How to remove virus "Win 7 Antivirus 2012"

L

larryq22

New Member
I recently was infected with this virus, and now there is a barrage of popups, warnings, etc that get in the way. How do I remove this? I have a Dell PC, Windows 7, and mostly use FireFox.
 
johnb35

johnb35

Administrator
Staff member
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
L

larryq22

New Member
I already restarted the computer a couple times before reading this. So I assume I should start with the rkill sequence rather than malwarebytes?
 
johnb35

johnb35

Administrator
Staff member
It might help to run rkill first. Some infections stop malwarebytes from running. If thats the case, use rkill first but don't reboot the system until after malwarebytes has ran.
 
C

CountrySideComp

New Member
I have dealt with this wonderful infection.
I highly encourage you to go to a non-infected PC with a USB thumb/flash drive and download these programs onto it:
rkill
TDSSKiller
SuperAntiSpyware Portable Edition
Malwarebytes

After you have done this, reboot the infected PC BUT boot into Safe Mode With Networking.
Insert the USB flash/thumb drive. Load and run rkill first. Let it finish and do not reboot. Rkill doesn't remove anything, but it does stop malicious proccesses.
Next load and run TDSSKiller. Let it scan and then remove any threats.
Next load, run, update and do a full scan with SuperAntiSpyware Portable.
You will have to reboot, but when you do boot back into Safe Mode With Networking.
Now load, update and run a full scan.
Next, update your antivirus and run a full scan.
This should take care of it.
If not, there is another step we can do.
 
voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
johnb35 said:
It might help to run rkill first. Some infections stop malwarebytes from running. If thats the case, use rkill first but don't reboot the system until after malwarebytes has ran.
Click to expand...

Yeah I had this one on a customer's computer the other day. Gotta nip it in the bud on a fresh restart and immediately run RKill.
 
L

larryq22

New Member
HJT log after RKill, Malwarebytes scan & removal:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:08:59 PM, on 12/5/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

--
End of file - 5541 bytes
 
johnb35

johnb35

Administrator
Staff member
I need you to post the malwarebytes log please as well as the rkill log if it killed anything.
 
L

larryq22

New Member
I closed the RKill log before running Malwarebytes so I don't have it anymore. Here's the MalwareBytes log. Let me know if I need to run RKill again:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8318

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/5/2011 5:04:58 PM
mbam-log-2011-12-05 (17-04-58).txt

Scan type: Quick scan
Objects scanned: 156263
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Trojan.FakeAlert) -> Value: Privacy Protection -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4DABE2DC-1D74-AD7F-621D-1403401E371E} (Trojan.ZbotR.Gen) -> Value: {4DABE2DC-1D74-AD7F-621D-1403401E371E} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\larryq22\AppData\Local\uqs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\larryq22\AppData\Local\uqs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\larryq22\AppData\Local\uqs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\privacy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\1489.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\larryq22\AppData\Local\Temp\3604.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\larryq22\AppData\Local\Temp\A2D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\privacy protection.lnk (Malware.Trace) -> Quarantined and deleted successfully.
 
johnb35

johnb35

Administrator
Staff member
Rkill's log is located at c:\rkill.txt..

Also run tdsskiller.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.
 
L

larryq22

New Member
TDSSKiller logfile:

