34:45 - Windows Update
RP195: 18/01/2012 03:00:32 - Windows Update
RP196: 24/01/2012 16:04:08 - Windows Update
RP197: 01/02/2012 18:26:30 - Windows Update
RP198: 05/02/2012 09:04:23 - Windows Update
RP199: 05/02/2012 15:17:14 - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
@BIOS Ver.2.07
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 7.0
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft TotalMedia HDCam
Browser Configuration Utility
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 5.0
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CrimeCraft GangWars
Crystal Reports Basic for Visual Studio 2008
Easy Tune 6 B10.0104.1
EasySaver B9.1214.1
GDC 1308TFT CAMERA
Google Chrome
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
Java Auto Updater
Java(TM) 6 Update 30
Just Cause 2
Kaspersky Internet Security 2012
Knoll Light Factory EZ Studio 15
LightScribe Applications
LightScribe System Software
Magic Bullet Looks Studio 15
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Document Explorer 2008
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Team System 2008 Development Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 9.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PC Connectivity Solution
PDF Settings CS5
Pinnacle Hollywood FX
Pinnacle Studio 15
Pinnacle Studio 15 Ultimate Collection Plugins
Pinnacle Studio Bonus Content
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Red Giant ToonIt Studio 15
Safari
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB2251481)
Skype Toolbars
Skype™ 5.3
SmartSound Quicktracks Plugin
Steam
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
SureThing Express Labeler
Transcender Test Engine
Transcender: Exam Cert-SY0-201
Trapcode 3DStroke Studio 15
Trapcode Particular Studio
Trapcode Shine Studio 15
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB932232)
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Vtune 7.13
Vuze
Wheel Mouse Software 4.0
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR 4.00 (32-bit)
World of Tanks closed Beta v.0.6.2.8
World of Warcraft
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
05/02/2012 14:40:57, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/02/2012 14:40:57, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
05/02/2012 14:40:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCLEPCI
05/02/2012 14:39:32, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\ACRUSBTM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:28, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\ASAPIW2k.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:27, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 11:48:20, Error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
05/02/2012 09:06:28, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.1249.0).
04/02/2012 12:44:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
04/02/2012 12:32:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
04/02/2012 12:22:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
02/02/2012 19:59:57, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02/02/2012 19:56:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
01/02/2012 18:32:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.978.0).
01/02/2012 18:13:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
BHO-X64: IEVkbdBHO - No File
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: link filter bho - No File
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
Thanks. I'm at work now; so will do this when I return home.
Thanks for the speedy reply.
-
Tried to run the OTL, but got a message "Cannot create file C:\Windows\system32\drivers\etc\hosts".
I clicked on "OK".
Message at the bottom of OTL says "Resetting HOSTS file DO NOT INTERRUPT...". Once this has completed the following is displayed in Notepad:
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
No prompt to reboot, but will do this now, after which I will disable the Kaspersky software and run the ComboFix...
Be posting back shortly..
-
Hi, When Combofix completed, it opened a log file in notepad, the contents are below:
ComboFix 12-02-06.02 - Richard 06/02/2012 19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02 -------- d-----w- C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39 -------- d-----w- C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17 -------- d-----w- c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12 -------- d-----w- c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06 20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D
-
ComboFix.txt file contents are also below:
ComboFix 12-02-06.02 - Richard 06/02/2012 19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02 -------- d-----w- C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39 -------- d-----w- C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17 -------- d-----w- c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12 -------- d-----w- c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06 20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D
-
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
Firefox::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- I don't need to see the log from this script.
******************************************************
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
Rooter log is below:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 9.0.1 (en-GB)
.
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:117 Go )
D:\ [Fixed-NTFS] .. ( Total:186 Go - Free:186 Go )
E:\ [Fixed-NTFS] .. ( Total:19 Go - Free:13 Go )
F:\ [CD_Rom]
G:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 20:35.56
Path : C:\Users\Richard\Desktop\Rooter.exe
User : Richard ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ????????? (376)
______ ????????? (556)
______ ????????? (616)
______ ????????? (636)
______ ????????? (688)
______ ????????? (716)
______ ????????? (724)
______ ????????? (732)
______ ????????? (840)
______ ????????? (908)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (932)
______ ????????? (976)
______ ????????? (424)
______ ????????? (560)
______ ????????? (436)
______ ????????? (1124)
______ ????????? (1256)
______ ????????? (1404)
______ ????????? (1416)
______ ????????? (1540)
______ ????????? (1592)
______ ????????? (1700)
______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1720)
______ C:\Windows\SysWOW64\svchost.exe (1744)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1768)
______ ????????? (1984)
______ ????????? (2028)
______ C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (1112)
______ ????????? (1304)
______ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1180)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1676)
______ C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (1852)
______ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (2084)
______ ????????? (2124)
______ ????????? (2172)
______ C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (2312)
______ ????????? (1516)
______ ????????? (2788)
______ ????????? (3088)
______ ????????? (3128)
______ ????????? (3884)
______ ????????? (204)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4572)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (4112)
______ ????????? (3672)
______ ????????? (3248)
______ ????????? (5024)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2972)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4932)
______ ????????? (4996)
Locked audiodg.exe (2556)
______ ????????? (3652)
______ C:\Users\Richard\Desktop\Rooter.exe (3880)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200045388288)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:36.03
.
C:\Rooter$\Rooter_1.txt - (07/02/2012 | 20:36.03)
-
The smileys in the log are (or should be) just 3 question marks ("?"), followed by 6 more..
Oh, and thanks for this help..
