Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 [All]   Go Down

Author Topic: Am I infected.. My PC is VERY VERY SLOOOOW!  (Read 25544 times)

0 Members and 1 Guest are viewing this topic.

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Am I infected.. My PC is VERY VERY SLOOOOW!
« on: February 05, 2012, 08:01:37 AM »
Hi,

My PC is running Windows 7 64bit and has 4gb Ram with an AMD Phenom(tm) II x4 955 processor 3.20 gb. When I first built the PC it would take roughly 15 seconds from pressing the power button to it being ready for me to type my password. After doing so would take another 15secs at the most to be at the desktop.

However, for a while now this has increased dramatically to the point that 2 minutes in it is still loading up the standard applications.

I know the PC is by no means the fastest of PC's but my work PC takes less time to boot now and it is running Win XP, with production of the PC stopping in 2004, making my PC embarrasingly slow.

I have run the likes of CCCleaner and have run "SUPERAntiSpyware" (log below) and will run "Malwarebytes' Anti-Malware (MBAM)" and post the log once finished.

Question is, have I got some kind of infections on the PC?

Many Thanks guys

Richard
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #1 on: February 05, 2012, 08:02:00 AM »




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2012 at 02:37 PM

Application Version : 5.0.1144

Core Rules Database Version : 8203
Trace Rules Database Version: 6015

Scan type       : Quick Scan
Total Scan Time : 00:24:10

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 551
Memory threats detected   : 0
Registry items scanned    : 57438
Registry threats detected : 0
File items scanned        : 10918
File threats detected     : 122

Adware.Tracking Cookie
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SB7TY8K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0YKSMMX.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIJ5EI1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@specificclick[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4Z8IM8P.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHNE2FIV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JN57JYAV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYMLXVTQ.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWLQK3U7.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dmtracker[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@intelligentelite[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@openstat[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FXRX134.txt [ Cookie:[email protected]/touchplc/local/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P29NGFST.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5W11T1X.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BC8YQ45.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0J1B4OAT.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U21PPBVO.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUD6ME1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT1T05LK.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RMBRZGLD.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OR0EYMN.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISGTI423.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJQJ0TF2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@legolas-media[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@yadro[2].txt [ *Blocked Russian URL*/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JUQFMFV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3THP3NXC.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXZ49O02.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GTJF8WM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/eurosport/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VVEIYAR4.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0F0JDQRM.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2I6BCUB6.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYF02KEZ.txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MDD579MH.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8TI010U.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O91DA2PF.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKHA4RMM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G1LZQ7E.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@virginmedia[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@kantarmedia[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH1B5BLP.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adsonar[1].txt [ Cookie:[email protected]/adserving ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@clickbank[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@xiti[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2S4YDNJP.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3JRTFYI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NVQL3A2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PFZ5Z1D.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCFPHJD9.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWNYJD39.txt [ Cookie:[email protected]/Venue-Finding/Christmas-Parties-2011/UK-Exclusive-Parties/Northamptonshire-Towcester-Racecourse-Midnight-in-Monte-Carlo/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/eurosport/yahoouk/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8R95HNW.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RVOJYZGM.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MX0V6S6.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@dealtime[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHDY0TIW.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KE6JTOC4.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCVH7WP0.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2UYD3M2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6KF7C26.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@indieclick[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EAJ0JJ9X.txt [ Cookie:[email protected]/servlet/ajrotator/track/pt145041 ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@adxpose[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOTD9229.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6UU39QV3.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU9R8MG0.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KK8MYVV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FPLLDOE.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@77tracking[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGKQBPIY.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\REBTB031.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z0R6XBEV.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRWOYFS2.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHOHGPNX.txt [ Cookie:[email protected]/media/177698/Autumn_Tree_3D_Screensaver/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\myrna@traveladvertising[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\AppData\Roaming\Microsoft\Windows\Cookies\Low\18MF1H5R.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\A2DO0RO8.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\myrna@adinterax[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\U6P0CA6J.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\myrna@tradedoubler[1].txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\331IZMUI.txt [ Cookie:[email protected]/ ]
   C:\USERS\MYRNA\Cookies\[email protected][3].txt [ Cookie:[email protected]/ak/ ]
   C:\USERS\MYRNA\Cookies\myrna@serving-sys[2].txt [ Cookie:[email protected]/ ]
   C:\USERS\RICHARD\AppData\Roaming\Microsoft\Windows\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\RICHARD\Cookies\4R1FJFD8.txt [ Cookie:[email protected]/accounts/ ]
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #2 on: February 05, 2012, 08:13:39 AM »
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Richard :: MYRNAS-PICS [administrator]

Protection: Disabled

05/02/2012 15:04:54
mbam-log-2012-02-05 (15-04-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Scan options disabled: PUM | P2P
Objects scanned: 239979
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #3 on: February 05, 2012, 08:21:45 AM »
DDS Log is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_30
Run by Richard at 15:18:47 on 2012-02-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2390 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Stylus Photo R360 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBOE.EXE /FU "C:\Users\Richard\AppData\Local\Temp\E_S1D82.tmp" /EF "HKCU"
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NWEReboot]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9C68076B-4412-4DE7-8A92-44541465B4F0} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64:     IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64:     link filter bho - No File
mRun-x64: [NWEReboot]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-6 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-2-23 14904]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-9 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-11 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-9 30528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-1-9 219360]
S4 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-1-9 68136]
.
=============== Created Last 30 ================
.
2012-02-05 15:18:16   476904   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18:16   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-02-05 15:03:48   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12:01   --------   d-----w-   C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10:38   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 14:10:38   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-02-05 09:05:55   8602168   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39:02   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-01-27 20:27:04   626688   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27:04   548864   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27:04   479232   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27:04   43992   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20:43   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-01-11 19:20:43   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-01-11 19:20:43   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2012-01-11 19:20:43   1328128   ----a-w-   C:\Windows\SysWow64\quartz.dll
2012-01-11 19:20:39   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2012-01-11 19:20:39   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-01-11 19:20:37   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 19:20:37   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2012-01-27 00:52:58   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2011-12-11 11:02:39   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24:08   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-17 06:49:14   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43   459232   ----a-w-   C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28   395776   ----a-w-   C:\Windows\System32\webio.dll
2011-11-17 06:35:26   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25   340992   ----a-w-   C:\Windows\System32\schannel.dll
2011-11-17 06:35:25   28160   ----a-w-   C:\Windows\System32\secur32.dll
2011-11-17 06:35:19   1447936   ----a-w-   C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55   31232   ----a-w-   C:\Windows\System32\lsass.exe
2011-11-17 05:35:02   314880   ----a-w-   C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52   224768   ----a-w-   C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:19:42.40 ===============
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #4 on: February 05, 2012, 08:23:21 AM »
ATTACH.TXT from DDS application is below.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/01/2011 10:01:18
System Uptime: 05/02/2012 14:39:19 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA770T-UD3
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 112.413 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 186.138 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 13.746 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.028 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 15/01/2012 17:34:45 - Windows Update
RP195: 18/01/2012 03:00:32 - Windows Update
RP196: 24/01/2012 16:04:08 - Windows Update
RP197: 01/02/2012 18:26:30 - Windows Update
RP198: 05/02/2012 09:04:23 - Windows Update
RP199: 05/02/2012 15:17:14 - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
@BIOS Ver.2.07
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 7.0
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft TotalMedia HDCam
Browser Configuration Utility
Canon Camera Access Library
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 5.0
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CrimeCraft GangWars
Crystal Reports Basic for Visual Studio 2008
Easy Tune 6 B10.0104.1
EasySaver B9.1214.1
GDC 1308TFT CAMERA
Google Chrome
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
Java Auto Updater
Java(TM) 6 Update 30
Just Cause 2
Kaspersky Internet Security 2012
Knoll Light Factory EZ Studio 15
LightScribe Applications
LightScribe System Software
Magic Bullet Looks Studio 15
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Document Explorer 2008
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Team System 2008 Development Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 9.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PC Connectivity Solution
PDF Settings CS5
Pinnacle Hollywood FX
Pinnacle Studio 15
Pinnacle Studio 15 Ultimate Collection Plugins
Pinnacle Studio Bonus Content
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Red Giant ToonIt Studio 15
Safari
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB2251481)
Skype Toolbars
Skype™ 5.3
SmartSound Quicktracks Plugin
Steam
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
SureThing Express Labeler
Transcender Test Engine
Transcender:  Exam Cert-SY0-201
Trapcode 3DStroke Studio 15
Trapcode Particular Studio
Trapcode Shine Studio 15
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
Update for Microsoft Visual Web Developer 2005 Express Edition - ENU (KB932232)
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Vtune 7.13
Vuze
Wheel Mouse Software 4.0
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR 4.00 (32-bit)
World of Tanks closed Beta v.0.6.2.8
World of Warcraft
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
05/02/2012 14:40:57, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
05/02/2012 14:40:57, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
05/02/2012 14:40:07, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PCLEPCI
05/02/2012 14:39:32, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\ACRUSBTM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:28, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\ASAPIW2k.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 14:39:27, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/02/2012 11:48:20, Error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
05/02/2012 09:06:28, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.1249.0).
04/02/2012 12:44:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
04/02/2012 12:32:44, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
04/02/2012 12:22:04, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
02/02/2012 19:59:57, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
02/02/2012 19:56:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
01/02/2012 18:32:29, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.119.978.0).
01/02/2012 18:13:16, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
Logged