21:14:11.0335 1084 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:14:11.0565 1084 ============================================================
21:14:11.0565 1084 Current date / time: 2011/12/05 21:14:11.0565
21:14:11.0565 1084 SystemInfo:
21:14:11.0565 1084
21:14:11.0565 1084 OS Version: 6.1.7601 ServicePack: 1.0
21:14:11.0565 1084 Product type: Workstation
21:14:11.0565 1084 ComputerName: LARRYQ22-LAPTOP
21:14:11.0565 1084 UserName: larryq22
21:14:11.0565 1084 Windows directory: C:\Windows
21:14:11.0565 1084 System windows directory: C:\Windows
21:14:11.0565 1084 Processor architecture: Intel x86
21:14:11.0565 1084 Number of processors: 2
21:14:11.0565 1084 Page size: 0x1000
21:14:11.0565 1084 Boot type: Normal boot
21:14:11.0565 1084 ============================================================
21:14:13.0585 1084 Initialize success
21:14:24.0599 6096 ============================================================
21:14:24.0599 6096 Scan started
21:14:24.0599 6096 Mode: Manual;
21:14:24.0599 6096 ============================================================
21:14:27.0687 6096 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:14:27.0691 6096 1394ohci - ok
21:14:27.0745 6096 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:14:27.0752 6096 ACPI - ok
21:14:27.0862 6096 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:14:27.0864 6096 AcpiPmi - ok
21:14:27.0941 6096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:14:27.0950 6096 adp94xx - ok
21:14:28.0064 6096 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:14:28.0071 6096 adpahci - ok
21:14:28.0142 6096 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:14:28.0146 6096 adpu320 - ok
21:14:28.0273 6096 AFD (f397c7f5cc0dca3dca2e37cecb0db6dc) C:\Windows\system32\drivers\afd.sys
21:14:28.0282 6096 AFD - ok
21:14:28.0332 6096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:14:28.0335 6096 agp440 - ok
21:14:28.0443 6096 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:14:28.0447 6096 aic78xx - ok
21:14:28.0501 6096 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:14:28.0503 6096 aliide - ok
21:14:28.0534 6096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:14:28.0536 6096 amdagp - ok
21:14:28.0645 6096 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:14:28.0647 6096 amdide - ok
21:14:28.0689 6096 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:14:28.0691 6096 AmdK8 - ok
21:14:28.0712 6096 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:14:28.0714 6096 AmdPPM - ok
21:14:28.0812 6096 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:14:28.0815 6096 amdsata - ok
21:14:28.0875 6096 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:14:28.0879 6096 amdsbs - ok
21:14:28.0905 6096 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:14:28.0907 6096 amdxata - ok
21:14:28.0989 6096 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:14:28.0993 6096 ApfiltrService - ok
21:14:29.0040 6096 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:14:29.0042 6096 AppID - ok
21:14:29.0094 6096 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:14:29.0097 6096 arc - ok
21:14:29.0193 6096 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:14:29.0195 6096 arcsas - ok
21:14:29.0228 6096 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:29.0229 6096 AsyncMac - ok
21:14:29.0266 6096 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:14:29.0267 6096 atapi - ok
21:14:29.0379 6096 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:14:29.0389 6096 b06bdrv - ok
21:14:29.0497 6096 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:14:29.0502 6096 b57nd60x - ok
21:14:29.0612 6096 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:14:29.0693 6096 BCM43XX - ok
21:14:29.0823 6096 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:14:29.0825 6096 bcm4sbxp - ok
21:14:29.0895 6096 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:14:29.0897 6096 Beep - ok
21:14:29.0935 6096 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:14:29.0937 6096 blbdrive - ok
21:14:29.0984 6096 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:14:29.0986 6096 bowser - ok
21:14:30.0078 6096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:14:30.0080 6096 BrFiltLo - ok
21:14:30.0137 6096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:14:30.0139 6096 BrFiltUp - ok
21:14:30.0181 6096 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:14:30.0187 6096 Brserid - ok
21:14:30.0220 6096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:14:30.0222 6096 BrSerWdm - ok
21:14:30.0324 6096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:14:30.0325 6096 BrUsbMdm - ok
21:14:30.0378 6096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:14:30.0380 6096 BrUsbSer - ok
21:14:30.0403 6096 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:14:30.0403 6096 BTHMODEM - ok
21:14:30.0443 6096 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:14:30.0443 6096 cdfs - ok
21:14:30.0498 6096 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:14:30.0498 6096 cdrom - ok
21:14:30.0613 6096 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:14:30.0613 6096 circlass - ok
21:14:30.0668 6096 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:14:30.0673 6096 CLFS - ok
21:14:30.0793 6096 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:14:30.0793 6096 CmBatt - ok
21:14:30.0878 6096 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:14:30.0878 6096 cmdide - ok
21:14:30.0928 6096 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:14:30.0933 6096 CNG - ok
21:14:30.0963 6096 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:14:30.0968 6096 Compbatt - ok
21:14:31.0068 6096 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:14:31.0073 6096 CompositeBus - ok
