Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Northenlad60 on February 05, 2012, 08:01:37 AM

Title: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 05, 2012, 08:01:37 AM

Hi,

My PC is running Windows 7 64bit and has 4gb Ram with an AMD Phenom(tm) II x4 955 processor 3.20 gb. When I first built the PC it would take roughly 15 seconds from pressing the power button to it being ready for me to type my password. After doing so would take another 15secs at the most to be at the desktop.

However, for a while now this has increased dramatically to the point that 2 minutes in it is still loading up the standard applications.

I know the PC is by no means the fastest of PC's but my work PC takes less time to boot now and it is running Win XP, with production of the PC stopping in 2004, making my PC embarrasingly slow.

I have run the likes of CCCleaner and have run "SUPERAntiSpyware" (log below) and will run "Malwarebytes' Anti-Malware (MBAM)" and post the log once finished.

Question is, have I got some kind of infections on the PC?

Many Thanks guys

Richard

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 05, 2012, 08:02:00 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2012 at 02:37 PM

Application Version : 5.0.1144

Core Rules Database Version : 8203
Trace Rules Database Version: 6015

Scan type       : Quick Scan
Total Scan Time : 00:24:10

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 551
Memory threats detected   : 0
Registry items scanned    : 57438
Registry threats detected : 0
File items scanned        : 10918
File threats detected     : 122

Adware.Tracking Cookie
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SB7TY8K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0YKSMMX.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIJ5EI1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@specificclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4Z8IM8P.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHNE2FIV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JN57JYAV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYMLXVTQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWLQK3U7.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dmtracker[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@intelligentelite[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@openstat[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FXRX134.txt [ Cookie:[email protected]/touchplc/local/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P29NGFST.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5W11T1X.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BC8YQ45.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0J1B4OAT.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U21PPBVO.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUD6ME1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT1T05LK.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RMBRZGLD.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OR0EYMN.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISGTI423.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJQJ0TF2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@legolas-media[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@yadro[2].txt [ *Blocked Russian URL*/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JUQFMFV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3THP3NXC.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXZ49O02.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GTJF8WM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/eurosport/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVEIYAR4.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0F0JDQRM.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2I6BCUB6.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYF02KEZ.txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MDD579MH.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8TI010U.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O91DA2PF.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKHA4RMM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G1LZQ7E.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@virginmedia[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@kantarmedia[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH1B5BLP.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adsonar[1].txt [ Cookie:[email protected]/adserving ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@clickbank[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@xiti[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2S4YDNJP.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3JRTFYI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NVQL3A2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PFZ5Z1D.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCFPHJD9.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWNYJD39.txt [ Cookie:[email protected]/Venue-Finding/Christmas-Parties-2011/UK-Exclusive-Parties/Northamptonshire-Towcester-Racecourse-Midnight-in-Monte-Carlo/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/eurosport/yahoouk/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8R95HNW.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RVOJYZGM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MX0V6S6.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dealtime[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHDY0TIW.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KE6JTOC4.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCVH7WP0.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2UYD3M2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6KF7C26.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@indieclick[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EAJ0JJ9X.txt [ Cookie:[email protected]/servlet/ajrotator/track/pt145041 ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adxpose[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOTD9229.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6UU39QV3.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU9R8MG0.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KK8MYVV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FPLLDOE.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@77tracking[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGKQBPIY.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\REBTB031.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0R6XBEV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRWOYFS2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHOHGPNX.txt [ Cookie:[email protected]/media/177698/Autumn_Tree_3D_Screensaver/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@traveladvertising[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\18MF1H5R.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\RICHARD\AppData\Roaming\Microsoft\Windows\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\RICHARD\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 05, 2012, 08:13:39 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Richard :: MYRNAS-PICS [administrator]

Protection: Disabled

05/02/2012 15:04:54
mbam-log-2012-02-05 (15-04-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Scan options disabled: PUM | P2P
Objects scanned: 239979
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 05, 2012, 08:21:45 AM

DDS Log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_30
Run by Richard at 15:18:47 on 2012-02-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2390 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBOE.EXE /FU "C:\Users\Richard\AppData\Local\Temp\E_S1D82.tmp" /EF "HKCU"
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NWEReboot]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9C68076B-4412-4DE7-8A92-44541465B4F0} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64:     IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64:     link filter bho - No File
mRun-x64: [NWEReboot]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-6 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-2-23 14904]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-9 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-9 30528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-1-9 219360]
S4 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-1-9 68136]
.
=============== Created Last 30 ================
.
2012-02-05 15:18:16   476904   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18:16   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-02-05 15:03:48   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12:01   --------   d-----w-   C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10:38   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 14:10:38   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-02-05 09:05:55   8602168   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39:02   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-01-27 20:27:04   626688   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27:04   548864   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27:04   479232   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27:04   43992   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20:43   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-01-11 19:20:43   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-01-11 19:20:43   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2012-01-11 19:20:43   1328128   ----a-w-   C:\Windows\SysWow64\quartz.dll
2012-01-11 19:20:39   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2012-01-11 19:20:39   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-01-11 19:20:37   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 19:20:37   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2012-01-27 00:52:58   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2011-12-11 11:02:39   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24:08   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-17 06:49:14   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43   459232   ----a-w-   C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28   395776   ----a-w-   C:\Windows\System32\webio.dll
2011-11-17 06:35:26   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25   340992   ----a-w-   C:\Windows\System32\schannel.dll
2011-11-17 06:35:25   28160   ----a-w-   C:\Windows\System32\secur32.dll
2011-11-17 06:35:19   1447936   ----a-w-   C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55   31232   ----a-w-   C:\Windows\System32\lsass.exe
2011-11-17 05:35:02   314880   ----a-w-   C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52   224768   ----a-w-   C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:19:42.40 ===============