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #5 on: February 05, 2012, 12:13:33 PM »
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]
:OTL

BHO-X64:     IEVkbdBHO - No File
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64:     link filter bho - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #6 on: February 06, 2012, 01:59:17 AM »
Thanks. I'm at work now; so will do this when I return home.

Thanks for the speedy reply.
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #7 on: February 06, 2012, 11:52:23 AM »
Tried to run the OTL, but got a message "Cannot create file C:\Windows\system32\drivers\etc\hosts".
I clicked on "OK".

Message at the bottom of OTL says "Resetting HOSTS file DO NOT INTERRUPT...". Once this has completed the following is displayed in Notepad:


Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

No prompt to reboot, but will do this now, after which I will disable the Kaspersky software and run the ComboFix...

Be posting back shortly..
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #8 on: February 06, 2012, 01:16:56 PM »
Hi, When Combofix completed, it opened a log file in notepad, the contents are below:

ComboFix 12-02-06.02 - Richard 06/02/2012  19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-06 to 2012-02-06  )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02   --------   d-----w-   C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39   --------   d-----w-   C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17   --------   d-----w-   c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12   --------   d-----w-   c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22   279656   ------w-   c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54   3145216   ----a-w-   c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
   ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
   51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
   06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
   9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
   82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
   6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
   f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
   db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
   ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
   c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
   97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
   e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06  20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #9 on: February 06, 2012, 01:21:49 PM »
ComboFix.txt file contents are also below:

ComboFix 12-02-06.02 - Richard 06/02/2012  19:00:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2714 [GMT 0:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-06 to 2012-02-06  )))))))))))))))))))))))))))))))
.
.
2012-02-06 18:56 . 2012-02-06 20:02   --------   d-----w-   C:\32788R22FWJFW
2012-02-06 18:39 . 2012-02-06 18:39   --------   d-----w-   C:\_OTL
2012-02-05 15:18 . 2012-02-05 15:18   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-02-05 15:18 . 2012-02-05 15:17   476904   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-05 15:18 . 2012-02-05 15:17   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-05 15:17 . 2012-02-05 15:17   --------   d-----w-   c:\program files (x86)\Java
2012-02-05 15:03 . 2012-02-05 15:03   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 14:12 . 2012-02-05 14:12   --------   d-----w-   c:\users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 14:10 . 2012-02-05 14:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-05 14:10 . 2012-02-05 14:10   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-05 09:05 . 2012-01-06 05:15   8602168   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{401AFE46-EF17-454F-A080-802F24FB945D}\mpengine.dll
2012-02-02 20:39 . 2012-02-02 20:39   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-27 20:27 . 2012-01-27 20:27   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-27 20:27 . 2012-01-27 20:27   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-27 20:27 . 2012-01-27 20:27   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-27 20:27 . 2012-01-27 20:27   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 19:20 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 19:20 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-01-11 19:20 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-01-11 19:20 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 19:20 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-01-11 19:20 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 19:20 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-09 10:22   279656   ------w-   c:\windows\system32\MpSigStub.exe
2011-12-11 11:02 . 2011-05-19 17:03   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-30 08:52   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 11:54   3145216   ----a-w-   c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-22 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-15 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 15:05   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\l3gn77qv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,bb,71,30,5b,ba,
   ef,00,e0,e2,63,26,f1,3f,c8,ff,68,97,7e,60,80,be,1f,17,c5,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3a,5d,21,dd,98,
   51,ed,e6,6a,9c,d6,61,af,45,84,18,ac,7a,6c,05,1e,69,86,17,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,63,52,1e,4f,40,
   06,c6,71,ff,7c,85,e0,43,d4,0e,fe,c3,4b,2d,b0,2b,0a,bd,4b,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,b9,14,79,cf,8f,
   9c,26,04,86,8c,21,01,be,91,eb,e7,65,b2,9f,ec,23,18,7a,90,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,31,07,39,dd,c6,
   82,48,ed,f5,1d,4d,73,a8,13,5c,05,30,cd,08,61,3d,aa,5b,2b,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e8,be,86,44,ff,
   6d,b1,7f,df,20,58,62,78,6b,cf,c8,87,1e,cd,dd,51,d8,17,bc,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e3,78,56,12,42,
   f7,47,00,fb,a7,78,e6,12,2f,9a,ea,df,ce,62,1e,91,ac,cb,1b,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,07,21,4d,38,
   db,bb,a0,01,3a,48,fc,e8,04,4a,f1,2f,e0,7a,d5,c3,61,9e,31,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6b,b2,a2,f4,02,
   ec,83,fa,f6,0f,4e,58,98,5b,89,c9,6f,6e,88,0d,2a,36,6b,2c,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,f1,d7,a7,d0,
   c9,c1,a8,3d,ce,ea,26,2d,45,aa,78,6f,65,54,4f,1d,9c,70,30,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,26,d2,31,2e,2c,
   97,30,3f,2a,b7,cc,b5,b9,7f,41,e7,a3,76,e2,db,b9,50,a2,4c,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,77,dc,2b,d4,
   e6,cd,c9,6c,43,2d,1e,aa,22,2f,9c,52,f8,ef,0c,8b,09,c5,79,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\00\1e\14\050?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-02-06  20:13:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-06 20:12
.
Pre-Run: 120,022,228,992 bytes free
Post-Run: 125,003,206,656 bytes free
.
- - End Of File - - 98E5FE05738BC089FBE922BC56442F6D
Logged

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #10 on: February 06, 2012, 05:06:31 PM »
Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::

    Firefox::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this script.
******************************************************
Please download Rooter and Save it to your desktop.
  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #11 on: February 07, 2012, 01:38:58 PM »
Rooter log is below:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 9.0.1 (en-GB)
.
C:\  [Fixed-NTFS] .. ( Total:465 Go - Free:117 Go )
D:\  [Fixed-NTFS] .. ( Total:186 Go - Free:186 Go )
E:\  [Fixed-NTFS] .. ( Total:19 Go - Free:13 Go )
F:\  [CD_Rom]
G:\  [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 20:35.56
Path : C:\Users\Richard\Desktop\Rooter.exe
User : Richard ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ????????? (376)
______ ????????? (556)
______ ????????? (616)
______ ????????? (636)
______ ????????? (688)
______ ????????? (716)
______ ????????? (724)
______ ????????? (732)
______ ????????? (840)
______ ????????? (908)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (932)
______ ????????? (976)
______ ????????? (424)
______ ????????? (560)
______ ????????? (436)
______ ????????? (1124)
______ ????????? (1256)
______ ????????? (1404)
______ ????????? (1416)
______ ????????? (1540)
______ ????????? (1592)
______ ????????? (1700)
______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1720)
______ C:\Windows\SysWOW64\svchost.exe (1744)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1768)
______ ????????? (1984)
______ ????????? (2028)
______ C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (1112)
______ ????????? (1304)
______ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1180)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1676)
______ C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (1852)
______ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (2084)
______ ????????? (2124)
______ ????????? (2172)
______ C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (2312)
______ ????????? (1516)
______ ????????? (2788)
______ ????????? (3088)
______ ????????? (3128)
______ ????????? (3884)
______ ????????? (204)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4572)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (4112)
______ ????????? (3672)
______ ????????? (3248)
______ ????????? (5024)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2972)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4932)
______ ????????? (4996)
Locked audiodg.exe (2556)
______ ????????? (3652)
______ C:\Users\Richard\Desktop\Rooter.exe (3880)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200045388288)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:36.03
.
C:\Rooter$\Rooter_1.txt - (07/02/2012 | 20:36.03)
Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #12 on: February 07, 2012, 01:51:57 PM »
The smileys in the log are (or should be) just 3 question marks ("?"), followed by 6 more..