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi,
The scan completed and did not detect anything, therefore no log was created. Have I been infected, or is it just a bit of tweeking required? It would you recommend rebuilding again(reinstall Windows etc)?
-
Is it still running slowly? Is it slow at booting up?
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Hi,
Ok, the PC does still take a while to boot into windows and load all the applications.
I ran the "aswMBR.exe" (althought the sereenshot is a bit outdated) and selected the option "Quickscan", instead of specific drives (as I have more than one drive).
Contents of the log are shown below:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:37:01
-----------------------------
18:37:01.175 OS Version: Windows x64 6.1.7601 Service Pack 1
18:37:01.175 Number of processors: 4 586 0x403
18:37:01.175 ComputerName: MYRNAS-PICS UserName: Richard
18:38:04.554 Initialize success
18:39:37.066 AVAST engine defs: 12020902
18:40:50.667 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:40:50.682 Disk 0 Vendor: ST3200822A 3.01 Size: 190778MB BusType: 3
18:40:50.682 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:40:50.682 Disk 1 Vendor: Maxtor_2B020H1 WAK21R90 Size: 19541MB BusType: 3
18:40:50.698 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:40:50.698 Disk 2 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
18:40:50.714 Disk 2 MBR read successfully
18:40:50.714 Disk 2 MBR scan
18:40:50.714 Disk 2 Windows 7 default MBR code
18:40:50.729 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:40:50.745 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:40:50.745 Service scanning
18:40:52.040 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:40:52.055 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:40:52.102 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:40:52.118 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:40:53.849 Modules scanning
18:40:53.849 Disk 2 trace - called modules:
18:40:53.880 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:40:53.896 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004a56790]
18:40:53.912 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003abcd10]
18:40:53.912 5 ACPI.sys[fffff88000e8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003aca060]
18:40:54.707 AVAST engine scan C:\Windows
18:40:58.748 AVAST engine scan C:\Windows\system32
18:44:39.254 AVAST engine scan C:\Windows\system32\drivers
18:44:54.417 AVAST engine scan C:\Users\Richard
18:50:43.515 Disk 2 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
18:50:43.515 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"
I will also run again, selecting each drive, and repost each one after this.
-
Each of the drives logs are below:
C Drive
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:55:38
-----------------------------
18:55:38.421 OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:38.421 Number of processors: 4 586 0x403
18:55:38.421 ComputerName: MYRNAS-PICS UserName: Richard
18:55:39.653 Initialize success
18:55:43.054 AVAST engine defs: 12020902
18:55:50.355 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:55:50.355 Disk 0 Vendor: ST3200822A 3.01 Size: 190778MB BusType: 3
18:55:50.355 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:55:50.355 Disk 1 Vendor: Maxtor_2B020H1 WAK21R90 Size: 19541MB BusType: 3
18:55:50.371 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:55:50.371 Disk 2 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
18:55:50.386 Disk 2 MBR read successfully
18:55:50.402 Disk 2 MBR scan
18:55:50.402 Disk 2 Windows 7 default MBR code
18:55:50.402 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:55:50.417 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:55:50.433 Service scanning
18:55:51.104 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:55:51.119 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:55:51.119 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:55:51.119 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:55:51.759 Modules scanning
18:55:51.775 Disk 2 trace - called modules:
18:55:51.821 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:55:51.837 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004a56790]
18:55:51.853 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003abcd10]
18:55:51.868 5 ACPI.sys[fffff88000e8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003aca060]
18:55:52.945 AVAST engine scan C:\
18:56:29.948 Disk 2 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
18:56:29.948 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR - c drive.txt"
-
D, E and G drives all said the same thing (except for the drive location, where it stated "AVAST engine scan <DRIVE>"
-
Did you try running StartUpLite?
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
Comments removed.
-
Hi,
Ok, first things first. My PC does seem a bit faster in boot up and loading all application. I had run the StartUpLite when you requested this last time... Did you want me to run it again?