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 05, 2012, 08:23:21 AM

ATTACH.TXT from DDS application is below.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2011 10:01:18
System Uptime: 05/02/2012 14:39:19 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA770T-UD3
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 112.413 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 186.138 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 13.746 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.028 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 15/01/2012 17:34:45 - Windows Update
RP195: 18/01/2012 03:00:32 - Windows Update
RP196: 24/01/2012 16:04:08 - Windows Update
RP197: 01/02/2012 18:26:30 - Windows Update
RP198: 05/02/2012 09:04:23 - Windows Update
RP199: 05/02/2012 15:17:14 - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
@BIOS Ver.2.07
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 7.0
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft TotalMedia HDCam
Browser Configuration Utility
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 5.0
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CrimeCraft GangWars
Crystal Reports Basic for Visual Studio 2008
Easy Tune 6 B10.0104.1
EasySaver B9.1214.1
GDC 1308TFT CAMERA
Google Chrome
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
Java Auto Updater
Java(TM) 6 Update 30
Just Cause 2
Kaspersky Internet Security 2012
Knoll Light Factory EZ Studio 15
LightScribe Applications
LightScribe System Software
Magic Bullet Looks Studio 15
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Document Explorer 2008
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Team System 2008 Development Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 9.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PC Connectivity Solution
PDF Settings CS5
Pinnacle Hollywood FX
Pinnacle Studio 15
Pinnacle Studio 15 Ultimate Collection Plugins
Pinnacle Studio Bonus Content
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Red Giant ToonIt Studio 15
Safari
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB2251481)
Skype Toolbars
Skype™ 5.3
SmartSound Quicktracks Plugin
Steam
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
SureThing Express Labeler
Transcender Test Engine
Transcender:  Exam Cert-SY0-201
Trapcode 3DStroke Studio 15
Trapcode Particular Studio
Trapcode Shine Studio 15
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB932232)
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Vtune 7.13
Vuze
Wheel Mouse Software 4.0
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR 4.00 (32-bit)
World of Tanks closed Beta v.0.6.2.8
World of Warcraft
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
05/02/2012 14:40:57, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/02/2012 14:40:57, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
05/02/2012 14:40:07, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PCLEPCI
05/02/2012 14:39:32, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\ACRUSBTM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:28, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\ASAPIW2k.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:27, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 11:48:20, Error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
05/02/2012 09:06:28, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.1249.0).
04/02/2012 12:44:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
04/02/2012 12:32:44, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
04/02/2012 12:22:04, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
02/02/2012 19:59:57, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
02/02/2012 19:56:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
01/02/2012 18:32:29, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.978.0).
01/02/2012 18:13:16, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 05, 2012, 12:13:33 PM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
StartupLite

Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO-X64:     IEVkbdBHO - No File
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64:     link filter bho - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Combofix from any of the links below, and save it to your desktop. 

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 06, 2012, 01:59:17 AM

Thanks. I'm at work now; so will do this when I return home.

Thanks for the speedy reply.

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 06, 2012, 11:52:23 AM

Tried to run the OTL, but got a message "Cannot create file C:\Windows\system32\drivers\etc\hosts".
I clicked on "OK".

Message at the bottom of OTL says "Resetting HOSTS file DO NOT INTERRUPT...". Once this has completed the following is displayed in Notepad:


Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

No prompt to reboot, but will do this now, after which I will disable the Kaspersky software and run the ComboFix...

Be posting back shortly..

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 06, 2012, 01:16:56 PM

Hi, When Combofix completed, it opened a log file in notepad, the contents are below:

ComboFix 12-02-06.02 - Richard 06/02/2012  19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-06 to 2012-02-06  )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02   --------   d-----w-   C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39   --------   d-----w-   C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17   --------   d-----w-   c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12   --------   d-----w-   c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22   279656   ------w-   c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54   3145216   ----a-w-   c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
   ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
   51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
   06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
   9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
   82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
   6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
   f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
   db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
   ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
   c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
   97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
   e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06  20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 06, 2012, 01:21:49 PM

ComboFix.txt file contents are also below:

ComboFix 12-02-06.02 - Richard 06/02/2012  19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-06 to 2012-02-06  )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02   --------   d-----w-   C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39   --------   d-----w-   C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17   --------   d-----w-   c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12   --------   d-----w-   c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22   279656   ------w-   c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54   3145216   ----a-w-   c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
   ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
   51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
   06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
   9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
   82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
   6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
   f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
   db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
   ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
   c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
   97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
   e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06  20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 06, 2012, 05:06:31 PM

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  
  Quote

  KillAll::
  
  Firefox::
  uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
  DDS::
  uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  (http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif)
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log from this script.
  

******************************************************
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 07, 2012, 01:38:58 PM

Rooter log is below:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 9.0.1 (en-GB)
.
C:\  [Fixed-NTFS] .. ( Total:465 Go - Free:117 Go )
D:\  [Fixed-NTFS] .. ( Total:186 Go - Free:186 Go )
E:\  [Fixed-NTFS] .. ( Total:19 Go - Free:13 Go )
F:\  [CD_Rom]
G:\  [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 20:35.56
Path : C:\Users\Richard\Desktop\Rooter.exe
User : Richard ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ????????? (376)
______ ????????? (556)
______ ????????? (616)
______ ????????? (636)
______ ????????? (688)
______ ????????? (716)
______ ????????? (724)
______ ????????? (732)
______ ????????? (840)
______ ????????? (908)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (932)
______ ????????? (976)
______ ????????? (424)
______ ????????? (560)
______ ????????? (436)
______ ????????? (1124)
______ ????????? (1256)
______ ????????? (1404)
______ ????????? (1416)
______ ????????? (1540)
______ ????????? (1592)
______ ????????? (1700)
______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1720)
______ C:\Windows\SysWOW64\svchost.exe (1744)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1768)
______ ????????? (1984)
______ ????????? (2028)
______ C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (1112)
______ ????????? (1304)
______ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1180)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1676)
______ C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (1852)
______ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (2084)
______ ????????? (2124)
______ ????????? (2172)
______ C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (2312)
______ ????????? (1516)
______ ????????? (2788)
______ ????????? (3088)
______ ????????? (3128)
______ ????????? (3884)
______ ????????? (204)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4572)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (4112)
______ ????????? (3672)
______ ????????? (3248)
______ ????????? (5024)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2972)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4932)
______ ????????? (4996)
Locked audiodg.exe (2556)
______ ????????? (3652)
______ C:\Users\Richard\Desktop\Rooter.exe (3880)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200045388288)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:36.03
.
C:\Rooter$\Rooter_1.txt - (07/02/2012 | 20:36.03)

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 07, 2012, 01:51:57 PM

The smileys in the log are (or should be) just 3 question marks ("?"), followed by 6 more..

Oh, and thanks for this help..

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 07, 2012, 04:34:22 PM

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
 ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
  

•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 08, 2012, 11:58:34 AM

Hi,

The scan completed and did not detect anything, therefore no log was created.  Have I been infected, or is it just a bit of tweeking required? It would you recommend rebuilding again(reinstall Windows etc)?

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 08, 2012, 12:11:38 PM

Is it still running slowly? Is it slow at booting up?

Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)

On completion of the scan click save log, save it to your desktop and post in your next reply

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 09, 2012, 11:54:11 AM

Hi,

Ok, the PC does still take a while to boot into windows and load all the applications.

I ran the "aswMBR.exe" (althought the sereenshot is a bit outdated) and selected the option "Quickscan", instead of specific drives (as I have more than one drive).