Oh, and thanks for this help..
Logged

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #13 on: February 07, 2012, 04:34:22 PM »
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Logged
Windows 8 and Windows 10 dual boot with two SSD's

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #14 on: February 08, 2012, 11:58:34 AM »
Hi,

The scan completed and did not detect anything, therefore no log was created.  Have I been infected, or is it just a bit of tweeking required? It would you recommend rebuilding again(reinstall Windows etc)?
Logged

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #15 on: February 08, 2012, 12:11:38 PM »
Is it still running slowly? Is it slow at booting up?

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
Logged
Windows 8 and Windows 10 dual boot with two SSD's

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #16 on: February 09, 2012, 11:54:11 AM »
Hi,

Ok, the PC does still take a while to boot into windows and load all the applications.

I ran the "aswMBR.exe" (althought the sereenshot is a bit outdated) and selected the option "Quickscan", instead of specific drives (as I have more than one drive).

Contents of the log are shown below:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:37:01
-----------------------------
18:37:01.175    OS Version: Windows x64 6.1.7601 Service Pack 1
18:37:01.175    Number of processors: 4 586 0x403
18:37:01.175    ComputerName: MYRNAS-PICS  UserName: Richard
18:38:04.554    Initialize success
18:39:37.066    AVAST engine defs: 12020902
18:40:50.667    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:40:50.682    Disk 0 Vendor: ST3200822A 3.01 Size: 190778MB BusType: 3
18:40:50.682    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:40:50.682    Disk 1 Vendor: Maxtor_2B020H1 WAK21R90 Size: 19541MB BusType: 3
18:40:50.698    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:40:50.698    Disk 2 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
18:40:50.714    Disk 2 MBR read successfully
18:40:50.714    Disk 2 MBR scan
18:40:50.714    Disk 2 Windows 7 default MBR code
18:40:50.729    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:40:50.745    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
18:40:50.745    Service scanning
18:40:52.040    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:40:52.055    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:40:52.102    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:40:52.118    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:40:53.849    Modules scanning
18:40:53.849    Disk 2 trace - called modules:
18:40:53.880    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:40:53.896    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004a56790]
18:40:53.912    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003abcd10]
18:40:53.912    5 ACPI.sys[fffff88000e8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003aca060]
18:40:54.707    AVAST engine scan C:\Windows
18:40:58.748    AVAST engine scan C:\Windows\system32
18:44:39.254    AVAST engine scan C:\Windows\system32\drivers
18:44:54.417    AVAST engine scan C:\Users\Richard
18:50:43.515    Disk 2 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
18:50:43.515    The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"




I will also run again, selecting each drive, and repost each one after this.

Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #17 on: February 09, 2012, 12:00:38 PM »
Each of the drives logs are below:

C Drive

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:55:38
-----------------------------
18:55:38.421    OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:38.421    Number of processors: 4 586 0x403
18:55:38.421    ComputerName: MYRNAS-PICS  UserName: Richard
18:55:39.653    Initialize success
18:55:43.054    AVAST engine defs: 12020902
18:55:50.355    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:55:50.355    Disk 0 Vendor: ST3200822A 3.01 Size: 190778MB BusType: 3
18:55:50.355    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:55:50.355    Disk 1 Vendor: Maxtor_2B020H1 WAK21R90 Size: 19541MB BusType: 3
18:55:50.371    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
18:55:50.371    Disk 2 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
18:55:50.386    Disk 2 MBR read successfully
18:55:50.402    Disk 2 MBR scan
18:55:50.402    Disk 2 Windows 7 default MBR code
18:55:50.402    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:55:50.417    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
18:55:50.433    Service scanning
18:55:51.104    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:55:51.119    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:55:51.119    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:55:51.119    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:55:51.759    Modules scanning
18:55:51.775    Disk 2 trace - called modules:
18:55:51.821    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:55:51.837    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004a56790]
18:55:51.853    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8003abcd10]
18:55:51.868    5 ACPI.sys[fffff88000e8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003aca060]
18:55:52.945    AVAST engine scan C:\
18:56:29.948    Disk 2 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
18:56:29.948    The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR - c drive.txt"




Logged

Northenlad60

    Topic Starter


    Rookie

    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #18 on: February 09, 2012, 12:04:13 PM »
D,  E and G drives all said the same thing (except for the drive location, where it stated "AVAST engine scan <DRIVE>"
Logged

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Am I infected.. My PC is VERY VERY SLOOOOW!
« Reply #19 on: February 09, 2012, 12:09:24 PM »
Did you try running StartUpLite?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

HELPHELPHELP



    Greenhorn

    • Certifications: List
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows XP
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #20 on: February 09, 2012, 12:30:01 PM »
    Comments removed.
    « Last Edit: February 09, 2012, 12:31:57 PM by SuperDave »
    Logged

    Northenlad60

      Topic Starter


      Rookie

      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #21 on: February 10, 2012, 12:25:42 AM »
    Hi,

    Ok, first things first. My PC does seem a bit faster in boot up and loading all application. I had run the StartUpLite when you requested this last time... Did you want me to run it again?

    Anyway. The log from the MBRCheck is below:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:         
    Windows Version:      Windows 7 Home Premium Edition
    Windows Information:      Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer:   Gigabyte Technology Co., Ltd.
    BIOS Manufacturer:      Award Software International, Inc.
    System Manufacturer:      Gigabyte Technology Co., Ltd.
    System Product Name:      GA-MA770T-UD3
    Logical Drives Mask:      0x0000007c