Anyway. The log from the MBRCheck is below:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA770T-UD3
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 190):
0x0321B000 \SystemRoot\system32\ntoskrnl.exe
0x03804000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00CAE000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBB000 \SystemRoot\system32\PSHED.dll
0x00CCF000 \SystemRoot\system32\CLFS.SYS
0x00D2D000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC0000 \SystemRoot\system32\drivers\ACPI.sys
0x00F17000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F20000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F2A000 \SystemRoot\system32\drivers\pci.sys
0x00F5D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F6A000 \SystemRoot\System32\drivers\partmgr.sys
0x00F7F000 \SystemRoot\system32\drivers\volmgr.sys
0x00F94000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF0000 \SystemRoot\system32\drivers\pciide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E2A000 \SystemRoot\system32\drivers\atapi.sys
0x00E33000 \SystemRoot\system32\drivers\ataport.SYS
0x00E5D000 \SystemRoot\system32\drivers\amdxata.sys
0x00E68000 \SystemRoot\system32\drivers\fltmgr.sys
0x01086000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0109A000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010F8000 \SystemRoot\System32\Drivers\cng.sys
0x013DC000 \SystemRoot\System32\drivers\pcw.sys
0x013ED000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0145C000 \SystemRoot\system32\drivers\ndis.sys
0x0154F000 \SystemRoot\system32\drivers\NETIO.SYS
0x015AF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01623000 \SystemRoot\System32\drivers\tcpip.sys
0x01827000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01871000 \SystemRoot\system32\drivers\volsnap.sys
0x018BD000 \SystemRoot\System32\Drivers\spldr.sys
0x018C5000 \SystemRoot\System32\drivers\rdyboost.sys
0x018FF000 \SystemRoot\System32\Drivers\mup.sys
0x01A96000 \SystemRoot\system32\DRIVERS\kl1.sys
0x021F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01939000 \SystemRoot\system32\drivers\cdrom.sys
0x046FD000 \SystemRoot\system32\DRIVERS\klif.sys
0x047A0000 \SystemRoot\System32\Drivers\Null.SYS
0x047A9000 \SystemRoot\System32\Drivers\Beep.SYS
0x047B0000 \SystemRoot\System32\drivers\vga.sys
0x047BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x047E3000 \SystemRoot\System32\drivers\watchdog.sys
0x047F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04600000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04609000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04612000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0461D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0462E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04650000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0465D000 \SystemRoot\system32\DRIVERS\kl2.sys
0x04664000 \SystemRoot\system32\drivers\afd.sys
0x01963000 \SystemRoot\System32\DRIVERS\netbt.sys
0x046ED000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x019A8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x019B1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x019D7000 \SystemRoot\system32\DRIVERS\klim6.sys
0x019E0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01600000 \SystemRoot\system32\DRIVERS\serial.sys
0x015DA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01400000 \SystemRoot\system32\drivers\termdd.sys
0x019EF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x01414000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0116A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0141E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0142A000 \SystemRoot\system32\drivers\mssmbios.sys
0x01435000 \SystemRoot\System32\drivers\discache.sys
0x01200000 \SystemRoot\System32\Drivers\dfsc.sys
0x01444000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011BB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011E1000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x015F5000 \SystemRoot\system32\drivers\wmiacpi.sys
0x138CC000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x034F8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03446000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0346A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x034A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x034B6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x14530000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x034C1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x14586000 \SystemRoot\system32\drivers\1394ohci.sys
0x034D2000 \SystemRoot\system32\DRIVERS\serenum.sys
0x145C4000 \SystemRoot\system32\DRIVERS\parport.sys
0x145E1000 \SystemRoot\system32\drivers\i8042prt.sys
0x034DE000 \SystemRoot\system32\drivers\kbdclass.sys
0x035EC000 \SystemRoot\system32\drivers\CompositeBus.sys
0x13800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x13816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x1383A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x13846000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x13875000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x13890000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x138B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x01000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035FC000 \SystemRoot\system32\drivers\swenum.sys
0x0100F000 \SystemRoot\system32\drivers\ks.sys
0x05099000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x050DD000 \SystemRoot\system32\drivers\umbus.sys
0x050EF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05149000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0515E000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0518B000 \SystemRoot\system32\drivers\portcls.sys
0x051C8000 \SystemRoot\system32\drivers\drmk.sys
0x051EA000 \SystemRoot\system32\drivers\ksthunk.sys
0x06246000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06464000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06472000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0647E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06487000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x0649A000 \SystemRoot\System32\drivers\Dxapi.sys
0x064A6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x064B4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x064C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x064DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x064E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x064E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x064F3000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x00760000 \SystemRoot\System32\cdd.dll
0x00920000 \SystemRoot\System32\ATMFD.DLL
0x064FD000 \SystemRoot\system32\drivers\luafv.sys
0x06520000 \SystemRoot\system32\drivers\WudfPf.sys
0x06541000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06556000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06609000 \SystemRoot\system32\drivers\HTTP.sys