Contents of the log are shown below:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:37:01
-----------------------------
18:37:01.175    OS Version: Windows x64 6.1.7601 Service Pack 1
18:37:01.175    Number of processors: 4 586 0x403
18:37:01.175    ComputerName: MYRNAS-PICS  UserName: Richard
18:38:04.554    Initialize success
18:39:37.066    AVAST engine defs: 12020902
18:40:50.667    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:40:50.682    Disk 0 Vendor: ST3200822A 3.01 Size: 190778MB BusType: 3
18:40:50.682    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:40:50.682    Disk 1 Vendor: Maxtor_2B020H1 WAK21R90 Size: 19541MB BusType: 3
18:40:50.698    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:40:50.698    Disk 2 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
18:40:50.714    Disk 2 MBR read successfully
18:40:50.714    Disk 2 MBR scan
18:40:50.714    Disk 2 Windows 7 default MBR code
18:40:50.729    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:40:50.745    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
18:40:50.745    Service scanning
18:40:52.040    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:40:52.055    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:40:52.102    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:40:52.118    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:40:53.849    Modules scanning
18:40:53.849    Disk 2 trace - called modules:
18:40:53.880    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:40:53.896    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004a56790]
18:40:53.912    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003abcd10]
18:40:53.912    5 ACPI.sys[fffff88000e8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003aca060]
18:40:54.707    AVAST engine scan C:\Windows
18:40:58.748    AVAST engine scan C:\Windows\system32
18:44:39.254    AVAST engine scan C:\Windows\system32\drivers
18:44:54.417    AVAST engine scan C:\Users\Richard
18:50:43.515    Disk 2 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
18:50:43.515    The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"




I will also run again, selecting each drive, and repost each one after this.

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 09, 2012, 12:00:38 PM

Each of the drives logs are below:

C Drive

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:55:38
-----------------------------
18:55:38.421    OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:38.421    Number of processors: 4 586 0x403
18:55:38.421    ComputerName: MYRNAS-PICS  UserName: Richard
18:55:39.653    Initialize success
18:55:43.054    AVAST engine defs: 12020902
18:55:50.355    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:55:50.355    Disk 0 Vendor: ST3200822A 3.01 Size: 190778MB BusType: 3
18:55:50.355    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:55:50.355    Disk 1 Vendor: Maxtor_2B020H1 WAK21R90 Size: 19541MB BusType: 3
18:55:50.371    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:55:50.371    Disk 2 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
18:55:50.386    Disk 2 MBR read successfully
18:55:50.402    Disk 2 MBR scan
18:55:50.402    Disk 2 Windows 7 default MBR code
18:55:50.402    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:55:50.417    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
18:55:50.433    Service scanning
18:55:51.104    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:55:51.119    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:55:51.119    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:55:51.119    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:55:51.759    Modules scanning
18:55:51.775    Disk 2 trace - called modules:
18:55:51.821    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:55:51.837    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004a56790]
18:55:51.853    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003abcd10]
18:55:51.868    5 ACPI.sys[fffff88000e8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003aca060]
18:55:52.945    AVAST engine scan C:\
18:56:29.948    Disk 2 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
18:56:29.948    The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR - c drive.txt"

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 09, 2012, 12:04:13 PM

D,  E and G drives all said the same thing (except for the drive location, where it stated "AVAST engine scan <DRIVE>"

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 09, 2012, 12:09:24 PM

Did you try running StartUpLite?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: HELPHELPHELP on February 09, 2012, 12:30:01 PM

Comments removed.

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 10, 2012, 12:25:42 AM

Hi,

Ok, first things first. My PC does seem a bit faster in boot up and loading all application. I had run the StartUpLite when you requested this last time... Did you want me to run it again?

Anyway. The log from the MBRCheck is below:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows 7 Home Premium Edition
Windows Information:      Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:   Gigabyte Technology Co., Ltd.
BIOS Manufacturer:      Award Software International, Inc.
System Manufacturer:      Gigabyte Technology Co., Ltd.
System Product Name:      GA-MA770T-UD3
Logical Drives Mask:      0x0000007c