21:14:31.0143 6096 cpuz133 (13a0d3f9d5f39adaca0a8d3bb327eb31) C:\Windows\system32\drivers\cpuz133_x32.sys
21:14:31.0148 6096 cpuz133 - ok
21:14:31.0193 6096 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:14:31.0193 6096 crcdisk - ok
21:14:31.0308 6096 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:14:31.0313 6096 CSC - ok
21:14:31.0398 6096 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:14:31.0398 6096 DfsC - ok
21:14:31.0448 6096 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:14:31.0448 6096 discache - ok
21:14:31.0553 6096 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:14:31.0558 6096 Disk - ok
21:14:31.0663 6096 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:14:31.0668 6096 Dot4 - ok
21:14:31.0929 6096 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:14:31.0931 6096 Dot4Print - ok
21:14:32.0021 6096 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:14:32.0023 6096 dot4usb - ok
21:14:32.0079 6096 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:14:32.0080 6096 drmkaud - ok
21:14:32.0157 6096 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:14:32.0171 6096 DXGKrnl - ok
21:14:32.0377 6096 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:14:32.0470 6096 ebdrv - ok
21:14:32.0609 6096 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:14:32.0619 6096 elxstor - ok
21:14:32.0947 6096 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:14:32.0949 6096 ErrDev - ok
21:14:33.0090 6096 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:14:33.0094 6096 exfat - ok
21:14:33.0136 6096 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:14:33.0140 6096 fastfat - ok
21:14:33.0247 6096 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:14:33.0249 6096 fdc - ok
21:14:33.0293 6096 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:14:33.0297 6096 FileInfo - ok
21:14:33.0324 6096 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:14:33.0326 6096 Filetrace - ok
21:14:33.0429 6096 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:33.0430 6096 flpydisk - ok
21:14:33.0468 6096 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:14:33.0474 6096 FltMgr - ok
21:14:33.0507 6096 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:14:33.0509 6096 FsDepends - ok
21:14:33.0536 6096 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:14:33.0538 6096 Fs_Rec - ok
21:14:33.0642 6096 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:14:33.0649 6096 fvevol - ok
21:14:33.0689 6096 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:14:33.0697 6096 gagp30kx - ok
21:14:33.0729 6096 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:14:33.0732 6096 hcw85cir - ok
21:14:33.0872 6096 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:14:33.0879 6096 HdAudAddService - ok
21:14:33.0930 6096 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:14:33.0933 6096 HDAudBus - ok
21:14:34.0029 6096 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:14:34.0031 6096 HidBatt - ok
21:14:34.0083 6096 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:14:34.0086 6096 HidBth - ok
21:14:34.0129 6096 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:14:34.0131 6096 HidIr - ok
21:14:34.0237 6096 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:14:34.0240 6096 HidUsb - ok
21:14:34.0317 6096 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:14:34.0320 6096 HpSAMD - ok
21:14:34.0441 6096 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:14:34.0452 6096 HTTP - ok
21:14:34.0559 6096 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:14:34.0561 6096 hwpolicy - ok
21:14:34.0614 6096 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:14:34.0617 6096 i8042prt - ok
21:14:34.0666 6096 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:14:34.0674 6096 iaStorV - ok
21:14:34.0905 6096 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:14:35.0043 6096 igfx - ok
21:14:35.0150 6096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:14:35.0153 6096 iirsp - ok
21:14:35.0202 6096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:14:35.0204 6096 intelide - ok
21:14:35.0227 6096 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:14:35.0230 6096 intelppm - ok
21:14:35.0271 6096 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:14:35.0273 6096 IpFilterDriver - ok
21:14:35.0385 6096 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:14:35.0385 6096 IPMIDRV - ok
21:14:35.0425 6096 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:14:35.0425 6096 IPNAT - ok
21:14:35.0455 6096 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:14:35.0455 6096 IRENUM - ok
21:14:35.0555 6096 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:14:35.0565 6096 isapnp - ok
21:14:35.0595 6096 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:14:35.0605 6096 iScsiPrt - ok
21:14:35.0635 6096 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:14:35.0635 6096 kbdclass - ok
21:14:35.0665 6096 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:14:35.0665 6096 kbdhid - ok
21:14:35.0785 6096 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:14:35.0795 6096 KSecDD - ok
21:14:35.0845 6096 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:14:35.0845 6096 KSecPkg - ok
21:14:35.0985 6096 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:14:35.0985 6096 Lavasoft Kernexplorer - ok
21:14:36.0065 6096 Lbd - ok
21:14:36.0105 6096 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:14:36.0105 6096 LHidFilt - ok
21:14:36.0145 6096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:14:36.0155 6096 lltdio - ok
21:14:36.0265 6096 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:14:36.0275 6096 LMouFilt - ok
21:14:36.0305 6096 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:14:36.0315 6096 LSI_FC - ok