0x066D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x066F0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06708000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06735000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06783000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07023000 \SystemRoot\system32\drivers\peauth.sys
0x070C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x070D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07105000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07117000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05000000 \SystemRoot\System32\DRIVERS\srv.sys
0x07180000 \??\C:\Windows\system32\drivers\mbam.sys
0x0718A000 \SystemRoot\system32\drivers\spsys.sys
0x07000000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77020000 \Windows\System32\ntdll.dll
0x47740000 \Windows\System32\smss.exe
0xFF340000 \Windows\System32\apisetschema.dll
0xFFF20000 \Windows\System32\autochk.exe
0xFF200000 \Windows\System32\rpcrt4.dll
0xFF190000 \Windows\System32\gdi32.dll
0xFE400000 \Windows\System32\shell32.dll
0xFE380000 \Windows\System32\shlwapi.dll
0xFE350000 \Windows\System32\imm32.dll
0xFE140000 \Windows\System32\ole32.dll
0xFE0A0000 \Windows\System32\clbcatq.dll
0xFE040000 \Windows\System32\Wldap32.dll
0xFDFC0000 \Windows\System32\difxapi.dll
0x76F00000 \Windows\System32\kernel32.dll
0xFDEE0000 \Windows\System32\oleaut32.dll
0xFDE40000 \Windows\System32\comdlg32.dll
0xFDCC0000 \Windows\System32\urlmon.dll
0xFDBB0000 \Windows\System32\msctf.dll
0xFDB10000 \Windows\System32\msvcrt.dll
0xFDAC0000 \Windows\System32\ws2_32.dll
0xFDAB0000 \Windows\System32\lpk.dll
0xFDAA0000 \Windows\System32\nsi.dll
0xFDA80000 \Windows\System32\sechost.dll
0x76E00000 \Windows\System32\user32.dll
0x771F0000 \Windows\System32\normaliz.dll
0xFD820000 \Windows\System32\iertutil.dll
0xFD6F0000 \Windows\System32\wininet.dll
0xFD6D0000 \Windows\System32\imagehlp.dll
0xFD5F0000 \Windows\System32\advapi32.dll
0x771E0000 \Windows\System32\psapi.dll
0xFD520000 \Windows\System32\usp10.dll
0xFD340000 \Windows\System32\setupapi.dll
0xFD2D0000 \Windows\System32\KernelBase.dll
0xFD160000 \Windows\System32\crypt32.dll
0xFD120000 \Windows\System32\wintrust.dll
0xFD080000 \Windows\System32\comctl32.dll
0xFD040000 \Windows\System32\cfgmgr32.dll
0xFD020000 \Windows\System32\devobj.dll
0xFD010000 \Windows\System32\msasn1.dll
0x754B0000 \Windows\SysWOW64\normaliz.dll
Processes (total 85):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
556 csrss.exe
616 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
712 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\nvvsvc.exe
936 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
980 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\audiodg.exe
1124 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1396 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1408 C:\Windows\System32\nvvsvc.exe
1492 C:\Windows\System32\spoolsv.exe
1520 C:\Windows\System32\svchost.exe
1696 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1720 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1744 C:\Windows\SysWOW64\svchost.exe
1764 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1972 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
2012 C:\Program Files\Bonjour\mDNSResponder.exe
1064 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
1156 C:\Windows\System32\svchost.exe
1556 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1776 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1884 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1476 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2080 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2144 C:\Windows\System32\svchost.exe
2316 C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
3012 C:\Windows\System32\taskhost.exe
1644 C:\Windows\explorer.exe
1604 C:\Windows\System32\dwm.exe
3112 C:\Windows\System32\svchost.exe
3276 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3564 C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
3576 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3584 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3664 C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
3752 C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
3792 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3816 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
3900 C:\Windows\System32\taskeng.exe
4072 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4080 C:\Program Files (x86)\QuickTime\QTTask.exe
3872 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
3828 C:\Windows\System32\SearchIndexer.exe
4136 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4236 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4512 C:\Program Files\iPod\bin\iPodService.exe
5048 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
5080 C:\Program Files\Windows Media Player\wmpnetwk.exe
4688 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4904 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3172 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
2644 WmiPrvSE.exe
4752 C:\Windows\System32\SearchProtocolHost.exe
1380 C:\Windows\System32\svchost.exe
4056 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
1536 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
4184 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
5888 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
5172 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5244 C:\Windows\System32\sppsvc.exe
6120 C:\Windows\System32\svchost.exe
5736 taskhost.exe
5924 WmiPrvSE.exe
5352 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5848 C:\Windows\servicing\TrustedInstaller.exe
4400 C:\Users\Richard\Desktop\MBRCheck.exe
1464 C:\Windows\System32\conhost.exe
5008 C:\Windows\System32\dllhost.exe
188 C:\Windows\System32\VSSVC.exe
5372 C:\Windows\System32\svchost.exe
3216 C:\Windows\System32\SearchProtocolHost.exe
3176 C:\Windows\System32\SearchFilterHost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: HitachiHDS721050CLA362, Rev: JP2OA3MA
PhysicalDrive1 Model Number: ST3200822A, Rev: 3.01
PhysicalDrive2 Model Number: Maxtor2B020H1, Rev: WAK21R90
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
186 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
19 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A
Done!
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
Hi,
I have run the application and the log is posted below. I would like to say thanks for this, as I do think the PC is running better. The fact that the last 2 scans picked nothing up, seems to show everything is ok.
08:27:42.0788 1984 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
08:27:42.0975 1984 ============================================================
08:27:42.0975 1984 Current date / time: 2012/02/11 08:27:42.0975
08:27:42.0975 1984 SystemInfo:
08:27:42.0975 1984
08:27:42.0975 1984 OS Version: 6.1.7601 ServicePack: 1.0
08:27:42.0975 1984 Product type: Workstation
08:27:42.0975 1984 ComputerName: MYRNAS-PICS
08:27:42.0975 1984 UserName: Richard
08:27:42.0975 1984 Windows directory: C:\Windows
08:27:42.0975 1984 System windows directory: C:\Windows