    Kernel Drivers (total 190):
      0x0321B000 \SystemRoot\system32\ntoskrnl.exe
      0x03804000 \SystemRoot\system32\hal.dll
      0x00BA4000 \SystemRoot\system32\kdcom.dll
      0x00CAE000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
      0x00CBB000 \SystemRoot\system32\PSHED.dll
      0x00CCF000 \SystemRoot\system32\CLFS.SYS
      0x00D2D000 \SystemRoot\system32\CI.dll
      0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
      0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
      0x00EC0000 \SystemRoot\system32\drivers\ACPI.sys
      0x00F17000 \SystemRoot\system32\drivers\WMILIB.SYS
      0x00F20000 \SystemRoot\system32\drivers\msisadrv.sys
      0x00F2A000 \SystemRoot\system32\drivers\pci.sys
      0x00F5D000 \SystemRoot\system32\drivers\vdrvroot.sys
      0x00F6A000 \SystemRoot\System32\drivers\partmgr.sys
      0x00F7F000 \SystemRoot\system32\drivers\volmgr.sys
      0x00F94000 \SystemRoot\System32\drivers\volmgrx.sys
      0x00FF0000 \SystemRoot\system32\drivers\pciide.sys
      0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
      0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
      0x00E2A000 \SystemRoot\system32\drivers\atapi.sys
      0x00E33000 \SystemRoot\system32\drivers\ataport.SYS
      0x00E5D000 \SystemRoot\system32\drivers\amdxata.sys
      0x00E68000 \SystemRoot\system32\drivers\fltmgr.sys
      0x01086000 \SystemRoot\system32\drivers\fileinfo.sys
      0x0121E000 \SystemRoot\System32\Drivers\Ntfs.sys
      0x0109A000 \SystemRoot\System32\Drivers\msrpc.sys
      0x013C1000 \SystemRoot\System32\Drivers\ksecdd.sys
      0x010F8000 \SystemRoot\System32\Drivers\cng.sys
      0x013DC000 \SystemRoot\System32\drivers\pcw.sys
      0x013ED000 \SystemRoot\System32\Drivers\Fs_Rec.sys
      0x0145C000 \SystemRoot\system32\drivers\ndis.sys
      0x0154F000 \SystemRoot\system32\drivers\NETIO.SYS
      0x015AF000 \SystemRoot\System32\Drivers\ksecpkg.sys
      0x01623000 \SystemRoot\System32\drivers\tcpip.sys
      0x01827000 \SystemRoot\System32\drivers\fwpkclnt.sys
      0x01871000 \SystemRoot\system32\drivers\volsnap.sys
      0x018BD000 \SystemRoot\System32\Drivers\spldr.sys
      0x018C5000 \SystemRoot\System32\drivers\rdyboost.sys
      0x018FF000 \SystemRoot\System32\Drivers\mup.sys
      0x01A96000 \SystemRoot\system32\DRIVERS\kl1.sys
      0x021F5000 \SystemRoot\System32\drivers\hwpolicy.sys
      0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
      0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
      0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
      0x01939000 \SystemRoot\system32\drivers\cdrom.sys
      0x046FD000 \SystemRoot\system32\DRIVERS\klif.sys
      0x047A0000 \SystemRoot\System32\Drivers\Null.SYS
      0x047A9000 \SystemRoot\System32\Drivers\Beep.SYS
      0x047B0000 \SystemRoot\System32\drivers\vga.sys
      0x047BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
      0x047E3000 \SystemRoot\System32\drivers\watchdog.sys
      0x047F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
      0x04600000 \SystemRoot\system32\drivers\rdpencdd.sys
      0x04609000 \SystemRoot\system32\drivers\rdprefmp.sys
      0x04612000 \SystemRoot\System32\Drivers\Msfs.SYS
      0x0461D000 \SystemRoot\System32\Drivers\Npfs.SYS
      0x0462E000 \SystemRoot\system32\DRIVERS\tdx.sys
      0x04650000 \SystemRoot\system32\DRIVERS\TDI.SYS
      0x0465D000 \SystemRoot\system32\DRIVERS\kl2.sys
      0x04664000 \SystemRoot\system32\drivers\afd.sys
      0x01963000 \SystemRoot\System32\DRIVERS\netbt.sys
      0x046ED000 \SystemRoot\system32\drivers\ws2ifsl.sys
      0x019A8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
      0x019B1000 \SystemRoot\system32\DRIVERS\pacer.sys
      0x019D7000 \SystemRoot\system32\DRIVERS\klim6.sys
      0x019E0000 \SystemRoot\system32\DRIVERS\netbios.sys
      0x01600000 \SystemRoot\system32\DRIVERS\serial.sys
      0x015DA000 \SystemRoot\system32\DRIVERS\wanarp.sys
      0x01400000 \SystemRoot\system32\drivers\termdd.sys
      0x019EF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
      0x01414000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
      0x0116A000 \SystemRoot\system32\DRIVERS\rdbss.sys
      0x0141E000 \SystemRoot\system32\drivers\nsiproxy.sys
      0x0142A000 \SystemRoot\system32\drivers\mssmbios.sys
      0x01435000 \SystemRoot\System32\drivers\discache.sys
      0x01200000 \SystemRoot\System32\Drivers\dfsc.sys
      0x01444000 \SystemRoot\system32\DRIVERS\blbdrive.sys
      0x011BB000 \SystemRoot\system32\DRIVERS\tunnel.sys
      0x011E1000 \SystemRoot\system32\DRIVERS\amdppm.sys
      0x015F5000 \SystemRoot\system32\drivers\wmiacpi.sys
      0x138CC000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
      0x034F8000 \SystemRoot\System32\drivers\dxgkrnl.sys
      0x03400000 \SystemRoot\System32\drivers\dxgmms1.sys
      0x03446000 \SystemRoot\system32\drivers\HDAudBus.sys
      0x0346A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
      0x034A9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
      0x034B6000 \SystemRoot\system32\DRIVERS\usbohci.sys
      0x14530000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
      0x034C1000 \SystemRoot\system32\DRIVERS\usbehci.sys
      0x14586000 \SystemRoot\system32\drivers\1394ohci.sys
      0x034D2000 \SystemRoot\system32\DRIVERS\serenum.sys
      0x145C4000 \SystemRoot\system32\DRIVERS\parport.sys
      0x145E1000 \SystemRoot\system32\drivers\i8042prt.sys
      0x034DE000 \SystemRoot\system32\drivers\kbdclass.sys
      0x035EC000 \SystemRoot\system32\drivers\CompositeBus.sys
      0x13800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
      0x13816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
      0x1383A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
      0x13846000 \SystemRoot\system32\DRIVERS\ndiswan.sys
      0x13875000 \SystemRoot\system32\DRIVERS\raspppoe.sys
      0x13890000 \SystemRoot\system32\DRIVERS\raspptp.sys
      0x138B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
      0x01000000 \SystemRoot\system32\DRIVERS\mouclass.sys
      0x035FC000 \SystemRoot\system32\drivers\swenum.sys
      0x0100F000 \SystemRoot\system32\drivers\ks.sys
      0x05099000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
      0x050DD000 \SystemRoot\system32\drivers\umbus.sys
      0x050EF000 \SystemRoot\system32\DRIVERS\usbhub.sys
      0x05149000 \SystemRoot\System32\Drivers\NDProxy.SYS
      0x0515E000 \SystemRoot\system32\drivers\nvhda64v.sys
      0x0518B000 \SystemRoot\system32\drivers\portcls.sys
      0x051C8000 \SystemRoot\system32\drivers\drmk.sys
      0x051EA000 \SystemRoot\system32\drivers\ksthunk.sys
      0x06246000 \SystemRoot\system32\drivers\RTKVHD64.sys
      0x06464000 \SystemRoot\System32\Drivers\crashdmp.sys
      0x06472000 \SystemRoot\System32\Drivers\dump_dumpata.sys
      0x0647E000 \SystemRoot\System32\Drivers\dump_atapi.sys
      0x06487000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
      0x00000000 \SystemRoot\System32\win32k.sys
      0x0649A000 \SystemRoot\System32\drivers\Dxapi.sys
      0x064A6000 \SystemRoot\system32\DRIVERS\monitor.sys
      0x064B4000 \SystemRoot\system32\DRIVERS\hidusb.sys
      0x064C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      0x064DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      0x064E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
      0x064E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
      0x064F3000 \SystemRoot\system32\DRIVERS\klmouflt.sys
      0x00590000 \SystemRoot\System32\TSDDD.dll
      0x00760000 \SystemRoot\System32\cdd.dll
      0x00920000 \SystemRoot\System32\ATMFD.DLL
      0x064FD000 \SystemRoot\system32\drivers\luafv.sys