21:14:36.0345 6096 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:14:36.0345 6096 LSI_SAS - ok
21:14:36.0458 6096 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:14:36.0460 6096 LSI_SAS2 - ok
21:14:36.0488 6096 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:14:36.0491 6096 LSI_SCSI - ok
21:14:36.0524 6096 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:14:36.0528 6096 luafv - ok
21:14:36.0634 6096 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:14:36.0636 6096 megasas - ok
21:14:36.0681 6096 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:14:36.0690 6096 MegaSR - ok
21:14:36.0731 6096 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:14:36.0733 6096 Modem - ok
21:14:36.0762 6096 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:14:36.0767 6096 monitor - ok
21:14:36.0877 6096 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:14:36.0880 6096 mouclass - ok
21:14:36.0915 6096 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:14:36.0917 6096 mouhid - ok
21:14:36.0953 6096 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:14:36.0956 6096 mountmgr - ok
21:14:37.0073 6096 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:14:37.0077 6096 MpFilter - ok
21:14:37.0118 6096 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:14:37.0122 6096 mpio - ok
21:14:37.0273 6096 MpKsl213f5c77 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C9C24E6-33E3-4FAB-A4CC-546DBA8FFE8D}\MpKsl213f5c77.sys
21:14:37.0275 6096 MpKsl213f5c77 - ok
21:14:37.0282 6096 MpKsl64105e4b - ok
21:14:37.0292 6096 MpKsl6d9a2388 - ok
21:14:37.0302 6096 MpKsldd3319ef - ok
21:14:37.0312 6096 MpKslef90e09d - ok
21:14:37.0423 6096 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:14:37.0425 6096 MpNWMon - ok
21:14:37.0458 6096 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:14:37.0461 6096 mpsdrv - ok
21:14:37.0508 6096 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:14:37.0512 6096 MRxDAV - ok
21:14:37.0613 6096 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:14:37.0618 6096 mrxsmb - ok
21:14:37.0656 6096 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:14:37.0662 6096 mrxsmb10 - ok
21:14:37.0713 6096 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:14:37.0716 6096 mrxsmb20 - ok
21:14:37.0757 6096 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:14:37.0759 6096 msahci - ok
21:14:37.0861 6096 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:14:37.0864 6096 msdsm - ok
21:14:37.0908 6096 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:14:37.0910 6096 Msfs - ok
21:14:37.0945 6096 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:14:37.0946 6096 mshidkmdf - ok
21:14:37.0990 6096 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:14:37.0992 6096 msisadrv - ok
21:14:38.0123 6096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:14:38.0124 6096 MSKSSRV - ok
21:14:38.0197 6096 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:14:38.0198 6096 MSPCLOCK - ok
21:14:38.0241 6096 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:14:38.0243 6096 MSPQM - ok
21:14:38.0347 6096 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:14:38.0351 6096 MsRPC - ok
21:14:38.0402 6096 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:14:38.0404 6096 mssmbios - ok
21:14:38.0446 6096 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:14:38.0448 6096 MSTEE - ok
21:14:38.0545 6096 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:14:38.0547 6096 MTConfig - ok
21:14:38.0593 6096 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:14:38.0596 6096 Mup - ok
21:14:38.0630 6096 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:14:38.0638 6096 NativeWifiP - ok
21:14:38.0752 6096 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:14:38.0766 6096 NDIS - ok
21:14:38.0868 6096 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:14:38.0870 6096 NdisCap - ok
21:14:38.0899 6096 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:14:38.0902 6096 NdisTapi - ok
21:14:38.0943 6096 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:14:38.0945 6096 Ndisuio - ok
21:14:38.0985 6096 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:14:38.0989 6096 NdisWan - ok
21:14:39.0088 6096 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:14:39.0090 6096 NDProxy - ok
21:14:39.0148 6096 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:14:39.0150 6096 NetBIOS - ok
21:14:39.0270 6096 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:14:39.0275 6096 NetBT - ok
21:14:39.0350 6096 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:14:39.0353 6096 nfrd960 - ok
21:14:39.0457 6096 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:14:39.0459 6096 NisDrv - ok
21:14:39.0532 6096 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:14:39.0534 6096 Npfs - ok
21:14:39.0624 6096 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:14:39.0626 6096 nsiproxy - ok
21:14:39.0738 6096 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:14:39.0762 6096 Ntfs - ok
21:14:39.0850 6096 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:14:39.0852 6096 Null - ok
21:14:39.0889 6096 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:14:39.0892 6096 nvraid - ok
21:14:39.0932 6096 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:14:39.0937 6096 nvstor - ok
21:14:39.0987 6096 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:14:39.0992 6096 nv_agp - ok
21:14:40.0122 6096 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:14:40.0127 6096 OEM02Dev - ok
21:14:40.0202 6096 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:14:40.0202 6096 OEM02Vfx - ok
21:14:40.0247 6096 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:14:40.0247 6096 ohci1394 - ok
21:14:40.0362 6096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:14:40.0367 6096 Parport - ok