08:27:42.0975 1984 Running under WOW64
08:27:42.0975 1984 Processor architecture: Intel x64
08:27:42.0975 1984 Number of processors: 4
08:27:42.0975 1984 Page size: 0x1000
08:27:42.0975 1984 Boot type: Normal boot
08:27:42.0975 1984 ============================================================
08:27:44.0301 1984 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:27:44.0301 1984 Drive \Device\Harddisk0\DR0 - Size: 0x2E93A2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:27:44.0301 1984 Drive \Device\Harddisk1\DR1 - Size: 0x4C5552000 (19.08 Gb), SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:27:44.0317 1984 \Device\Harddisk2\DR2:
08:27:44.0317 1984 MBR used
08:27:44.0317 1984 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:27:44.0317 1984 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:27:44.0317 1984 \Device\Harddisk0\DR0:
08:27:44.0317 1984 MBR used
08:27:44.0317 1984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749D131
08:27:44.0317 1984 \Device\Harddisk1\DR1:
08:27:44.0317 1984 MBR used
08:27:44.0317 1984 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x26260FB
08:27:44.0364 1984 Initialize success
08:27:44.0364 1984 ============================================================
08:27:46.0548 2428 ============================================================
08:27:46.0548 2428 Scan started
08:27:46.0548 2428 Mode: Manual;
08:27:46.0548 2428 ============================================================
08:27:48.0326 2428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:27:48.0326 2428 1394ohci - ok
08:27:48.0357 2428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:27:48.0373 2428 ACPI - ok
08:27:48.0466 2428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:27:48.0482 2428 AcpiPmi - ok
08:27:48.0498 2428 ACRUSBTM - ok
08:27:48.0591 2428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:27:48.0607 2428 adp94xx - ok
08:27:48.0669 2428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:27:48.0669 2428 adpahci - ok
08:27:48.0763 2428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:27:48.0763 2428 adpu320 - ok
08:27:48.0872 2428 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:27:48.0872 2428 AFD - ok
08:27:49.0012 2428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:27:49.0012 2428 agp440 - ok
08:27:49.0215 2428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:27:49.0215 2428 aliide - ok
08:27:49.0246 2428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:27:49.0246 2428 amdide - ok
08:27:49.0324 2428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:27:49.0324 2428 AmdK8 - ok
08:27:49.0356 2428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:27:49.0356 2428 AmdPPM - ok
08:27:49.0418 2428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:27:49.0434 2428 amdsata - ok
08:27:49.0512 2428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:27:49.0512 2428 amdsbs - ok
08:27:49.0590 2428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:27:49.0590 2428 amdxata - ok
08:27:49.0714 2428 AODDriver (f160ecce1500a5a5877c123584e86b17) C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
08:27:49.0714 2428 AODDriver - ok
08:27:49.0808 2428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:27:49.0808 2428 AppID - ok
08:27:49.0933 2428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:27:49.0933 2428 arc - ok
08:27:49.0948 2428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:27:49.0948 2428 arcsas - ok
08:27:50.0011 2428 ASAPIW2k - ok
08:27:50.0042 2428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:27:50.0042 2428 AsyncMac - ok
08:27:50.0104 2428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:27:50.0104 2428 atapi - ok
08:27:50.0198 2428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:27:50.0214 2428 b06bdrv - ok
08:27:50.0260 2428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:27:50.0260 2428 b57nd60a - ok
08:27:50.0354 2428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:27:50.0354 2428 Beep - ok
08:27:50.0401 2428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:27:50.0401 2428 blbdrive - ok
08:27:50.0510 2428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:27:50.0526 2428 bowser - ok
08:27:50.0541 2428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:27:50.0541 2428 BrFiltLo - ok
08:27:50.0588 2428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:27:50.0588 2428 BrFiltUp - ok
08:27:50.0697 2428 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:27:50.0697 2428 BridgeMP - ok
08:27:50.0744 2428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:27:50.0760 2428 Brserid - ok
08:27:50.0775 2428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:27:50.0775 2428 BrSerWdm - ok
08:27:50.0838 2428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:27:50.0853 2428 BrUsbMdm - ok
08:27:50.0947 2428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:27:50.0947 2428 BrUsbSer - ok
08:27:50.0962 2428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:27:50.0978 2428 BTHMODEM - ok
08:27:50.0978 2428 catchme - ok
08:27:51.0072 2428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:27:51.0072 2428 cdfs - ok
08:27:51.0150 2428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:27:51.0165 2428 cdrom - ok
08:27:51.0243 2428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:27:51.0243 2428 circlass - ok
08:27:51.0274 2428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:27:51.0274 2428 CLFS - ok
08:27:51.0384 2428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:27:51.0384 2428 CmBatt - ok
08:27:51.0446 2428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:27:51.0446 2428 cmdide - ok
08:27:51.0508 2428 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:27:51.0508 2428 CNG - ok
08:27:51.0586 2428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:27:51.0586 2428 Compbatt - ok
08:27:51.0696 2428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:27:51.0696 2428 CompositeBus - ok
08:27:51.0774 2428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:27:51.0774 2428 crcdisk - ok
08:27:51.0867 2428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:27:51.0867 2428 DfsC - ok
08:27:51.0945 2428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:27:51.0945 2428 discache - ok
08:27:51.0976 2428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:27:51.0976 2428 Disk - ok
08:27:52.0070 2428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:27:52.0070 2428 drmkaud - ok
08:27:52.0148 2428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:27:52.0164 2428 DXGKrnl - ok
08:27:52.0304 2428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:27:52.0320 2428 ebdrv - ok
08:27:52.0413 2428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:27:52.0413 2428 elxstor - ok
08:27:52.0538 2428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:27:52.0554 2428 ErrDev - ok
08:27:52.0585 2428 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
08:27:52.0585 2428 etdrv - ok
08:27:52.0694 2428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:27:52.0694 2428 exfat - ok
08:27:52.0725 2428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:27:52.0741 2428 fastfat - ok