      0x06520000 \SystemRoot\system32\drivers\WudfPf.sys
      0x06541000 \SystemRoot\system32\DRIVERS\lltdio.sys
      0x06556000 \SystemRoot\system32\DRIVERS\rspndr.sys
      0x06609000 \SystemRoot\system32\drivers\HTTP.sys
      0x066D2000 \SystemRoot\system32\DRIVERS\bowser.sys
      0x066F0000 \SystemRoot\System32\drivers\mpsdrv.sys
      0x06708000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
      0x06735000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      0x06783000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      0x07023000 \SystemRoot\system32\drivers\peauth.sys
      0x070C9000 \SystemRoot\System32\Drivers\secdrv.SYS
      0x070D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
      0x07105000 \SystemRoot\System32\drivers\tcpipreg.sys
      0x07117000 \SystemRoot\System32\DRIVERS\srv2.sys
      0x05000000 \SystemRoot\System32\DRIVERS\srv.sys
      0x07180000 \??\C:\Windows\system32\drivers\mbam.sys
      0x0718A000 \SystemRoot\system32\drivers\spsys.sys
      0x07000000 \SystemRoot\system32\DRIVERS\asyncmac.sys
      0x77020000 \Windows\System32\ntdll.dll
      0x47740000 \Windows\System32\smss.exe
      0xFF340000 \Windows\System32\apisetschema.dll
      0xFFF20000 \Windows\System32\autochk.exe
      0xFF200000 \Windows\System32\rpcrt4.dll
      0xFF190000 \Windows\System32\gdi32.dll
      0xFE400000 \Windows\System32\shell32.dll
      0xFE380000 \Windows\System32\shlwapi.dll
      0xFE350000 \Windows\System32\imm32.dll
      0xFE140000 \Windows\System32\ole32.dll
      0xFE0A0000 \Windows\System32\clbcatq.dll
      0xFE040000 \Windows\System32\Wldap32.dll
      0xFDFC0000 \Windows\System32\difxapi.dll
      0x76F00000 \Windows\System32\kernel32.dll
      0xFDEE0000 \Windows\System32\oleaut32.dll
      0xFDE40000 \Windows\System32\comdlg32.dll
      0xFDCC0000 \Windows\System32\urlmon.dll
      0xFDBB0000 \Windows\System32\msctf.dll
      0xFDB10000 \Windows\System32\msvcrt.dll
      0xFDAC0000 \Windows\System32\ws2_32.dll
      0xFDAB0000 \Windows\System32\lpk.dll
      0xFDAA0000 \Windows\System32\nsi.dll
      0xFDA80000 \Windows\System32\sechost.dll
      0x76E00000 \Windows\System32\user32.dll
      0x771F0000 \Windows\System32\normaliz.dll
      0xFD820000 \Windows\System32\iertutil.dll
      0xFD6F0000 \Windows\System32\wininet.dll
      0xFD6D0000 \Windows\System32\imagehlp.dll
      0xFD5F0000 \Windows\System32\advapi32.dll
      0x771E0000 \Windows\System32\psapi.dll
      0xFD520000 \Windows\System32\usp10.dll
      0xFD340000 \Windows\System32\setupapi.dll
      0xFD2D0000 \Windows\System32\KernelBase.dll
      0xFD160000 \Windows\System32\crypt32.dll
      0xFD120000 \Windows\System32\wintrust.dll
      0xFD080000 \Windows\System32\comctl32.dll
      0xFD040000 \Windows\System32\cfgmgr32.dll
      0xFD020000 \Windows\System32\devobj.dll
      0xFD010000 \Windows\System32\msasn1.dll
      0x754B0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 85):
           0 System Idle Process
           4 System
         376 C:\Windows\System32\smss.exe
         556 csrss.exe
         616 C:\Windows\System32\wininit.exe
         648 csrss.exe
         680 C:\Windows\System32\services.exe
         712 C:\Windows\System32\winlogon.exe
         740 C:\Windows\System32\lsass.exe
         752 C:\Windows\System32\lsm.exe
         844 C:\Windows\System32\svchost.exe
         912 C:\Windows\System32\nvvsvc.exe
         936 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
         980 C:\Windows\System32\svchost.exe
         420 C:\Windows\System32\svchost.exe
         488 C:\Windows\System32\svchost.exe
         804 C:\Windows\System32\svchost.exe
        1076 C:\Windows\System32\audiodg.exe
        1124 C:\Windows\System32\svchost.exe
        1264 C:\Windows\System32\svchost.exe
        1396 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        1408 C:\Windows\System32\nvvsvc.exe
        1492 C:\Windows\System32\spoolsv.exe
        1520 C:\Windows\System32\svchost.exe
        1696 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
        1720 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
        1744 C:\Windows\SysWOW64\svchost.exe
        1764 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        1972 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
        2012 C:\Program Files\Bonjour\mDNSResponder.exe
        1064 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
        1156 C:\Windows\System32\svchost.exe
        1556 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
        1776 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
        1884 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
        1476 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
        2080 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
        2144 C:\Windows\System32\svchost.exe
        2316 C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
        3012 C:\Windows\System32\taskhost.exe
        1644 C:\Windows\explorer.exe
        1604 C:\Windows\System32\dwm.exe
        3112 C:\Windows\System32\svchost.exe
        3276 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        3564 C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
        3576 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
        3584 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        3664 C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
        3752 C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        3792 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
        3816 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
        3900 C:\Windows\System32\taskeng.exe
        4072 C:\Program Files (x86)\iTunes\iTunesHelper.exe
        4080 C:\Program Files (x86)\QuickTime\QTTask.exe
        3872 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
        3828 C:\Windows\System32\SearchIndexer.exe
        4136 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        4236 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
        4512 C:\Program Files\iPod\bin\iPodService.exe
        5048 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        5080 C:\Program Files\Windows Media Player\wmpnetwk.exe
        4688 C:\Program Files (x86)\Internet Explorer\iexplore.exe
        4904 C:\Program Files (x86)\Internet Explorer\iexplore.exe
        3172 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
        2644 WmiPrvSE.exe
        4752 C:\Windows\System32\SearchProtocolHost.exe
        1380 C:\Windows\System32\svchost.exe
        4056 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
        1536 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
        4184 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
        5888 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
        5172 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
        5244 C:\Windows\System32\sppsvc.exe
        6120 C:\Windows\System32\svchost.exe
        5736 taskhost.exe
        5924 WmiPrvSE.exe
        5352 C:\Program Files (x86)\Internet Explorer\iexplore.exe
        5848 C:\Windows\servicing\TrustedInstaller.exe
        4400 C:\Users\Richard\Desktop\MBRCheck.exe
        1464 C:\Windows\System32\conhost.exe
        5008 C:\Windows\System32\dllhost.exe
         188 C:\Windows\System32\VSSVC.exe
        5372 C:\Windows\System32\svchost.exe
        3216 C:\Windows\System32\SearchProtocolHost.exe
        3176 C:\Windows\System32\SearchFilterHost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
    \\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)
    \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)