21:14:40.0407 6096 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:14:40.0412 6096 partmgr - ok
21:14:40.0437 6096 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:14:40.0437 6096 Parvdm - ok
21:14:40.0542 6096 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:14:40.0547 6096 pci - ok
21:14:40.0582 6096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:14:40.0582 6096 pciide - ok
21:14:40.0622 6096 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:14:40.0627 6096 pcmcia - ok
21:14:40.0727 6096 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:14:40.0727 6096 pcw - ok
21:14:40.0787 6096 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:14:40.0802 6096 PEAUTH - ok
21:14:40.0997 6096 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:14:41.0002 6096 PptpMiniport - ok
21:14:41.0037 6096 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:14:41.0042 6096 Processor - ok
21:14:41.0082 6096 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:14:41.0087 6096 Psched - ok
21:14:41.0157 6096 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:14:41.0187 6096 ql2300 - ok
21:14:41.0287 6096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:14:41.0292 6096 ql40xx - ok
21:14:41.0327 6096 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:14:41.0332 6096 QWAVEdrv - ok
21:14:41.0357 6096 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:14:41.0362 6096 RasAcd - ok
21:14:41.0402 6096 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:14:41.0402 6096 RasAgileVpn - ok
21:14:41.0492 6096 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:14:41.0497 6096 Rasl2tp - ok
21:14:41.0547 6096 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:14:41.0547 6096 RasPppoe - ok
21:14:41.0577 6096 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:14:41.0582 6096 RasSstp - ok
21:14:41.0632 6096 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:14:41.0637 6096 rdbss - ok
21:14:41.0742 6096 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:14:41.0742 6096 rdpbus - ok
21:14:41.0797 6096 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:14:41.0802 6096 RDPCDD - ok
21:14:41.0867 6096 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:14:41.0872 6096 RDPDR - ok
21:14:41.0942 6096 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:14:41.0942 6096 RDPENCDD - ok
21:14:42.0042 6096 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:14:42.0047 6096 RDPREFMP - ok
21:14:42.0107 6096 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:14:42.0112 6096 RDPWD - ok
21:14:42.0207 6096 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:14:42.0212 6096 rdyboost - ok
21:14:42.0307 6096 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:14:42.0307 6096 rismxdp - ok
21:14:42.0402 6096 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:14:42.0407 6096 rspndr - ok
21:14:42.0467 6096 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:14:42.0472 6096 s3cap - ok
21:14:42.0497 6096 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:14:42.0502 6096 sbp2port - ok
21:14:42.0592 6096 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:14:42.0597 6096 scfilter - ok
21:14:42.0672 6096 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:14:42.0672 6096 sdbus - ok
21:14:42.0717 6096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:14:42.0722 6096 secdrv - ok
21:14:42.0832 6096 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:14:42.0832 6096 Serenum - ok
21:14:42.0887 6096 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:14:42.0892 6096 Serial - ok
21:14:42.0927 6096 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:14:42.0927 6096 sermouse - ok
21:14:42.0977 6096 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:14:42.0977 6096 sffdisk - ok
21:14:43.0042 6096 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:14:43.0047 6096 sffp_mmc - ok
21:14:43.0087 6096 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:14:43.0092 6096 sffp_sd - ok
21:14:43.0132 6096 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:14:43.0132 6096 sfloppy - ok
21:14:43.0242 6096 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:14:43.0247 6096 sisagp - ok
21:14:43.0302 6096 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:14:43.0302 6096 SiSRaid2 - ok
21:14:43.0332 6096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:14:43.0332 6096 SiSRaid4 - ok
21:14:43.0402 6096 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:14:43.0407 6096 Smb - ok
21:14:43.0467 6096 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:14:43.0472 6096 spldr - ok
21:14:43.0532 6096 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:14:43.0537 6096 srv - ok
21:14:43.0607 6096 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:14:43.0617 6096 srv2 - ok
21:14:43.0687 6096 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:14:43.0697 6096 SrvHsfHDA - ok
21:14:43.0812 6096 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:14:43.0837 6096 SrvHsfV92 - ok
21:14:43.0967 6096 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:14:43.0977 6096 SrvHsfWinac - ok
21:14:44.0077 6096 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:14:44.0077 6096 srvnet - ok
21:14:44.0127 6096 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:14:44.0132 6096 stexstor - ok
21:14:44.0187 6096 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:14:44.0192 6096 storflt - ok
21:14:44.0622 6096 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:14:44.0627 6096 storvsc - ok
21:14:44.0807 6096 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:14:44.0812 6096 swenum - ok
21:14:45.0017 6096 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:14:45.0042 6096 Tcpip - ok
21:14:45.0187 6096 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:14:45.0202 6096 TCPIP6 - ok