Kernel Drivers (total 190):
  0x0321B000 \SystemRoot\system32\ntoskrnl.exe
  0x03804000 \SystemRoot\system32\hal.dll
  0x00BA4000 \SystemRoot\system32\kdcom.dll
  0x00CAE000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00CBB000 \SystemRoot\system32\PSHED.dll
  0x00CCF000 \SystemRoot\system32\CLFS.SYS
  0x00D2D000 \SystemRoot\system32\CI.dll
  0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EC0000 \SystemRoot\system32\drivers\ACPI.sys
  0x00F17000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00F20000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00F2A000 \SystemRoot\system32\drivers\pci.sys
  0x00F5D000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00F6A000 \SystemRoot\System32\drivers\partmgr.sys
  0x00F7F000 \SystemRoot\system32\drivers\volmgr.sys
  0x00F94000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FF0000 \SystemRoot\system32\drivers\pciide.sys
  0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00E2A000 \SystemRoot\system32\drivers\atapi.sys
  0x00E33000 \SystemRoot\system32\drivers\ataport.SYS
  0x00E5D000 \SystemRoot\system32\drivers\amdxata.sys
  0x00E68000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01086000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0121E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0109A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013C1000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x010F8000 \SystemRoot\System32\Drivers\cng.sys
  0x013DC000 \SystemRoot\System32\drivers\pcw.sys
  0x013ED000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0145C000 \SystemRoot\system32\drivers\ndis.sys
  0x0154F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x015AF000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01623000 \SystemRoot\System32\drivers\tcpip.sys
  0x01827000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01871000 \SystemRoot\system32\drivers\volsnap.sys
  0x018BD000 \SystemRoot\System32\Drivers\spldr.sys
  0x018C5000 \SystemRoot\System32\drivers\rdyboost.sys
  0x018FF000 \SystemRoot\System32\Drivers\mup.sys
  0x01A96000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x021F5000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01939000 \SystemRoot\system32\drivers\cdrom.sys
  0x046FD000 \SystemRoot\system32\DRIVERS\klif.sys
  0x047A0000 \SystemRoot\System32\Drivers\Null.SYS
  0x047A9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x047B0000 \SystemRoot\System32\drivers\vga.sys
  0x047BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x047E3000 \SystemRoot\System32\drivers\watchdog.sys
  0x047F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x04600000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x04609000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x04612000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x0461D000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x0462E000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x04650000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0465D000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x04664000 \SystemRoot\system32\drivers\afd.sys
  0x01963000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x046ED000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x019A8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x019B1000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x019D7000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x019E0000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x01600000 \SystemRoot\system32\DRIVERS\serial.sys
  0x015DA000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x01400000 \SystemRoot\system32\drivers\termdd.sys
  0x019EF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x01414000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x0116A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x0141E000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0142A000 \SystemRoot\system32\drivers\mssmbios.sys
  0x01435000 \SystemRoot\System32\drivers\discache.sys
  0x01200000 \SystemRoot\System32\Drivers\dfsc.sys
  0x01444000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x011BB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x011E1000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x015F5000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x138CC000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x034F8000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03400000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03446000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x0346A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x034A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x034B6000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x14530000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x034C1000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x14586000 \SystemRoot\system32\drivers\1394ohci.sys
  0x034D2000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x145C4000 \SystemRoot\system32\DRIVERS\parport.sys
  0x145E1000 \SystemRoot\system32\drivers\i8042prt.sys
  0x034DE000 \SystemRoot\system32\drivers\kbdclass.sys
  0x035EC000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x13800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x13816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x1383A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x13846000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x13875000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x13890000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x138B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x01000000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x035FC000 \SystemRoot\system32\drivers\swenum.sys
  0x0100F000 \SystemRoot\system32\drivers\ks.sys
  0x05099000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
  0x050DD000 \SystemRoot\system32\drivers\umbus.sys
  0x050EF000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05149000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0515E000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x0518B000 \SystemRoot\system32\drivers\portcls.sys
  0x051C8000 \SystemRoot\system32\drivers\drmk.sys
  0x051EA000 \SystemRoot\system32\drivers\ksthunk.sys
  0x06246000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x06464000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x06472000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x0647E000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x06487000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00000000 \SystemRoot\System32\win32k.sys
  0x0649A000 \SystemRoot\System32\drivers\Dxapi.sys
  0x064A6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x064B4000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x064C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x064DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x064E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x064E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x064F3000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x00590000 \SystemRoot\System32\TSDDD.dll
  0x00760000 \SystemRoot\System32\cdd.dll
  0x00920000 \SystemRoot\System32\ATMFD.DLL
  0x064FD000 \SystemRoot\system32\drivers\luafv.sys
  0x06520000 \SystemRoot\system32\drivers\WudfPf.sys
  0x06541000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x06556000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06609000 \SystemRoot\system32\drivers\HTTP.sys
  0x066D2000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x066F0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x06708000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06735000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x06783000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x07023000 \SystemRoot\system32\drivers\peauth.sys
  0x070C9000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x070D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x07105000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07117000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x05000000 \SystemRoot\System32\DRIVERS\srv.sys
  0x07180000 \??\C:\Windows\system32\drivers\mbam.sys
  0x0718A000 \SystemRoot\system32\drivers\spsys.sys
  0x07000000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77020000 \Windows\System32\ntdll.dll
  0x47740000 \Windows\System32\smss.exe
  0xFF340000 \Windows\System32\apisetschema.dll
  0xFFF20000 \Windows\System32\autochk.exe
  0xFF200000 \Windows\System32\rpcrt4.dll
  0xFF190000 \Windows\System32\gdi32.dll
  0xFE400000 \Windows\System32\shell32.dll
  0xFE380000 \Windows\System32\shlwapi.dll
  0xFE350000 \Windows\System32\imm32.dll
  0xFE140000 \Windows\System32\ole32.dll
  0xFE0A0000 \Windows\System32\clbcatq.dll
  0xFE040000 \Windows\System32\Wldap32.dll
  0xFDFC0000 \Windows\System32\difxapi.dll
  0x76F00000 \Windows\System32\kernel32.dll
  0xFDEE0000 \Windows\System32\oleaut32.dll
  0xFDE40000 \Windows\System32\comdlg32.dll
  0xFDCC0000 \Windows\System32\urlmon.dll
  0xFDBB0000 \Windows\System32\msctf.dll
  0xFDB10000 \Windows\System32\msvcrt.dll
  0xFDAC0000 \Windows\System32\ws2_32.dll
  0xFDAB0000 \Windows\System32\lpk.dll
  0xFDAA0000 \Windows\System32\nsi.dll
  0xFDA80000 \Windows\System32\sechost.dll
  0x76E00000 \Windows\System32\user32.dll
  0x771F0000 \Windows\System32\normaliz.dll
  0xFD820000 \Windows\System32\iertutil.dll
  0xFD6F0000 \Windows\System32\wininet.dll
  0xFD6D0000 \Windows\System32\imagehlp.dll
  0xFD5F0000 \Windows\System32\advapi32.dll
  0x771E0000 \Windows\System32\psapi.dll
  0xFD520000 \Windows\System32\usp10.dll
  0xFD340000 \Windows\System32\setupapi.dll
  0xFD2D0000 \Windows\System32\KernelBase.dll
  0xFD160000 \Windows\System32\crypt32.dll
  0xFD120000 \Windows\System32\wintrust.dll
  0xFD080000 \Windows\System32\comctl32.dll
  0xFD040000 \Windows\System32\cfgmgr32.dll
  0xFD020000 \Windows\System32\devobj.dll
  0xFD010000 \Windows\System32\msasn1.dll
  0x754B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 85):
       0 System Idle Process
       4 System
     376 C:\Windows\System32\smss.exe
     556 csrss.exe
     616 C:\Windows\System32\wininit.exe
     648 csrss.exe
     680 C:\Windows\System32\services.exe
     712 C:\Windows\System32\winlogon.exe
     740 C:\Windows\System32\lsass.exe
     752 C:\Windows\System32\lsm.exe
     844 C:\Windows\System32\svchost.exe
     912 C:\Windows\System32\nvvsvc.exe
     936 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
     980 C:\Windows\System32\svchost.exe
     420 C:\Windows\System32\svchost.exe
     488 C:\Windows\System32\svchost.exe
     804 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\audiodg.exe
    1124 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\svchost.exe
    1396 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1408 C:\Windows\System32\nvvsvc.exe
    1492 C:\Windows\System32\spoolsv.exe
    1520 C:\Windows\System32\svchost.exe
    1696 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1720 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1744 C:\Windows\SysWOW64\svchost.exe
    1764 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1972 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    2012 C:\Program Files\Bonjour\mDNSResponder.exe
    1064 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    1156 C:\Windows\System32\svchost.exe
    1556 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1776 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    1884 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    1476 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2080 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2144 C:\Windows\System32\svchost.exe
    2316 C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
    3012 C:\Windows\System32\taskhost.exe
    1644 C:\Windows\explorer.exe
    1604 C:\Windows\System32\dwm.exe
    3112 C:\Windows\System32\svchost.exe
    3276 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3564 C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    3576 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3584 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3664 C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    3752 C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    3792 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    3816 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    3900 C:\Windows\System32\taskeng.exe
    4072 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4080 C:\Program Files (x86)\QuickTime\QTTask.exe
    3872 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    3828 C:\Windows\System32\SearchIndexer.exe
    4136 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4236 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    4512 C:\Program Files\iPod\bin\iPodService.exe
    5048 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    5080 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4688 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4904 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3172 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
    2644 WmiPrvSE.exe
    4752 C:\Windows\System32\SearchProtocolHost.exe
    1380 C:\Windows\System32\svchost.exe
    4056 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    1536 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    4184 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
    5888 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    5172 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    5244 C:\Windows\System32\sppsvc.exe
    6120 C:\Windows\System32\svchost.exe
    5736 taskhost.exe
    5924 WmiPrvSE.exe
    5352 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5848 C:\Windows\servicing\TrustedInstaller.exe
    4400 C:\Users\Richard\Desktop\MBRCheck.exe
    1464 C:\Windows\System32\conhost.exe
    5008 C:\Windows\System32\dllhost.exe
     188 C:\Windows\System32\VSSVC.exe
    5372 C:\Windows\System32\svchost.exe
    3216 C:\Windows\System32\SearchProtocolHost.exe
    3176 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721050CLA362, Rev: JP2OA3MA
PhysicalDrive1 Model Number: ST3200822A, Rev: 3.01   
PhysicalDrive2 Model Number: Maxtor2B020H1, Rev: WAK21R90