08:27:52.0834 2428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:27:52.0834 2428 fdc - ok
08:27:52.0897 2428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:27:52.0912 2428 FileInfo - ok
08:27:52.0928 2428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:27:52.0928 2428 Filetrace - ok
08:27:53.0068 2428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:27:53.0068 2428 flpydisk - ok
08:27:53.0162 2428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:27:53.0162 2428 FltMgr - ok
08:27:53.0224 2428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:27:53.0224 2428 FsDepends - ok
08:27:53.0271 2428 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:27:53.0271 2428 Fs_Rec - ok
08:27:53.0365 2428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:27:53.0365 2428 fvevol - ok
08:27:53.0412 2428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:27:53.0412 2428 gagp30kx - ok
08:27:53.0474 2428 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
08:27:53.0474 2428 gdrv - ok
08:27:53.0568 2428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:27:53.0568 2428 GEARAspiWDM - ok
08:27:53.0692 2428 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
08:27:53.0692 2428 GVTDrv64 - ok
08:27:53.0755 2428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:27:53.0755 2428 hcw85cir - ok
08:27:53.0848 2428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:27:53.0864 2428 HdAudAddService - ok
08:27:53.0942 2428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:27:53.0942 2428 HDAudBus - ok
08:27:53.0989 2428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:27:53.0989 2428 HidBatt - ok
08:27:54.0020 2428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:27:54.0020 2428 HidBth - ok
08:27:54.0067 2428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:27:54.0067 2428 HidIr - ok
08:27:54.0176 2428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:27:54.0176 2428 HidUsb - ok
08:27:54.0254 2428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:27:54.0254 2428 HpSAMD - ok
08:27:54.0348 2428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:27:54.0363 2428 HTTP - ok
08:27:54.0410 2428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:27:54.0410 2428 hwpolicy - ok
08:27:54.0535 2428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:27:54.0535 2428 i8042prt - ok
08:27:54.0582 2428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:27:54.0582 2428 iaStorV - ok
08:27:54.0706 2428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:27:54.0706 2428 iirsp - ok
08:27:54.0800 2428 IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys
08:27:54.0800 2428 IntcAzAudAddService - ok
08:27:54.0925 2428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:27:54.0940 2428 intelide - ok
08:27:54.0972 2428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:27:54.0972 2428 intelppm - ok
08:27:55.0081 2428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:27:55.0081 2428 IpFilterDriver - ok
08:27:55.0143 2428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:27:55.0143 2428 IPMIDRV - ok
08:27:55.0221 2428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:27:55.0221 2428 IPNAT - ok
08:27:55.0315 2428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:27:55.0315 2428 IRENUM - ok
08:27:55.0377 2428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:27:55.0377 2428 isapnp - ok
08:27:55.0440 2428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:27:55.0455 2428 iScsiPrt - ok
08:27:55.0533 2428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:27:55.0533 2428 kbdclass - ok
08:27:55.0611 2428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:27:55.0611 2428 kbdhid - ok
08:27:55.0720 2428 kl1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
08:27:55.0720 2428 kl1 - ok
08:27:55.0830 2428 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
08:27:55.0830 2428 kl2 - ok
08:27:55.0876 2428 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
08:27:55.0892 2428 KLIF - ok
08:27:55.0954 2428 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
08:27:55.0954 2428 KLIM6 - ok
08:27:56.0032 2428 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
08:27:56.0032 2428 klmouflt - ok
08:27:56.0095 2428 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:27:56.0095 2428 KSecDD - ok
08:27:56.0188 2428 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:27:56.0204 2428 KSecPkg - ok
08:27:56.0235 2428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:27:56.0235 2428 ksthunk - ok
08:27:56.0344 2428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:27:56.0360 2428 lltdio - ok
08:27:56.0422 2428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:27:56.0422 2428 LSI_FC - ok
08:27:56.0500 2428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:27:56.0500 2428 LSI_SAS - ok
08:27:56.0532 2428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:27:56.0532 2428 LSI_SAS2 - ok
08:27:56.0563 2428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:27:56.0563 2428 LSI_SCSI - ok
08:27:56.0656 2428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:27:56.0672 2428 luafv - ok
08:27:56.0734 2428 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
08:27:56.0750 2428 MarvinBus - ok
08:27:56.0875 2428 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:27:56.0875 2428 MBAMProtector - ok
08:27:56.0968 2428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:27:56.0968 2428 megasas - ok
08:27:57.0015 2428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:27:57.0031 2428 MegaSR - ok
08:27:57.0109 2428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:27:57.0109 2428 Modem - ok
08:27:57.0140 2428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:27:57.0140 2428 monitor - ok
08:27:57.0218 2428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:27:57.0218 2428 mouclass - ok
08:27:57.0265 2428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:27:57.0265 2428 mouhid - ok
08:27:57.0327 2428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:27:57.0327 2428 mountmgr - ok
08:27:57.0405 2428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:27:57.0405 2428 mpio - ok
08:27:57.0468 2428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:27:57.0468 2428 mpsdrv - ok
08:27:57.0561 2428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:27:57.0561 2428 MRxDAV - ok
08:27:57.0670 2428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:27:57.0670 2428 mrxsmb - ok
08:27:57.0748 2428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:27:57.0748 2428 mrxsmb10 - ok
08:27:57.0858 2428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:27:57.0858 2428 mrxsmb20 - ok
08:27:57.0920 2428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:27:57.0920 2428 msahci - ok
08:27:58.0014 2428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:27:58.0014 2428 msdsm - ok
08:27:58.0076 2428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:27:58.0076 2428 Msfs - ok
08:27:58.0138 2428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:27:58.0138 2428 mshidkmdf - ok
08:27:58.0201 2428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:27:58.0201 2428 msisadrv - ok