    PhysicalDrive0 Model Number: HitachiHDS721050CLA362, Rev: JP2OA3MA
    PhysicalDrive1 Model Number: ST3200822A, Rev: 3.01   
    PhysicalDrive2 Model Number: Maxtor2B020H1, Rev: WAK21R90

          Size  Device Name          MBR Status
      --------------------------------------------
        465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
                SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
        186 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
                SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
         19 GB  \\.\PhysicalDrive2   Windows XP MBR code detected
                SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A


    Done!
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #22 on: February 10, 2012, 12:33:14 PM »
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • Click the Report button and copy/paste the contents of it into your next reply
    Note:It will also create a log in the C:\ directory..
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Northenlad60

      Topic Starter


      Rookie

      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #23 on: February 11, 2012, 01:30:29 AM »
    Hi,

    I have run the application and the log is posted below. I would like to say thanks for this, as I do think the PC is running better. The fact that the last 2 scans picked nothing up, seems to show everything is ok.

    08:27:42.0788 1984   TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
    08:27:42.0975 1984   ============================================================
    08:27:42.0975 1984   Current date / time: 2012/02/11 08:27:42.0975
    08:27:42.0975 1984   SystemInfo:
    08:27:42.0975 1984   
    08:27:42.0975 1984   OS Version: 6.1.7601 ServicePack: 1.0
    08:27:42.0975 1984   Product type: Workstation
    08:27:42.0975 1984   ComputerName: MYRNAS-PICS
    08:27:42.0975 1984   UserName: Richard
    08:27:42.0975 1984   Windows directory: C:\Windows
    08:27:42.0975 1984   System windows directory: C:\Windows
    08:27:42.0975 1984   Running under WOW64
    08:27:42.0975 1984   Processor architecture: Intel x64
    08:27:42.0975 1984   Number of processors: 4
    08:27:42.0975 1984   Page size: 0x1000
    08:27:42.0975 1984   Boot type: Normal boot
    08:27:42.0975 1984   ============================================================
    08:27:44.0301 1984   Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    08:27:44.0301 1984   Drive \Device\Harddisk0\DR0 - Size: 0x2E93A2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:27:44.0301 1984   Drive \Device\Harddisk1\DR1 - Size: 0x4C5552000 (19.08 Gb), SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:27:44.0317 1984   \Device\Harddisk2\DR2:
    08:27:44.0317 1984   MBR used
    08:27:44.0317 1984   \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    08:27:44.0317 1984   \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    08:27:44.0317 1984   \Device\Harddisk0\DR0:
    08:27:44.0317 1984   MBR used
    08:27:44.0317 1984   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749D131
    08:27:44.0317 1984   \Device\Harddisk1\DR1:
    08:27:44.0317 1984   MBR used
    08:27:44.0317 1984   \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x26260FB
    08:27:44.0364 1984   Initialize success
    08:27:44.0364 1984   ============================================================
    08:27:46.0548 2428   ============================================================
    08:27:46.0548 2428   Scan started
    08:27:46.0548 2428   Mode: Manual;
    08:27:46.0548 2428   ============================================================
    08:27:48.0326 2428   1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    08:27:48.0326 2428   1394ohci - ok
    08:27:48.0357 2428   ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    08:27:48.0373 2428   ACPI - ok
    08:27:48.0466 2428   AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    08:27:48.0482 2428   AcpiPmi - ok
    08:27:48.0498 2428   ACRUSBTM - ok
    08:27:48.0591 2428   adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    08:27:48.0607 2428   adp94xx - ok
    08:27:48.0669 2428   adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    08:27:48.0669 2428   adpahci - ok
    08:27:48.0763 2428   adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    08:27:48.0763 2428   adpu320 - ok
    08:27:48.0872 2428   AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    08:27:48.0872 2428   AFD - ok
    08:27:49.0012 2428   agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    08:27:49.0012 2428   agp440 - ok
    08:27:49.0215 2428   aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    08:27:49.0215 2428   aliide - ok
    08:27:49.0246 2428   amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    08:27:49.0246 2428   amdide - ok
    08:27:49.0324 2428   AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    08:27:49.0324 2428   AmdK8 - ok
    08:27:49.0356 2428   AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    08:27:49.0356 2428   AmdPPM - ok
    08:27:49.0418 2428   amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    08:27:49.0434 2428   amdsata - ok
    08:27:49.0512 2428   amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    08:27:49.0512 2428   amdsbs - ok
    08:27:49.0590 2428   amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    08:27:49.0590 2428   amdxata - ok
    08:27:49.0714 2428   AODDriver       (f160ecce1500a5a5877c123584e86b17) C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
    08:27:49.0714 2428   AODDriver - ok
    08:27:49.0808 2428   AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    08:27:49.0808 2428   AppID - ok
    08:27:49.0933 2428   arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    08:27:49.0933 2428   arc - ok
    08:27:49.0948 2428   arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    08:27:49.0948 2428   arcsas - ok
    08:27:50.0011 2428   ASAPIW2k - ok
    08:27:50.0042 2428   AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    08:27:50.0042 2428   AsyncMac - ok
    08:27:50.0104 2428   atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    08:27:50.0104 2428   atapi - ok
    08:27:50.0198 2428   b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    08:27:50.0214 2428   b06bdrv - ok
    08:27:50.0260 2428   b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    08:27:50.0260 2428   b57nd60a - ok
    08:27:50.0354 2428   Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    08:27:50.0354 2428   Beep - ok
    08:27:50.0401 2428   blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    08:27:50.0401 2428   blbdrive - ok
    08:27:50.0510 2428   bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    08:27:50.0526 2428   bowser - ok
    08:27:50.0541 2428   BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    08:27:50.0541 2428   BrFiltLo - ok
    08:27:50.0588 2428   BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    08:27:50.0588 2428   BrFiltUp - ok
    08:27:50.0697 2428   BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    08:27:50.0697 2428   BridgeMP - ok
    08:27:50.0744 2428   Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    08:27:50.0760 2428   Brserid - ok
    08:27:50.0775 2428   BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    08:27:50.0775 2428   BrSerWdm - ok
    08:27:50.0838 2428   BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    08:27:50.0853 2428   BrUsbMdm - ok
    08:27:50.0947 2428   BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    08:27:50.0947 2428   BrUsbSer - ok
    08:27:50.0962 2428   BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    08:27:50.0978 2428   BTHMODEM - ok
    08:27:50.0978 2428   catchme - ok
    08:27:51.0072 2428   cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    08:27:51.0072 2428   cdfs - ok
    08:27:51.0150 2428   cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    08:27:51.0165 2428   cdrom - ok
    08:27:51.0243 2428   circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    08:27:51.0243 2428   circlass - ok
    08:27:51.0274 2428   CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    08:27:51.0274 2428   CLFS - ok
    08:27:51.0384 2428   CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    08:27:51.0384 2428   CmBatt - ok
    08:27:51.0446 2428   cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    08:27:51.0446 2428   cmdide - ok
    08:27:51.0508 2428   CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    08:27:51.0508 2428   CNG - ok
    08:27:51.0586 2428   Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    08:27:51.0586 2428   Compbatt - ok
    08:27:51.0696 2428   CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    08:27:51.0696 2428   CompositeBus - ok
    08:27:51.0774 2428   crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    08:27:51.0774 2428   crcdisk - ok
    08:27:51.0867 2428   DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    08:27:51.0867 2428   DfsC - ok
    08:27:51.0945 2428   discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    08:27:51.0945 2428   discache - ok
    08:27:51.0976 2428   Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    08:27:51.0976 2428   Disk - ok
    08:27:52.0070 2428   drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    08:27:52.0070 2428   drmkaud - ok
    08:27:52.0148 2428   DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    08:27:52.0164 2428   DXGKrnl - ok
    08:27:52.0304 2428   ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    08:27:52.0320 2428   ebdrv - ok
    08:27:52.0413 2428   elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    08:27:52.0413 2428   elxstor - ok
    08:27:52.0538 2428   ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    08:27:52.0554 2428   ErrDev - ok
    08:27:52.0585 2428   etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
    08:27:52.0585 2428   etdrv - ok
    08:27:52.0694 2428   exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    08:27:52.0694 2428   exfat - ok
    08:27:52.0725 2428   fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    08:27:52.0741 2428   fastfat - ok
    08:27:52.0834 2428   fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    08:27:52.0834 2428   fdc - ok
    08:27:52.0897 2428   FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    08:27:52.0912 2428   FileInfo - ok
    08:27:52.0928 2428   Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    08:27:52.0928 2428   Filetrace - ok
    08:27:53.0068 2428   flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    08:27:53.0068 2428   flpydisk - ok
    08:27:53.0162 2428   FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    08:27:53.0162 2428   FltMgr - ok
    08:27:53.0224 2428   FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    08:27:53.0224 2428   FsDepends - ok
    08:27:53.0271 2428   Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    08:27:53.0271 2428   Fs_Rec - ok
    08:27:53.0365 2428   fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    08:27:53.0365 2428   fvevol - ok
    08:27:53.0412 2428   gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    08:27:53.0412 2428   gagp30kx - ok
    08:27:53.0474 2428   gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
    08:27:53.0474 2428   gdrv - ok
    08:27:53.0568 2428   GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    08:27:53.0568 2428   GEARAspiWDM - ok
    08:27:53.0692 2428   GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
    08:27:53.0692 2428   GVTDrv64 - ok
    08:27:53.0755 2428   hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    08:27:53.0755 2428   hcw85cir - ok
    08:27:53.0848 2428   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    08:27:53.0864 2428   HdAudAddService - ok
    08:27:53.0942 2428   HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    08:27:53.0942 2428   HDAudBus - ok