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
    186 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
     19 GB  \\.\PhysicalDrive2   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A


Done!

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 10, 2012, 12:33:14 PM

• Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 11, 2012, 01:30:29 AM

Hi,

I have run the application and the log is posted below. I would like to say thanks for this, as I do think the PC is running better. The fact that the last 2 scans picked nothing up, seems to show everything is ok.

08:27:42.0788 1984   TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
08:27:42.0975 1984   ============================================================
08:27:42.0975 1984   Current date / time: 2012/02/11 08:27:42.0975
08:27:42.0975 1984   SystemInfo:
08:27:42.0975 1984   
08:27:42.0975 1984   OS Version: 6.1.7601 ServicePack: 1.0
08:27:42.0975 1984   Product type: Workstation
08:27:42.0975 1984   ComputerName: MYRNAS-PICS
08:27:42.0975 1984   UserName: Richard
08:27:42.0975 1984   Windows directory: C:\Windows
08:27:42.0975 1984   System windows directory: C:\Windows
08:27:42.0975 1984   Running under WOW64
08:27:42.0975 1984   Processor architecture: Intel x64
08:27:42.0975 1984   Number of processors: 4
08:27:42.0975 1984   Page size: 0x1000
08:27:42.0975 1984   Boot type: Normal boot
08:27:42.0975 1984   ============================================================
08:27:44.0301 1984   Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:27:44.0301 1984   Drive \Device\Harddisk0\DR0 - Size: 0x2E93A2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:27:44.0301 1984   Drive \Device\Harddisk1\DR1 - Size: 0x4C5552000 (19.08 Gb), SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:27:44.0317 1984   \Device\Harddisk2\DR2:
08:27:44.0317 1984   MBR used
08:27:44.0317 1984   \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:27:44.0317 1984   \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:27:44.0317 1984   \Device\Harddisk0\DR0:
08:27:44.0317 1984   MBR used
08:27:44.0317 1984   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749D131
08:27:44.0317 1984   \Device\Harddisk1\DR1:
08:27:44.0317 1984   MBR used
08:27:44.0317 1984   \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x26260FB
08:27:44.0364 1984   Initialize success
08:27:44.0364 1984   ============================================================
08:27:46.0548 2428   ============================================================
08:27:46.0548 2428   Scan started
08:27:46.0548 2428   Mode: Manual;
08:27:46.0548 2428   ============================================================
08:27:48.0326 2428   1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:27:48.0326 2428   1394ohci - ok
08:27:48.0357 2428   ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:27:48.0373 2428   ACPI - ok
08:27:48.0466 2428   AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:27:48.0482 2428   AcpiPmi - ok
08:27:48.0498 2428   ACRUSBTM - ok
08:27:48.0591 2428   adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:27:48.0607 2428   adp94xx - ok
08:27:48.0669 2428   adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:27:48.0669 2428   adpahci - ok
08:27:48.0763 2428   adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:27:48.0763 2428   adpu320 - ok
08:27:48.0872 2428   AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:27:48.0872 2428   AFD - ok
08:27:49.0012 2428   agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:27:49.0012 2428   agp440 - ok
08:27:49.0215 2428   aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:27:49.0215 2428   aliide - ok
08:27:49.0246 2428   amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:27:49.0246 2428   amdide - ok
08:27:49.0324 2428   AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:27:49.0324 2428   AmdK8 - ok
08:27:49.0356 2428   AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:27:49.0356 2428   AmdPPM - ok
08:27:49.0418 2428   amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:27:49.0434 2428   amdsata - ok
08:27:49.0512 2428   amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:27:49.0512 2428   amdsbs - ok
08:27:49.0590 2428   amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:27:49.0590 2428   amdxata - ok
08:27:49.0714 2428   AODDriver       (f160ecce1500a5a5877c123584e86b17) C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
08:27:49.0714 2428   AODDriver - ok
08:27:49.0808 2428   AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:27:49.0808 2428   AppID - ok
08:27:49.0933 2428   arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:27:49.0933 2428   arc - ok
08:27:49.0948 2428   arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:27:49.0948 2428   arcsas - ok
08:27:50.0011 2428   ASAPIW2k - ok
08:27:50.0042 2428   AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:27:50.0042 2428   AsyncMac - ok
08:27:50.0104 2428   atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:27:50.0104 2428   atapi - ok
08:27:50.0198 2428   b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:27:50.0214 2428   b06bdrv - ok
08:27:50.0260 2428   b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:27:50.0260 2428   b57nd60a - ok
08:27:50.0354 2428   Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:27:50.0354 2428   Beep - ok
08:27:50.0401 2428   blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:27:50.0401 2428   blbdrive - ok
08:27:50.0510 2428   bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:27:50.0526 2428   bowser - ok
08:27:50.0541 2428   BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:27:50.0541 2428   BrFiltLo - ok
08:27:50.0588 2428   BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:27:50.0588 2428   BrFiltUp - ok
08:27:50.0697 2428   BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:27:50.0697 2428   BridgeMP - ok
08:27:50.0744 2428   Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:27:50.0760 2428   Brserid - ok
08:27:50.0775 2428   BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:27:50.0775 2428   BrSerWdm - ok
08:27:50.0838 2428   BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:27:50.0853 2428   BrUsbMdm - ok
08:27:50.0947 2428   BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:27:50.0947 2428   BrUsbSer - ok
08:27:50.0962 2428   BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:27:50.0978 2428   BTHMODEM - ok
08:27:50.0978 2428   catchme - ok
08:27:51.0072 2428   cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:27:51.0072 2428   cdfs - ok
08:27:51.0150 2428   cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:27:51.0165 2428   cdrom - ok
08:27:51.0243 2428   circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:27:51.0243 2428   circlass - ok
08:27:51.0274 2428   CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:27:51.0274 2428   CLFS - ok
08:27:51.0384 2428   CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:27:51.0384 2428   CmBatt - ok
08:27:51.0446 2428   cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:27:51.0446 2428   cmdide - ok
08:27:51.0508 2428   CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:27:51.0508 2428   CNG - ok
08:27:51.0586 2428   Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:27:51.0586 2428   Compbatt - ok
08:27:51.0696 2428   CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:27:51.0696 2428   CompositeBus - ok
08:27:51.0774 2428   crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:27:51.0774 2428   crcdisk - ok
08:27:51.0867 2428   DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:27:51.0867 2428   DfsC - ok
08:27:51.0945 2428   discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:27:51.0945 2428   discache - ok
08:27:51.0976 2428   Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:27:51.0976 2428   Disk - ok
08:27:52.0070 2428   drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:27:52.0070 2428   drmkaud - ok