21:14:45.0317 6096 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:14:45.0317 6096 tcpipreg - ok
21:14:45.0357 6096 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:14:45.0362 6096 TDPIPE - ok
21:14:45.0397 6096 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:14:45.0402 6096 TDTCP - ok
21:14:45.0502 6096 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:14:45.0502 6096 tdx - ok
21:14:45.0557 6096 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:14:45.0557 6096 TermDD - ok
21:14:45.0617 6096 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:14:45.0617 6096 tssecsrv - ok
21:14:45.0767 6096 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:14:45.0770 6096 TsUsbFlt - ok
21:14:45.0820 6096 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:14:45.0825 6096 tunnel - ok
21:14:45.0870 6096 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:14:45.0872 6096 uagp35 - ok
21:14:45.0985 6096 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:14:45.0990 6096 udfs - ok
21:14:46.0040 6096 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:14:46.0042 6096 uliagpkx - ok
21:14:46.0075 6096 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:14:46.0077 6096 umbus - ok
21:14:46.0172 6096 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:14:46.0177 6096 UmPass - ok
21:14:46.0227 6096 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:14:46.0232 6096 usbccgp - ok
21:14:46.0267 6096 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:14:46.0270 6096 usbcir - ok
21:14:46.0367 6096 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:14:46.0367 6096 usbehci - ok
21:14:46.0405 6096 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:14:46.0412 6096 usbhub - ok
21:14:46.0455 6096 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:14:46.0455 6096 usbohci - ok
21:14:46.0560 6096 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:14:46.0562 6096 usbprint - ok
21:14:46.0610 6096 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:14:46.0610 6096 usbscan - ok
21:14:46.0655 6096 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:14:46.0657 6096 USBSTOR - ok
21:14:46.0755 6096 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:14:46.0757 6096 usbuhci - ok
21:14:46.0812 6096 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:14:46.0815 6096 usbvideo - ok
21:14:46.0857 6096 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:14:46.0860 6096 vdrvroot - ok
21:14:46.0972 6096 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:14:46.0975 6096 vga - ok
21:14:47.0000 6096 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:14:47.0002 6096 VgaSave - ok
21:14:47.0047 6096 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:14:47.0050 6096 vhdmp - ok
21:14:47.0152 6096 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:14:47.0157 6096 viaagp - ok
21:14:47.0195 6096 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:14:47.0197 6096 ViaC7 - ok
21:14:47.0232 6096 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:14:47.0235 6096 viaide - ok
21:14:47.0345 6096 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:14:47.0350 6096 vmbus - ok
21:14:47.0375 6096 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:14:47.0377 6096 VMBusHID - ok
21:14:47.0400 6096 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:14:47.0405 6096 volmgr - ok
21:14:47.0515 6096 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:14:47.0522 6096 volmgrx - ok
21:14:47.0565 6096 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:14:47.0570 6096 volsnap - ok
21:14:47.0607 6096 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:14:47.0612 6096 vsmraid - ok
21:14:47.0725 6096 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:14:47.0725 6096 vwifibus - ok
21:14:47.0787 6096 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:14:47.0790 6096 vwififlt - ok
21:14:47.0830 6096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:14:47.0832 6096 WacomPen - ok
21:14:47.0940 6096 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:14:47.0942 6096 WANARP - ok
21:14:47.0950 6096 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:14:47.0952 6096 Wanarpv6 - ok
21:14:48.0012 6096 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:14:48.0012 6096 Wd - ok
21:14:48.0057 6096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:14:48.0070 6096 Wdf01000 - ok
21:14:48.0205 6096 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:14:48.0205 6096 WfpLwf - ok
21:14:48.0237 6096 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:14:48.0240 6096 WIMMount - ok
21:14:48.0313 6096 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:14:48.0313 6096 WmiAcpi - ok
21:14:48.0449 6096 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:14:48.0450 6096 ws2ifsl - ok
21:14:48.0512 6096 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:14:48.0515 6096 WudfPf - ok
21:14:48.0544 6096 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:14:48.0548 6096 WUDFRd - ok
21:14:48.0590 6096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:14:48.0612 6096 \Device\Harddisk0\DR0 - ok
21:14:48.0631 6096 Boot (0x1200) (baabf9c76e173894177f739e45efe60a) \Device\Harddisk0\DR0\Partition0
21:14:48.0632 6096 \Device\Harddisk0\DR0\Partition0 - ok
21:14:48.0639 6096 Boot (0x1200) (27e531bcadece436b08172e6a0535db5) \Device\Harddisk0\DR0\Partition1
21:14:48.0641 6096 \Device\Harddisk0\DR0\Partition1 - ok
21:14:48.0644 6096 ============================================================
21:14:48.0644 6096 Scan finished
21:14:48.0644 6096 ============================================================
21:14:48.0670 4820 Detected object count: 0
21:14:48.0670 4820 Actual detected object count: 0
21:14:53.0916 3344 Deinitialize success
 