08:27:58.0294 2428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:27:58.0294 2428 MSKSSRV - ok
08:27:58.0310 2428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:27:58.0310 2428 MSPCLOCK - ok
08:27:58.0326 2428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:27:58.0326 2428 MSPQM - ok
08:27:58.0388 2428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:27:58.0388 2428 MsRPC - ok
08:27:58.0497 2428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:27:58.0497 2428 mssmbios - ok
08:27:58.0606 2428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:27:58.0606 2428 MSTEE - ok
08:27:58.0653 2428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:27:58.0653 2428 MTConfig - ok
08:27:58.0716 2428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:27:58.0716 2428 Mup - ok
08:27:58.0778 2428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:27:58.0794 2428 NativeWifiP - ok
08:27:58.0950 2428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:27:58.0965 2428 NDIS - ok
08:27:59.0059 2428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:27:59.0059 2428 NdisCap - ok
08:27:59.0152 2428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:27:59.0152 2428 NdisTapi - ok
08:27:59.0215 2428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:27:59.0215 2428 Ndisuio - ok
08:27:59.0324 2428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:27:59.0324 2428 NdisWan - ok
08:27:59.0386 2428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:27:59.0386 2428 NDProxy - ok
08:27:59.0433 2428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:27:59.0433 2428 NetBIOS - ok
08:27:59.0527 2428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:27:59.0527 2428 NetBT - ok
08:27:59.0605 2428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:27:59.0605 2428 nfrd960 - ok
08:27:59.0652 2428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:27:59.0652 2428 Npfs - ok
08:27:59.0667 2428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:27:59.0667 2428 nsiproxy - ok
08:27:59.0776 2428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:27:59.0792 2428 Ntfs - ok
08:27:59.0870 2428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:27:59.0870 2428 Null - ok
08:27:59.0948 2428 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
08:27:59.0948 2428 NVHDA - ok
08:28:00.0229 2428 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:28:00.0276 2428 nvlddmkm - ok
08:28:00.0369 2428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:28:00.0385 2428 nvraid - ok
08:28:00.0400 2428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:28:00.0400 2428 nvstor - ok
08:28:00.0541 2428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:28:00.0541 2428 nv_agp - ok
08:28:00.0572 2428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:28:00.0572 2428 ohci1394 - ok
08:28:00.0681 2428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:28:00.0681 2428 Parport - ok
08:28:00.0744 2428 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:28:00.0744 2428 partmgr - ok
08:28:00.0884 2428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:28:00.0884 2428 pci - ok
08:28:00.0915 2428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:28:00.0915 2428 pciide - ok
08:28:00.0962 2428 PCLEPCI - ok
08:28:01.0009 2428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:28:01.0009 2428 pcmcia - ok
08:28:01.0040 2428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:28:01.0040 2428 pcw - ok
08:28:01.0134 2428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:28:01.0134 2428 PEAUTH - ok
08:28:01.0258 2428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:28:01.0258 2428 PptpMiniport - ok
08:28:01.0336 2428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:28:01.0336 2428 Processor - ok
08:28:01.0414 2428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:28:01.0414 2428 Psched - ok
08:28:01.0539 2428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:28:01.0555 2428 ql2300 - ok
08:28:01.0570 2428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:28:01.0570 2428 ql40xx - ok
08:28:01.0680 2428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:28:01.0680 2428 QWAVEdrv - ok
08:28:01.0695 2428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:28:01.0695 2428 RasAcd - ok
08:28:01.0742 2428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:28:01.0742 2428 RasAgileVpn - ok
08:28:01.0836 2428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:28:01.0836 2428 Rasl2tp - ok
08:28:01.0898 2428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:28:01.0898 2428 RasPppoe - ok
08:28:01.0945 2428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:28:01.0945 2428 RasSstp - ok
08:28:02.0023 2428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:28:02.0038 2428 rdbss - ok
08:28:02.0054 2428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:28:02.0054 2428 rdpbus - ok
08:28:02.0101 2428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:28:02.0101 2428 RDPCDD - ok
08:28:02.0163 2428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:28:02.0163 2428 RDPENCDD - ok
08:28:02.0194 2428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:28:02.0194 2428 RDPREFMP - ok
08:28:02.0288 2428 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:28:02.0288 2428 RDPWD - ok
08:28:02.0397 2428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:28:02.0397 2428 rdyboost - ok
08:28:02.0491 2428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:28:02.0491 2428 rspndr - ok
08:28:02.0522 2428 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:28:02.0538 2428 RTL8167 - ok
08:28:02.0600 2428 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:28:02.0600 2428 SASDIFSV - ok
08:28:02.0631 2428 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:28:02.0631 2428 SASKUTIL - ok
08:28:02.0725 2428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:28:02.0740 2428 sbp2port - ok
08:28:02.0787 2428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:28:02.0787 2428 scfilter - ok
08:28:02.0912 2428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:28:02.0912 2428 secdrv - ok
08:28:02.0959 2428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:28:02.0959 2428 Serenum - ok
08:28:02.0974 2428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:28:02.0990 2428 Serial - ok
08:28:03.0084 2428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:28:03.0084 2428 sermouse - ok
08:28:03.0130 2428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:28:03.0130 2428 sffdisk - ok
08:28:03.0146 2428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:28:03.0146 2428 sffp_mmc - ok
08:28:03.0224 2428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:28:03.0224 2428 sffp_sd - ok
08:28:03.0271 2428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:28:03.0271 2428 sfloppy - ok
08:28:03.0302 2428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:28:03.0302 2428 SiSRaid2 - ok
08:28:03.0364 2428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:28:03.0364 2428 SiSRaid4 - ok
08:28:03.0411 2428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:28:03.0411 2428 Smb - ok