08:27:52.0148 2428   DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:27:52.0164 2428   DXGKrnl - ok
08:27:52.0304 2428   ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:27:52.0320 2428   ebdrv - ok
08:27:52.0413 2428   elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:27:52.0413 2428   elxstor - ok
08:27:52.0538 2428   ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:27:52.0554 2428   ErrDev - ok
08:27:52.0585 2428   etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
08:27:52.0585 2428   etdrv - ok
08:27:52.0694 2428   exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:27:52.0694 2428   exfat - ok
08:27:52.0725 2428   fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:27:52.0741 2428   fastfat - ok
08:27:52.0834 2428   fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:27:52.0834 2428   fdc - ok
08:27:52.0897 2428   FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:27:52.0912 2428   FileInfo - ok
08:27:52.0928 2428   Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:27:52.0928 2428   Filetrace - ok
08:27:53.0068 2428   flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:27:53.0068 2428   flpydisk - ok
08:27:53.0162 2428   FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:27:53.0162 2428   FltMgr - ok
08:27:53.0224 2428   FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:27:53.0224 2428   FsDepends - ok
08:27:53.0271 2428   Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:27:53.0271 2428   Fs_Rec - ok
08:27:53.0365 2428   fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:27:53.0365 2428   fvevol - ok
08:27:53.0412 2428   gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:27:53.0412 2428   gagp30kx - ok
08:27:53.0474 2428   gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
08:27:53.0474 2428   gdrv - ok
08:27:53.0568 2428   GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:27:53.0568 2428   GEARAspiWDM - ok
08:27:53.0692 2428   GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
08:27:53.0692 2428   GVTDrv64 - ok
08:27:53.0755 2428   hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:27:53.0755 2428   hcw85cir - ok
08:27:53.0848 2428   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:27:53.0864 2428   HdAudAddService - ok
08:27:53.0942 2428   HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:27:53.0942 2428   HDAudBus - ok
08:27:53.0989 2428   HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:27:53.0989 2428   HidBatt - ok
08:27:54.0020 2428   HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:27:54.0020 2428   HidBth - ok
08:27:54.0067 2428   HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:27:54.0067 2428   HidIr - ok
08:27:54.0176 2428   HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:27:54.0176 2428   HidUsb - ok
08:27:54.0254 2428   HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:27:54.0254 2428   HpSAMD - ok
08:27:54.0348 2428   HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:27:54.0363 2428   HTTP - ok
08:27:54.0410 2428   hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:27:54.0410 2428   hwpolicy - ok
08:27:54.0535 2428   i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:27:54.0535 2428   i8042prt - ok
08:27:54.0582 2428   iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:27:54.0582 2428   iaStorV - ok
08:27:54.0706 2428   iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:27:54.0706 2428   iirsp - ok
08:27:54.0800 2428   IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys
08:27:54.0800 2428   IntcAzAudAddService - ok
08:27:54.0925 2428   intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:27:54.0940 2428   intelide - ok
08:27:54.0972 2428   intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:27:54.0972 2428   intelppm - ok
08:27:55.0081 2428   IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:27:55.0081 2428   IpFilterDriver - ok
08:27:55.0143 2428   IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:27:55.0143 2428   IPMIDRV - ok
08:27:55.0221 2428   IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:27:55.0221 2428   IPNAT - ok
08:27:55.0315 2428   IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:27:55.0315 2428   IRENUM - ok
08:27:55.0377 2428   isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:27:55.0377 2428   isapnp - ok
08:27:55.0440 2428   iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:27:55.0455 2428   iScsiPrt - ok
08:27:55.0533 2428   kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:27:55.0533 2428   kbdclass - ok
08:27:55.0611 2428   kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:27:55.0611 2428   kbdhid - ok
08:27:55.0720 2428   kl1             (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
08:27:55.0720 2428   kl1 - ok
08:27:55.0830 2428   kl2             (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
08:27:55.0830 2428   kl2 - ok
08:27:55.0876 2428   KLIF            (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
08:27:55.0892 2428   KLIF - ok
08:27:55.0954 2428   KLIM6           (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
08:27:55.0954 2428   KLIM6 - ok
08:27:56.0032 2428   klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
08:27:56.0032 2428   klmouflt - ok
08:27:56.0095 2428   KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:27:56.0095 2428   KSecDD - ok
08:27:56.0188 2428   KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:27:56.0204 2428   KSecPkg - ok
08:27:56.0235 2428   ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:27:56.0235 2428   ksthunk - ok
08:27:56.0344 2428   lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:27:56.0360 2428   lltdio - ok
08:27:56.0422 2428   LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:27:56.0422 2428   LSI_FC - ok
08:27:56.0500 2428   LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:27:56.0500 2428   LSI_SAS - ok
08:27:56.0532 2428   LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:27:56.0532 2428   LSI_SAS2 - ok
08:27:56.0563 2428   LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:27:56.0563 2428   LSI_SCSI - ok
08:27:56.0656 2428   luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:27:56.0672 2428   luafv - ok
08:27:56.0734 2428   MarvinBus       (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
08:27:56.0750 2428   MarvinBus - ok
08:27:56.0875 2428   MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:27:56.0875 2428   MBAMProtector - ok
08:27:56.0968 2428   megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:27:56.0968 2428   megasas - ok
08:27:57.0015 2428   MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:27:57.0031 2428   MegaSR - ok
08:27:57.0109 2428   Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:27:57.0109 2428   Modem - ok
08:27:57.0140 2428   monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:27:57.0140 2428   monitor - ok
08:27:57.0218 2428   mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:27:57.0218 2428   mouclass - ok
08:27:57.0265 2428   mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:27:57.0265 2428   mouhid - ok
08:27:57.0327 2428   mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:27:57.0327 2428   mountmgr - ok
08:27:57.0405 2428   mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:27:57.0405 2428   mpio - ok
08:27:57.0468 2428   mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:27:57.0468 2428   mpsdrv - ok
08:27:57.0561 2428   MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:27:57.0561 2428   MRxDAV - ok
08:27:57.0670 2428   mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:27:57.0670 2428   mrxsmb - ok
08:27:57.0748 2428   mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:27:57.0748 2428   mrxsmb10 - ok
08:27:57.0858 2428   mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:27:57.0858 2428   mrxsmb20 - ok
08:27:57.0920 2428   msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:27:57.0920 2428   msahci - ok