L

larryq22

New Member
Also, here's the original logfile after running rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/05/2011 at 16:59:16.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Users\larryq22\AppData\Local\uqs.exe


Rkill completed on 12/05/2011 at 16:59:19.
 
L

larryq22

New Member
It's running lots better but is slower to respond than before - applications take long to load & run, delays after clicking mouse, etc. Maybe it will take a while for the computer to recover. Thanks for your help!
 
johnb35

johnb35

Administrator
Staff member
If thats the case then do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

Then download and run ccleaner.

http://download.cnet.com/ccleaner/

Click on the green download now button, nowhere else. Download, install and open program. Click on run cleaner, this will take a few minutes if never ran before. Post the combofix log and and after running ccleaner reboot the machine and let me know how its working then.
 
L

larryq22

New Member
ComboFix log:

ComboFix 11-12-06.01 - larryq22 12/06/2011 20:28:42.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1368 [GMT -5:00]
Running from: c:\users\larryq22\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\738867C2-671B-72DF-ACE2-5ABB4335AF43.avi
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\larryq22\AppData\Local\.#
c:\users\larryq22\AppData\Local\.#\MBX@B58@234B18.###
c:\users\larryq22\AppData\Local\.#\MBX@B58@234B28.###
c:\users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\69xp2v7u.default\searchplugins\bing-zugo.xml
c:\windows\$NtUninstallKB62470$
c:\windows\$NtUninstallKB62470$\3289657362\@
c:\windows\$NtUninstallKB62470$\3289657362\bckfg.tmp
c:\windows\$NtUninstallKB62470$\3289657362\cfg.ini
c:\windows\$NtUninstallKB62470$\3289657362\Desktop.ini
c:\windows\$NtUninstallKB62470$\3289657362\keywords
c:\windows\$NtUninstallKB62470$\3289657362\kwrd.dll
c:\windows\$NtUninstallKB62470$\3289657362\L\xadqgnnk
c:\windows\$NtUninstallKB62470$\3289657362\lsflt7.ver
c:\windows\$NtUninstallKB62470$\3289657362\U\00000001.@
c:\windows\$NtUninstallKB62470$\3289657362\U\00000002.@
c:\windows\$NtUninstallKB62470$\3289657362\U\00000004.@
c:\windows\$NtUninstallKB62470$\3289657362\U\80000000.@
c:\windows\$NtUninstallKB62470$\3289657362\U\80000004.@
c:\windows\$NtUninstallKB62470$\3289657362\U\80000032.@
c:\windows\$NtUninstallKB62470$\713310579
c:\windows\System32\config\systemprofile\AppData\Local\App\xgbj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 01:36 . 2011-12-07 01:37 -------- d-----w- c:\users\larryq22\AppData\Local\temp
2011-12-07 01:36 . 2011-12-07 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-07 01:05 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-06 23:19 . 2011-12-06 23:19 -------- d-----w- c:\users\larryq22\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 23:18 . 2011-12-06 23:18 -------- d-----w- c:\programdata\!SASCORE
2011-12-06 23:18 . 2011-12-06 23:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-06 14:17 . 2011-12-06 14:17 130560 --sha-w- c:\windows\system32\738867C2-671B-72DF-ACE2-5ABB4335AF43.avi
2011-12-06 09:33 . 2011-12-06 09:33 -------- d-----w- c:\programdata\IObit
2011-12-06 08:09 . 2011-12-06 08:09 -------- d-----w- C:\downloads
2011-12-06 07:41 . 2011-12-06 08:09 -------- d-----w- c:\program files\Orbitdownloader
2011-12-05 23:12 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 23:12 . 2011-12-05 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-05 22:08 . 2011-12-05 22:08 388096 ----a-r- c:\users\larryq22\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 16:29 . 2011-11-27 16:29 -------- d-----w- c:\users\larryq22\AppData\Roaming\Azureus
2011-11-20 16:43 . 2011-11-24 13:02 -------- d-----w- c:\users\larryq22\AppData\Roaming\Epolf
2011-11-20 16:43 . 2011-11-24 03:03 -------- d-----w- c:\users\larryq22\AppData\Roaming\Ynumtu
2011-11-18 11:57 . 2011-11-18 11:58 -------- d-----w- c:\users\larryq22\AppData\Roaming\vlc
2011-11-12 20:47 . 2011-11-12 20:47 -------- d-----w- c:\users\larryq22\AppData\Roaming\deskPDF