08:28:03.0489 2428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:28:03.0505 2428 spldr - ok
08:28:03.0661 2428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:28:03.0676 2428 srv - ok
08:28:03.0708 2428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:28:03.0708 2428 srv2 - ok
08:28:03.0739 2428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:28:03.0739 2428 srvnet - ok
08:28:03.0848 2428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:28:03.0848 2428 stexstor - ok
08:28:03.0926 2428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:28:03.0926 2428 swenum - ok
08:28:04.0004 2428 TBPanel - ok
08:28:04.0113 2428 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:28:04.0144 2428 Tcpip - ok
08:28:04.0285 2428 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:28:04.0300 2428 TCPIP6 - ok
08:28:04.0363 2428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:28:04.0363 2428 tcpipreg - ok
08:28:04.0441 2428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:28:04.0456 2428 TDPIPE - ok
08:28:04.0472 2428 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:28:04.0472 2428 TDTCP - ok
08:28:04.0581 2428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:28:04.0581 2428 tdx - ok
08:28:04.0659 2428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:28:04.0659 2428 TermDD - ok
08:28:04.0753 2428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:28:04.0768 2428 tssecsrv - ok
08:28:04.0893 2428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:28:04.0893 2428 TsUsbFlt - ok
08:28:04.0987 2428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:28:04.0987 2428 tunnel - ok
08:28:05.0065 2428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:28:05.0065 2428 uagp35 - ok
08:28:05.0127 2428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:28:05.0143 2428 udfs - ok
08:28:05.0268 2428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:28:05.0268 2428 uliagpkx - ok
08:28:05.0299 2428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:28:05.0299 2428 umbus - ok
08:28:05.0330 2428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:28:05.0330 2428 UmPass - ok
08:28:05.0424 2428 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:28:05.0439 2428 USBAAPL64 - ok
08:28:05.0486 2428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:28:05.0502 2428 usbccgp - ok
08:28:05.0564 2428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:28:05.0564 2428 usbcir - ok
08:28:05.0595 2428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:28:05.0595 2428 usbehci - ok
08:28:05.0689 2428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:28:05.0689 2428 usbhub - ok
08:28:05.0798 2428 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:28:05.0798 2428 usbohci - ok
08:28:05.0829 2428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:28:05.0829 2428 usbprint - ok
08:28:05.0938 2428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:28:05.0938 2428 usbscan - ok
08:28:06.0001 2428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:28:06.0001 2428 USBSTOR - ok
08:28:06.0048 2428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:28:06.0063 2428 usbuhci - ok
08:28:06.0157 2428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:28:06.0157 2428 vdrvroot - ok
08:28:06.0219 2428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:28:06.0219 2428 vga - ok
08:28:06.0250 2428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:28:06.0250 2428 VgaSave - ok
08:28:06.0313 2428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:28:06.0313 2428 vhdmp - ok
08:28:06.0375 2428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:28:06.0375 2428 viaide - ok
08:28:06.0422 2428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:28:06.0422 2428 volmgr - ok
08:28:06.0500 2428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:28:06.0500 2428 volmgrx - ok
08:28:06.0609 2428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:28:06.0609 2428 volsnap - ok
08:28:06.0656 2428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:28:06.0672 2428 vsmraid - ok
08:28:06.0952 2428 VSPerfDrv90 (858c3833cd5a359b110bc5ec1f760cbd) C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys
08:28:06.0968 2428 VSPerfDrv90 - ok
08:28:07.0046 2428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:28:07.0046 2428 vwifibus - ok
08:28:07.0077 2428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:28:07.0077 2428 WacomPen - ok
08:28:07.0186 2428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:28:07.0186 2428 WANARP - ok
08:28:07.0202 2428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:28:07.0202 2428 Wanarpv6 - ok
08:28:07.0264 2428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:28:07.0264 2428 Wd - ok
08:28:07.0342 2428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:28:07.0342 2428 Wdf01000 - ok
08:28:07.0420 2428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:28:07.0420 2428 WfpLwf - ok
08:28:07.0452 2428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:28:07.0452 2428 WIMMount - ok
08:28:07.0623 2428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:28:07.0623 2428 WinUsb - ok
08:28:07.0654 2428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:28:07.0654 2428 WmiAcpi - ok
08:28:07.0686 2428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:28:07.0686 2428 ws2ifsl - ok
08:28:07.0810 2428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:28:07.0810 2428 WudfPf - ok
08:28:07.0857 2428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:28:07.0857 2428 WUDFRd - ok
08:28:07.0904 2428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
08:28:07.0966 2428 \Device\Harddisk2\DR2 - ok
08:28:07.0982 2428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:28:07.0982 2428 \Device\Harddisk0\DR0 - ok
08:28:07.0982 2428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:28:08.0122 2428 \Device\Harddisk1\DR1 - ok
08:28:08.0122 2428 Boot (0x1200) (c2877de7c93f52526b07de6e34c19ffe) \Device\Harddisk2\DR2\Partition0
08:28:08.0122 2428 \Device\Harddisk2\DR2\Partition0 - ok
08:28:08.0169 2428 Boot (0x1200) (3e7ca51556514d05f4394dd1ae1e3ab3) \Device\Harddisk2\DR2\Partition1
08:28:08.0169 2428 \Device\Harddisk2\DR2\Partition1 - ok
08:28:08.0169 2428 Boot (0x1200) (1c1dcb712a572d798d2587ac298deb6b) \Device\Harddisk0\DR0\Partition0
08:28:08.0169 2428 \Device\Harddisk0\DR0\Partition0 - ok
08:28:08.0185 2428 Boot (0x1200) (a5a9019076538a675005bf7370defce2) \Device\Harddisk1\DR1\Partition0
08:28:08.0185 2428 \Device\Harddisk1\DR1\Partition0 - ok
08:28:08.0185 2428 ============================================================
08:28:08.0185 2428 Scan finished
08:28:08.0185 2428 ============================================================
08:28:08.0200 5936 Detected object count: 0
08:28:08.0200 5936 Actual detected object count: 0
-
Please give me an update on how your computer is running.
-
Hi,
It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. Thanks
-
It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. Thanks
You're welcome. Now we should do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!