08:27:58.0014 2428   msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:27:58.0014 2428   msdsm - ok
08:27:58.0076 2428   Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:27:58.0076 2428   Msfs - ok
08:27:58.0138 2428   mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:27:58.0138 2428   mshidkmdf - ok
08:27:58.0201 2428   msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:27:58.0201 2428   msisadrv - ok
08:27:58.0294 2428   MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:27:58.0294 2428   MSKSSRV - ok
08:27:58.0310 2428   MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:27:58.0310 2428   MSPCLOCK - ok
08:27:58.0326 2428   MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:27:58.0326 2428   MSPQM - ok
08:27:58.0388 2428   MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:27:58.0388 2428   MsRPC - ok
08:27:58.0497 2428   mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:27:58.0497 2428   mssmbios - ok
08:27:58.0606 2428   MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:27:58.0606 2428   MSTEE - ok
08:27:58.0653 2428   MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:27:58.0653 2428   MTConfig - ok
08:27:58.0716 2428   Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:27:58.0716 2428   Mup - ok
08:27:58.0778 2428   NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:27:58.0794 2428   NativeWifiP - ok
08:27:58.0950 2428   NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:27:58.0965 2428   NDIS - ok
08:27:59.0059 2428   NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:27:59.0059 2428   NdisCap - ok
08:27:59.0152 2428   NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:27:59.0152 2428   NdisTapi - ok
08:27:59.0215 2428   Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:27:59.0215 2428   Ndisuio - ok
08:27:59.0324 2428   NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:27:59.0324 2428   NdisWan - ok
08:27:59.0386 2428   NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:27:59.0386 2428   NDProxy - ok
08:27:59.0433 2428   NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:27:59.0433 2428   NetBIOS - ok
08:27:59.0527 2428   NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:27:59.0527 2428   NetBT - ok
08:27:59.0605 2428   nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:27:59.0605 2428   nfrd960 - ok
08:27:59.0652 2428   Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:27:59.0652 2428   Npfs - ok
08:27:59.0667 2428   nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:27:59.0667 2428   nsiproxy - ok
08:27:59.0776 2428   Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:27:59.0792 2428   Ntfs - ok
08:27:59.0870 2428   Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:27:59.0870 2428   Null - ok
08:27:59.0948 2428   NVHDA           (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
08:27:59.0948 2428   NVHDA - ok
08:28:00.0229 2428   nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:28:00.0276 2428   nvlddmkm - ok
08:28:00.0369 2428   nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:28:00.0385 2428   nvraid - ok
08:28:00.0400 2428   nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:28:00.0400 2428   nvstor - ok
08:28:00.0541 2428   nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:28:00.0541 2428   nv_agp - ok
08:28:00.0572 2428   ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:28:00.0572 2428   ohci1394 - ok
08:28:00.0681 2428   Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:28:00.0681 2428   Parport - ok
08:28:00.0744 2428   partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:28:00.0744 2428   partmgr - ok
08:28:00.0884 2428   pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:28:00.0884 2428   pci - ok
08:28:00.0915 2428   pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:28:00.0915 2428   pciide - ok
08:28:00.0962 2428   PCLEPCI - ok
08:28:01.0009 2428   pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:28:01.0009 2428   pcmcia - ok
08:28:01.0040 2428   pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:28:01.0040 2428   pcw - ok
08:28:01.0134 2428   PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:28:01.0134 2428   PEAUTH - ok
08:28:01.0258 2428   PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:28:01.0258 2428   PptpMiniport - ok
08:28:01.0336 2428   Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:28:01.0336 2428   Processor - ok
08:28:01.0414 2428   Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:28:01.0414 2428   Psched - ok
08:28:01.0539 2428   ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:28:01.0555 2428   ql2300 - ok
08:28:01.0570 2428   ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:28:01.0570 2428   ql40xx - ok
08:28:01.0680 2428   QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:28:01.0680 2428   QWAVEdrv - ok
08:28:01.0695 2428   RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:28:01.0695 2428   RasAcd - ok
08:28:01.0742 2428   RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:28:01.0742 2428   RasAgileVpn - ok
08:28:01.0836 2428   Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:28:01.0836 2428   Rasl2tp - ok
08:28:01.0898 2428   RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:28:01.0898 2428   RasPppoe - ok
08:28:01.0945 2428   RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:28:01.0945 2428   RasSstp - ok
08:28:02.0023 2428   rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:28:02.0038 2428   rdbss - ok
08:28:02.0054 2428   rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:28:02.0054 2428   rdpbus - ok
08:28:02.0101 2428   RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:28:02.0101 2428   RDPCDD - ok
08:28:02.0163 2428   RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:28:02.0163 2428   RDPENCDD - ok
08:28:02.0194 2428   RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:28:02.0194 2428   RDPREFMP - ok
08:28:02.0288 2428   RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:28:02.0288 2428   RDPWD - ok
08:28:02.0397 2428   rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:28:02.0397 2428   rdyboost - ok
08:28:02.0491 2428   rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:28:02.0491 2428   rspndr - ok
08:28:02.0522 2428   RTL8167         (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:28:02.0538 2428   RTL8167 - ok
08:28:02.0600 2428   SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:28:02.0600 2428   SASDIFSV - ok
08:28:02.0631 2428   SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:28:02.0631 2428   SASKUTIL - ok
08:28:02.0725 2428   sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:28:02.0740 2428   sbp2port - ok
08:28:02.0787 2428   scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:28:02.0787 2428   scfilter - ok
08:28:02.0912 2428   secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:28:02.0912 2428   secdrv - ok
08:28:02.0959 2428   Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:28:02.0959 2428   Serenum - ok
08:28:02.0974 2428   Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:28:02.0990 2428   Serial - ok
08:28:03.0084 2428   sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:28:03.0084 2428   sermouse - ok
08:28:03.0130 2428   sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:28:03.0130 2428   sffdisk - ok
08:28:03.0146 2428   sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:28:03.0146 2428   sffp_mmc - ok
08:28:03.0224 2428   sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:28:03.0224 2428   sffp_sd - ok
08:28:03.0271 2428   sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:28:03.0271 2428   sfloppy - ok
08:28:03.0302 2428   SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:28:03.0302 2428   SiSRaid2 - ok
08:28:03.0364 2428   SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:28:03.0364 2428   SiSRaid4 - ok