2011-11-12 20:45 . 2010-03-30 16:09 26112 ----a-w- c:\windows\system32\ddmon7-32.dll
2011-11-12 20:44 . 2011-12-06 03:04 -------- d-----w- c:\program files\Docudesk
2011-11-09 19:37 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 19:37 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 19:37 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 23:15 . 2011-06-16 15:19 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-05 23:27 . 2010-12-10 23:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-30 01:50 . 2011-10-30 01:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-30 01:50 . 2010-04-17 13:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-30 01:49 . 2010-06-02 23:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-30 01:49 . 2010-04-17 13:42 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-22 18:43 . 2011-09-22 18:43 3578880 ----a-w- c:\windows\system32\ffdshow.ax
2011-09-22 17:08 . 2011-09-22 17:08 3902976 ----a-w- c:\windows\system32\ffmpeg.dll
2011-11-27 22:24 . 2011-03-24 02:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\users\larryq22\Desktop\Desktop AV files\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\users\larryq22\Desktop\Desktop AV files\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
2010-12-15 21:21 514048 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 23:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 23:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 21:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 23:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 15:36 878080 ----a-w- c:\windows\System32\PrintDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]
2009-05-28 21:02 90624 ----a-w- c:\program files\BatteryBar\ShowBatteryBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-06 23:19 4617600 ----a-w- c:\users\larryq22\Desktop\Desktop AV files\SUPERANTISPYWARE.EXE
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 MpKsl64105e4b;MpKsl64105e4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAFE64FB-837D-4343-9868-D4237CCA9671}\MpKsl64105e4b.sys [x]
R1 MpKsl6d9a2388;MpKsl6d9a2388;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{143A9A41-AEA8-428C-8D21-6286C9CA78EC}\MpKsl6d9a2388.sys [x]
R1 MpKsldd3319ef;MpKsldd3319ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46FECDE2-34CE-4C79-91FD-57F0A93EA3A3}\MpKsldd3319ef.sys [x]
R1 MpKslef90e09d;MpKslef90e09d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E10F4A0-66C3-447A-87BE-7877D3E74FE3}\MpKslef90e09d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-10-28 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S1 SASDIFSV;SASDIFSV;c:\users\larryq22\Desktop\Desktop AV files\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\users\larryq22\Desktop\Desktop AV files\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\users\larryq22\Desktop\Desktop AV files\SASCORE.EXE [2011-12-06 116608]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-31 20968]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\69xp2v7u.default\
FF - prefs.js: browser.startup.homepage - hxxp://weather.yahoo.com/united-states/kentucky/lexington-12775317/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-10955809.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-12-06 20:43:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-07 01:43
.
Pre-Run: 62,104,403,968 bytes free
Post-Run: 61,920,608,256 bytes free
.
- - End Of File - - 4727FAE57390639124FF2CD78640693D
=======================

HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:16 PM, on 12/6/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Users\larryq22\Desktop\Desktop AV files\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Users\larryq22\Desktop\Desktop AV files\SASCORE.EXE
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

--
End of file - 5433 bytes
==================

How Computer Is Running:

Too soon to tell ... I just now finished these scans, and need to reinstall my antivirus now. Hopefully things will be better. I'll let you know if the computer is still slow or odd.

Thanks,
Larry
 
You must log in or register to reply here.
Top