    08:27:53.0989 2428   HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    08:27:53.0989 2428   HidBatt - ok
    08:27:54.0020 2428   HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    08:27:54.0020 2428   HidBth - ok
    08:27:54.0067 2428   HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    08:27:54.0067 2428   HidIr - ok
    08:27:54.0176 2428   HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    08:27:54.0176 2428   HidUsb - ok
    08:27:54.0254 2428   HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    08:27:54.0254 2428   HpSAMD - ok
    08:27:54.0348 2428   HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    08:27:54.0363 2428   HTTP - ok
    08:27:54.0410 2428   hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    08:27:54.0410 2428   hwpolicy - ok
    08:27:54.0535 2428   i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    08:27:54.0535 2428   i8042prt - ok
    08:27:54.0582 2428   iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    08:27:54.0582 2428   iaStorV - ok
    08:27:54.0706 2428   iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    08:27:54.0706 2428   iirsp - ok
    08:27:54.0800 2428   IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys
    08:27:54.0800 2428   IntcAzAudAddService - ok
    08:27:54.0925 2428   intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    08:27:54.0940 2428   intelide - ok
    08:27:54.0972 2428   intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    08:27:54.0972 2428   intelppm - ok
    08:27:55.0081 2428   IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    08:27:55.0081 2428   IpFilterDriver - ok
    08:27:55.0143 2428   IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    08:27:55.0143 2428   IPMIDRV - ok
    08:27:55.0221 2428   IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    08:27:55.0221 2428   IPNAT - ok
    08:27:55.0315 2428   IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    08:27:55.0315 2428   IRENUM - ok
    08:27:55.0377 2428   isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    08:27:55.0377 2428   isapnp - ok
    08:27:55.0440 2428   iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    08:27:55.0455 2428   iScsiPrt - ok
    08:27:55.0533 2428   kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    08:27:55.0533 2428   kbdclass - ok
    08:27:55.0611 2428   kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    08:27:55.0611 2428   kbdhid - ok
    08:27:55.0720 2428   kl1             (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
    08:27:55.0720 2428   kl1 - ok
    08:27:55.0830 2428   kl2             (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
    08:27:55.0830 2428   kl2 - ok
    08:27:55.0876 2428   KLIF            (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
    08:27:55.0892 2428   KLIF - ok
    08:27:55.0954 2428   KLIM6           (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
    08:27:55.0954 2428   KLIM6 - ok
    08:27:56.0032 2428   klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
    08:27:56.0032 2428   klmouflt - ok
    08:27:56.0095 2428   KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    08:27:56.0095 2428   KSecDD - ok
    08:27:56.0188 2428   KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    08:27:56.0204 2428   KSecPkg - ok
    08:27:56.0235 2428   ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    08:27:56.0235 2428   ksthunk - ok
    08:27:56.0344 2428   lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    08:27:56.0360 2428   lltdio - ok
    08:27:56.0422 2428   LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    08:27:56.0422 2428   LSI_FC - ok
    08:27:56.0500 2428   LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    08:27:56.0500 2428   LSI_SAS - ok
    08:27:56.0532 2428   LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    08:27:56.0532 2428   LSI_SAS2 - ok
    08:27:56.0563 2428   LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    08:27:56.0563 2428   LSI_SCSI - ok
    08:27:56.0656 2428   luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    08:27:56.0672 2428   luafv - ok
    08:27:56.0734 2428   MarvinBus       (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
    08:27:56.0750 2428   MarvinBus - ok
    08:27:56.0875 2428   MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    08:27:56.0875 2428   MBAMProtector - ok
    08:27:56.0968 2428   megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    08:27:56.0968 2428   megasas - ok
    08:27:57.0015 2428   MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    08:27:57.0031 2428   MegaSR - ok
    08:27:57.0109 2428   Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    08:27:57.0109 2428   Modem - ok
    08:27:57.0140 2428   monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    08:27:57.0140 2428   monitor - ok
    08:27:57.0218 2428   mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    08:27:57.0218 2428   mouclass - ok
    08:27:57.0265 2428   mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    08:27:57.0265 2428   mouhid - ok
    08:27:57.0327 2428   mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    08:27:57.0327 2428   mountmgr - ok
    08:27:57.0405 2428   mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    08:27:57.0405 2428   mpio - ok
    08:27:57.0468 2428   mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    08:27:57.0468 2428   mpsdrv - ok
    08:27:57.0561 2428   MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    08:27:57.0561 2428   MRxDAV - ok
    08:27:57.0670 2428   mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    08:27:57.0670 2428   mrxsmb - ok
    08:27:57.0748 2428   mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    08:27:57.0748 2428   mrxsmb10 - ok
    08:27:57.0858 2428   mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    08:27:57.0858 2428   mrxsmb20 - ok
    08:27:57.0920 2428   msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    08:27:57.0920 2428   msahci - ok
    08:27:58.0014 2428   msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    08:27:58.0014 2428   msdsm - ok
    08:27:58.0076 2428   Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    08:27:58.0076 2428   Msfs - ok
    08:27:58.0138 2428   mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    08:27:58.0138 2428   mshidkmdf - ok
    08:27:58.0201 2428   msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    08:27:58.0201 2428   msisadrv - ok
    08:27:58.0294 2428   MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    08:27:58.0294 2428   MSKSSRV - ok
    08:27:58.0310 2428   MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    08:27:58.0310 2428   MSPCLOCK - ok
    08:27:58.0326 2428   MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    08:27:58.0326 2428   MSPQM - ok
    08:27:58.0388 2428   MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    08:27:58.0388 2428   MsRPC - ok
    08:27:58.0497 2428   mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    08:27:58.0497 2428   mssmbios - ok
    08:27:58.0606 2428   MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    08:27:58.0606 2428   MSTEE - ok
    08:27:58.0653 2428   MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    08:27:58.0653 2428   MTConfig - ok
    08:27:58.0716 2428   Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    08:27:58.0716 2428   Mup - ok
    08:27:58.0778 2428   NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    08:27:58.0794 2428   NativeWifiP - ok
    08:27:58.0950 2428   NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    08:27:58.0965 2428   NDIS - ok
    08:27:59.0059 2428   NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    08:27:59.0059 2428   NdisCap - ok
    08:27:59.0152 2428   NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    08:27:59.0152 2428   NdisTapi - ok
    08:27:59.0215 2428   Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    08:27:59.0215 2428   Ndisuio - ok
    08:27:59.0324 2428   NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    08:27:59.0324 2428   NdisWan - ok
    08:27:59.0386 2428   NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    08:27:59.0386 2428   NDProxy - ok
    08:27:59.0433 2428   NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    08:27:59.0433 2428   NetBIOS - ok
    08:27:59.0527 2428   NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    08:27:59.0527 2428   NetBT - ok
    08:27:59.0605 2428   nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    08:27:59.0605 2428   nfrd960 - ok
    08:27:59.0652 2428   Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    08:27:59.0652 2428   Npfs - ok
    08:27:59.0667 2428   nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    08:27:59.0667 2428   nsiproxy - ok
    08:27:59.0776 2428   Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    08:27:59.0792 2428   Ntfs - ok
    08:27:59.0870 2428   Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    08:27:59.0870 2428   Null - ok
    08:27:59.0948 2428   NVHDA           (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
    08:27:59.0948 2428   NVHDA - ok
    08:28:00.0229 2428   nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    08:28:00.0276 2428   nvlddmkm - ok
    08:28:00.0369 2428   nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    08:28:00.0385 2428   nvraid - ok
    08:28:00.0400 2428   nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    08:28:00.0400 2428   nvstor - ok
    08:28:00.0541 2428   nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    08:28:00.0541 2428   nv_agp - ok
    08:28:00.0572 2428   ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    08:28:00.0572 2428   ohci1394 - ok
    08:28:00.0681 2428   Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    08:28:00.0681 2428   Parport - ok
    08:28:00.0744 2428   partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    08:28:00.0744 2428   partmgr - ok
    08:28:00.0884 2428   pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    08:28:00.0884 2428   pci - ok
    08:28:00.0915 2428   pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    08:28:00.0915 2428   pciide - ok
    08:28:00.0962 2428   PCLEPCI - ok
    08:28:01.0009 2428   pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    08:28:01.0009 2428   pcmcia - ok
    08:28:01.0040 2428   pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    08:28:01.0040 2428   pcw - ok
    08:28:01.0134 2428   PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    08:28:01.0134 2428   PEAUTH - ok
    08:28:01.0258 2428   PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    08:28:01.0258 2428   PptpMiniport - ok
    08:28:01.0336 2428   Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    08:28:01.0336 2428   Processor - ok
    08:28:01.0414 2428   Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    08:28:01.0414 2428   Psched - ok
    08:28:01.0539 2428   ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    08:28:01.0555 2428   ql2300 - ok
    08:28:01.0570 2428   ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    08:28:01.0570 2428   ql40xx - ok
    08:28:01.0680 2428   QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    08:28:01.0680 2428   QWAVEdrv - ok
    08:28:01.0695 2428   RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    08:28:01.0695 2428   RasAcd - ok
    08:28:01.0742 2428   RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    08:28:01.0742 2428   RasAgileVpn - ok
    08:28:01.0836 2428   Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    08:28:01.0836 2428   Rasl2tp - ok
    08:28:01.0898 2428   RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    08:28:01.0898 2428   RasPppoe - ok
    08:28:01.0945 2428   RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    08:28:01.0945 2428   RasSstp - ok