08:28:03.0411 2428   Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:28:03.0411 2428   Smb - ok
08:28:03.0489 2428   spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:28:03.0505 2428   spldr - ok
08:28:03.0661 2428   srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:28:03.0676 2428   srv - ok
08:28:03.0708 2428   srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:28:03.0708 2428   srv2 - ok
08:28:03.0739 2428   srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:28:03.0739 2428   srvnet - ok
08:28:03.0848 2428   stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:28:03.0848 2428   stexstor - ok
08:28:03.0926 2428   swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:28:03.0926 2428   swenum - ok
08:28:04.0004 2428   TBPanel - ok
08:28:04.0113 2428   Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:28:04.0144 2428   Tcpip - ok
08:28:04.0285 2428   TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:28:04.0300 2428   TCPIP6 - ok
08:28:04.0363 2428   tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:28:04.0363 2428   tcpipreg - ok
08:28:04.0441 2428   TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:28:04.0456 2428   TDPIPE - ok
08:28:04.0472 2428   TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:28:04.0472 2428   TDTCP - ok
08:28:04.0581 2428   tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:28:04.0581 2428   tdx - ok
08:28:04.0659 2428   TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:28:04.0659 2428   TermDD - ok
08:28:04.0753 2428   tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:28:04.0768 2428   tssecsrv - ok
08:28:04.0893 2428   TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:28:04.0893 2428   TsUsbFlt - ok
08:28:04.0987 2428   tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:28:04.0987 2428   tunnel - ok
08:28:05.0065 2428   uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:28:05.0065 2428   uagp35 - ok
08:28:05.0127 2428   udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:28:05.0143 2428   udfs - ok
08:28:05.0268 2428   uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:28:05.0268 2428   uliagpkx - ok
08:28:05.0299 2428   umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:28:05.0299 2428   umbus - ok
08:28:05.0330 2428   UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:28:05.0330 2428   UmPass - ok
08:28:05.0424 2428   USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:28:05.0439 2428   USBAAPL64 - ok
08:28:05.0486 2428   usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:28:05.0502 2428   usbccgp - ok
08:28:05.0564 2428   usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:28:05.0564 2428   usbcir - ok
08:28:05.0595 2428   usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:28:05.0595 2428   usbehci - ok
08:28:05.0689 2428   usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:28:05.0689 2428   usbhub - ok
08:28:05.0798 2428   usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:28:05.0798 2428   usbohci - ok
08:28:05.0829 2428   usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:28:05.0829 2428   usbprint - ok
08:28:05.0938 2428   usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:28:05.0938 2428   usbscan - ok
08:28:06.0001 2428   USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:28:06.0001 2428   USBSTOR - ok
08:28:06.0048 2428   usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:28:06.0063 2428   usbuhci - ok
08:28:06.0157 2428   vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:28:06.0157 2428   vdrvroot - ok
08:28:06.0219 2428   vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:28:06.0219 2428   vga - ok
08:28:06.0250 2428   VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:28:06.0250 2428   VgaSave - ok
08:28:06.0313 2428   vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:28:06.0313 2428   vhdmp - ok
08:28:06.0375 2428   viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:28:06.0375 2428   viaide - ok
08:28:06.0422 2428   volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:28:06.0422 2428   volmgr - ok
08:28:06.0500 2428   volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:28:06.0500 2428   volmgrx - ok
08:28:06.0609 2428   volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:28:06.0609 2428   volsnap - ok
08:28:06.0656 2428   vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:28:06.0672 2428   vsmraid - ok
08:28:06.0952 2428   VSPerfDrv90     (858c3833cd5a359b110bc5ec1f760cbd) C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys
08:28:06.0968 2428   VSPerfDrv90 - ok
08:28:07.0046 2428   vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:28:07.0046 2428   vwifibus - ok
08:28:07.0077 2428   WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:28:07.0077 2428   WacomPen - ok
08:28:07.0186 2428   WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:28:07.0186 2428   WANARP - ok
08:28:07.0202 2428   Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:28:07.0202 2428   Wanarpv6 - ok
08:28:07.0264 2428   Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:28:07.0264 2428   Wd - ok
08:28:07.0342 2428   Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:28:07.0342 2428   Wdf01000 - ok
08:28:07.0420 2428   WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:28:07.0420 2428   WfpLwf - ok
08:28:07.0452 2428   WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:28:07.0452 2428   WIMMount - ok
08:28:07.0623 2428   WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:28:07.0623 2428   WinUsb - ok
08:28:07.0654 2428   WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:28:07.0654 2428   WmiAcpi - ok
08:28:07.0686 2428   ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:28:07.0686 2428   ws2ifsl - ok
08:28:07.0810 2428   WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:28:07.0810 2428   WudfPf - ok
08:28:07.0857 2428   WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:28:07.0857 2428   WUDFRd - ok
08:28:07.0904 2428   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
08:28:07.0966 2428   \Device\Harddisk2\DR2 - ok
08:28:07.0982 2428   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:28:07.0982 2428   \Device\Harddisk0\DR0 - ok
08:28:07.0982 2428   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:28:08.0122 2428   \Device\Harddisk1\DR1 - ok
08:28:08.0122 2428   Boot (0x1200)   (c2877de7c93f52526b07de6e34c19ffe) \Device\Harddisk2\DR2\Partition0
08:28:08.0122 2428   \Device\Harddisk2\DR2\Partition0 - ok
08:28:08.0169 2428   Boot (0x1200)   (3e7ca51556514d05f4394dd1ae1e3ab3) \Device\Harddisk2\DR2\Partition1
08:28:08.0169 2428   \Device\Harddisk2\DR2\Partition1 - ok
08:28:08.0169 2428   Boot (0x1200)   (1c1dcb712a572d798d2587ac298deb6b) \Device\Harddisk0\DR0\Partition0
08:28:08.0169 2428   \Device\Harddisk0\DR0\Partition0 - ok
08:28:08.0185 2428   Boot (0x1200)   (a5a9019076538a675005bf7370defce2) \Device\Harddisk1\DR1\Partition0
08:28:08.0185 2428   \Device\Harddisk1\DR1\Partition0 - ok
08:28:08.0185 2428   ============================================================
08:28:08.0185 2428   Scan finished
08:28:08.0185 2428   ============================================================
08:28:08.0200 5936   Detected object count: 0
08:28:08.0200 5936   Actual detected object count: 0

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 11, 2012, 11:22:26 AM

Please give me an update on how your computer is running.

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: Northenlad60 on February 12, 2012, 03:02:49 AM

Hi,

It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. Thanks

Title: Re: Am I infected.. My PC is VERY VERY SLOOOOW!
Post by: SuperDave on February 12, 2012, 11:13:48 AM

Quote

It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. Thanks

You're welcome. Now we should do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)

Check out Keeping Yourself Safe On The Web  (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!