    08:28:02.0023 2428   rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    08:28:02.0038 2428   rdbss - ok
    08:28:02.0054 2428   rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    08:28:02.0054 2428   rdpbus - ok
    08:28:02.0101 2428   RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    08:28:02.0101 2428   RDPCDD - ok
    08:28:02.0163 2428   RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    08:28:02.0163 2428   RDPENCDD - ok
    08:28:02.0194 2428   RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    08:28:02.0194 2428   RDPREFMP - ok
    08:28:02.0288 2428   RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    08:28:02.0288 2428   RDPWD - ok
    08:28:02.0397 2428   rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    08:28:02.0397 2428   rdyboost - ok
    08:28:02.0491 2428   rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    08:28:02.0491 2428   rspndr - ok
    08:28:02.0522 2428   RTL8167         (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
    08:28:02.0538 2428   RTL8167 - ok
    08:28:02.0600 2428   SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    08:28:02.0600 2428   SASDIFSV - ok
    08:28:02.0631 2428   SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    08:28:02.0631 2428   SASKUTIL - ok
    08:28:02.0725 2428   sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    08:28:02.0740 2428   sbp2port - ok
    08:28:02.0787 2428   scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    08:28:02.0787 2428   scfilter - ok
    08:28:02.0912 2428   secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    08:28:02.0912 2428   secdrv - ok
    08:28:02.0959 2428   Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    08:28:02.0959 2428   Serenum - ok
    08:28:02.0974 2428   Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    08:28:02.0990 2428   Serial - ok
    08:28:03.0084 2428   sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    08:28:03.0084 2428   sermouse - ok
    08:28:03.0130 2428   sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    08:28:03.0130 2428   sffdisk - ok
    08:28:03.0146 2428   sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    08:28:03.0146 2428   sffp_mmc - ok
    08:28:03.0224 2428   sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    08:28:03.0224 2428   sffp_sd - ok
    08:28:03.0271 2428   sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    08:28:03.0271 2428   sfloppy - ok
    08:28:03.0302 2428   SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    08:28:03.0302 2428   SiSRaid2 - ok
    08:28:03.0364 2428   SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    08:28:03.0364 2428   SiSRaid4 - ok
    08:28:03.0411 2428   Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    08:28:03.0411 2428   Smb - ok
    08:28:03.0489 2428   spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    08:28:03.0505 2428   spldr - ok
    08:28:03.0661 2428   srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    08:28:03.0676 2428   srv - ok
    08:28:03.0708 2428   srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    08:28:03.0708 2428   srv2 - ok
    08:28:03.0739 2428   srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    08:28:03.0739 2428   srvnet - ok
    08:28:03.0848 2428   stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    08:28:03.0848 2428   stexstor - ok
    08:28:03.0926 2428   swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    08:28:03.0926 2428   swenum - ok
    08:28:04.0004 2428   TBPanel - ok
    08:28:04.0113 2428   Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    08:28:04.0144 2428   Tcpip - ok
    08:28:04.0285 2428   TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    08:28:04.0300 2428   TCPIP6 - ok
    08:28:04.0363 2428   tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    08:28:04.0363 2428   tcpipreg - ok
    08:28:04.0441 2428   TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    08:28:04.0456 2428   TDPIPE - ok
    08:28:04.0472 2428   TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    08:28:04.0472 2428   TDTCP - ok
    08:28:04.0581 2428   tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    08:28:04.0581 2428   tdx - ok
    08:28:04.0659 2428   TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    08:28:04.0659 2428   TermDD - ok
    08:28:04.0753 2428   tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    08:28:04.0768 2428   tssecsrv - ok
    08:28:04.0893 2428   TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    08:28:04.0893 2428   TsUsbFlt - ok
    08:28:04.0987 2428   tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    08:28:04.0987 2428   tunnel - ok
    08:28:05.0065 2428   uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    08:28:05.0065 2428   uagp35 - ok
    08:28:05.0127 2428   udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    08:28:05.0143 2428   udfs - ok
    08:28:05.0268 2428   uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    08:28:05.0268 2428   uliagpkx - ok
    08:28:05.0299 2428   umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    08:28:05.0299 2428   umbus - ok
    08:28:05.0330 2428   UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    08:28:05.0330 2428   UmPass - ok
    08:28:05.0424 2428   USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    08:28:05.0439 2428   USBAAPL64 - ok
    08:28:05.0486 2428   usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    08:28:05.0502 2428   usbccgp - ok
    08:28:05.0564 2428   usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    08:28:05.0564 2428   usbcir - ok
    08:28:05.0595 2428   usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    08:28:05.0595 2428   usbehci - ok
    08:28:05.0689 2428   usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    08:28:05.0689 2428   usbhub - ok
    08:28:05.0798 2428   usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    08:28:05.0798 2428   usbohci - ok
    08:28:05.0829 2428   usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    08:28:05.0829 2428   usbprint - ok
    08:28:05.0938 2428   usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    08:28:05.0938 2428   usbscan - ok
    08:28:06.0001 2428   USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    08:28:06.0001 2428   USBSTOR - ok
    08:28:06.0048 2428   usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    08:28:06.0063 2428   usbuhci - ok
    08:28:06.0157 2428   vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    08:28:06.0157 2428   vdrvroot - ok
    08:28:06.0219 2428   vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    08:28:06.0219 2428   vga - ok
    08:28:06.0250 2428   VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    08:28:06.0250 2428   VgaSave - ok
    08:28:06.0313 2428   vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    08:28:06.0313 2428   vhdmp - ok
    08:28:06.0375 2428   viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    08:28:06.0375 2428   viaide - ok
    08:28:06.0422 2428   volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    08:28:06.0422 2428   volmgr - ok
    08:28:06.0500 2428   volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    08:28:06.0500 2428   volmgrx - ok
    08:28:06.0609 2428   volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    08:28:06.0609 2428   volsnap - ok
    08:28:06.0656 2428   vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    08:28:06.0672 2428   vsmraid - ok
    08:28:06.0952 2428   VSPerfDrv90     (858c3833cd5a359b110bc5ec1f760cbd) C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys
    08:28:06.0968 2428   VSPerfDrv90 - ok
    08:28:07.0046 2428   vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    08:28:07.0046 2428   vwifibus - ok
    08:28:07.0077 2428   WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    08:28:07.0077 2428   WacomPen - ok
    08:28:07.0186 2428   WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    08:28:07.0186 2428   WANARP - ok
    08:28:07.0202 2428   Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    08:28:07.0202 2428   Wanarpv6 - ok
    08:28:07.0264 2428   Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    08:28:07.0264 2428   Wd - ok
    08:28:07.0342 2428   Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    08:28:07.0342 2428   Wdf01000 - ok
    08:28:07.0420 2428   WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    08:28:07.0420 2428   WfpLwf - ok
    08:28:07.0452 2428   WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    08:28:07.0452 2428   WIMMount - ok
    08:28:07.0623 2428   WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    08:28:07.0623 2428   WinUsb - ok
    08:28:07.0654 2428   WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    08:28:07.0654 2428   WmiAcpi - ok
    08:28:07.0686 2428   ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    08:28:07.0686 2428   ws2ifsl - ok
    08:28:07.0810 2428   WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    08:28:07.0810 2428   WudfPf - ok
    08:28:07.0857 2428   WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    08:28:07.0857 2428   WUDFRd - ok
    08:28:07.0904 2428   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
    08:28:07.0966 2428   \Device\Harddisk2\DR2 - ok
    08:28:07.0982 2428   MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    08:28:07.0982 2428   \Device\Harddisk0\DR0 - ok
    08:28:07.0982 2428   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    08:28:08.0122 2428   \Device\Harddisk1\DR1 - ok
    08:28:08.0122 2428   Boot (0x1200)   (c2877de7c93f52526b07de6e34c19ffe) \Device\Harddisk2\DR2\Partition0
    08:28:08.0122 2428   \Device\Harddisk2\DR2\Partition0 - ok
    08:28:08.0169 2428   Boot (0x1200)   (3e7ca51556514d05f4394dd1ae1e3ab3) \Device\Harddisk2\DR2\Partition1
    08:28:08.0169 2428   \Device\Harddisk2\DR2\Partition1 - ok
    08:28:08.0169 2428   Boot (0x1200)   (1c1dcb712a572d798d2587ac298deb6b) \Device\Harddisk0\DR0\Partition0
    08:28:08.0169 2428   \Device\Harddisk0\DR0\Partition0 - ok
    08:28:08.0185 2428   Boot (0x1200)   (a5a9019076538a675005bf7370defce2) \Device\Harddisk1\DR1\Partition0
    08:28:08.0185 2428   \Device\Harddisk1\DR1\Partition0 - ok
    08:28:08.0185 2428   ============================================================
    08:28:08.0185 2428   Scan finished
    08:28:08.0185 2428   ============================================================
    08:28:08.0200 5936   Detected object count: 0
    08:28:08.0200 5936   Actual detected object count: 0
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #24 on: February 11, 2012, 11:22:26 AM »
    Please give me an update on how your computer is running.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Northenlad60

      Topic Starter


      Rookie

      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #25 on: February 12, 2012, 03:02:49 AM »
    Hi,

    It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. Thanks
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Am I infected.. My PC is VERY VERY SLOOOOW!
    « Reply #26 on: February 12, 2012, 11:13:48 AM »
    Quote
    It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. Thanks
    You're welcome. Now we should do some cleanup.

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall


    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
    *****************************************************
    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    *****************************************************
    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
    *****************************************************

    Go to Microsoft Windows Update and get all critical updates.

    ----------

    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware
    * If you don't know what ActiveX controls are, see here

    Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's
    Pages: 1 2 [All]   Go Up
    « previous next »