Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Please Help


  • This topic is locked This topic is locked
12 replies to this topic

#1 SuzyQ9217

SuzyQ9217

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 11 March 2012 - 05:25 AM

Hi, hopefully someone on this forum will be able to help me with this problem. Recently my computer has been running very slowly not only when using the internet but in general as well. A few weeks ago AVG picked up a trojan (sorry, can't remember what it was called). AVG apparently got rid of it and scans are no longer picking anything up but there's something not right with it still. The CPU varies from 1 to 85+ but I can't see what is eating it up. I have done a hijackthis log and would really appreciate it if someone could have a look at it for me. Hopefully we can get this sorted, I don't want to have to format the hard drive unless it's really necessary. Thanks in advance for your help.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:36:40, on 11/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\Explorer.EXE
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 6869 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 13 March 2012 - 12:56 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


From the discription you have given us it sounds like this may or may not be a malware problem, I will check very hard to make sure it is not malware and if none is found you may ned to go to another part of the forum to find the answers to the problems you are having.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SuzyQ9217

SuzyQ9217
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 13 March 2012 - 05:20 PM

Hi Gringo, thanks for getting back to me so quickly. Hopefully with your expertise I can get this problem sorted out. Below are the logs you requested. I've not had any problems with anything you've asked me to do so far.

Thanks

Sue

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Qzee at 21:57:04 on 2012-03-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.833 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [<NO NAME>]
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2619F9E-5CC8-4E46-ADA2-F363BC3C5E0F} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2619F9E-5CC8-4E46-ADA2-F363BC3C5E0F}\35570516 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2619F9E-5CC8-4E46-ADA2-F363BC3C5E0F}\3557A797723702E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2619F9E-5CC8-4E46-ADA2-F363BC3C5E0F}\35B4951363635323 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-1-18 609984]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-11-14 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-11-16 296808]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040]
R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-1-23 50128]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-1-18 447208]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-4-25 32256]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-25 52224]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-25 1343400]
.
=============== Created Last 30 ================
.
2012-03-11 09:05:18 388096 ----a-r- c:\users\qzee\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-11 09:05:17 -------- d-----w- c:\program files\Trend Micro
2012-03-09 23:20:37 240928 ----a-w- c:\programdata\1331334865.bdinstall.bin
2012-03-09 23:19:53 -------- d-----w- c:\programdata\BDLogging
2012-03-09 23:18:46 -------- d-----w- c:\users\qzee\appdata\roaming\Bitdefender
2012-03-09 23:18:32 -------- d-----w- c:\programdata\Bitdefender
2012-03-09 23:15:31 -------- d-----w- c:\program files\Bitdefender
2012-03-09 23:15:04 -------- d-----w- c:\users\qzee\appdata\roaming\QuickScan
2012-03-09 23:14:38 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-03-09 23:14:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-03-09 23:10:23 -------- d-----w- c:\program files\common files\Bitdefender
2012-03-09 22:22:15 -------- d-----w- c:\program files\iPod
2012-03-09 22:22:05 -------- d-----w- c:\program files\iTunes
2012-02-17 02:02:25 -------- d-----w- c:\users\qzee\appdata\local\C4DD659C-567E-4AC2-B96C-4DBFF1A7C957.aplzod
2012-02-16 20:48:55 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 20:48:50 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 20:48:47 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 20:48:45 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-03-09 23:21:44 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-03-09 23:21:36 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
.
============= FINISH: 21:58:42.75 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 13 March 2012 - 05:27 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SuzyQ9217

SuzyQ9217
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 March 2012 - 03:19 PM



Hi, here's the log that combofix log that you requested. My computer is still very slow, keeps timing out and tabs failing to open in I.E.

Cheers


ComboFix 12-03-14.01 - Qzee 14/03/2012 19:30:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.1019 [GMT 0:00]
Running from: c:\users\Qzee\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Qzee\Documents\~WRL2337.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 19:40 . 2012-03-14 19:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-14 19:40 . 2012-03-14 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 21:56 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:56 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:56 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:56 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:56 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 09:05 . 2012-03-11 09:05 388096 ----a-r- c:\users\Qzee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-11 09:05 . 2012-03-11 09:05 -------- d-----w- c:\program files\Trend Micro
2012-03-09 23:20 . 2012-03-09 23:20 240928 ----a-w- c:\programdata\1331334865.bdinstall.bin
2012-03-09 23:19 . 2012-03-09 23:19 -------- d-----w- c:\programdata\BDLogging
2012-03-09 23:18 . 2012-03-09 23:18 -------- d-----w- c:\users\Qzee\AppData\Roaming\Bitdefender
2012-03-09 23:18 . 2012-03-09 23:19 -------- d-----w- c:\programdata\Bitdefender
2012-03-09 23:15 . 2012-03-09 23:15 -------- d-----w- c:\program files\Bitdefender
2012-03-09 23:15 . 2012-03-09 23:15 -------- d-----w- c:\users\Qzee\AppData\Roaming\QuickScan
2012-03-09 23:14 . 2011-08-16 13:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-03-09 23:14 . 2011-10-27 14:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-03-09 23:10 . 2012-03-09 23:14 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-03-09 22:22 . 2012-03-09 22:22 -------- d-----w- c:\program files\iPod
2012-03-09 22:22 . 2012-03-09 22:23 -------- d-----w- c:\program files\iTunes
2012-02-17 02:02 . 2012-03-14 19:10 -------- d-----w- c:\users\Qzee\AppData\Local\C4DD659C-567E-4AC2-B96C-4DBFF1A7C957.aplzod
2012-02-16 20:48 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 20:48 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 20:48 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 20:48 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 23:21 . 2012-01-18 17:15 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-03-09 23:21 . 2012-01-18 17:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-09 1183080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-11 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
backup=c:\windows\pss\Scrybe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Qzee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Qzee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 12:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-29 22:46 136176 ----atw- c:\users\Qzee\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 18:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 18:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-08-22 10:01 593920 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-02-23 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 18:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 19:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 12:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-10 07:59 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-03-09 447208]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-25 1343400]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-09 609984]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-11 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-11 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-29 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-11-16 296808]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-01-23 50128]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2010-10-25 32256]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930124708-1276224598-3187544585-1000Core.job
- c:\users\Qzee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 22:46]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930124708-1276224598-3187544585-1000UA.job
- c:\users\Qzee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-81667768.go.sky.com - c:\program files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-14 19:42:25
ComboFix-quarantined-files.txt 2012-03-14 19:42
.
Pre-Run: 39,024,205,824 bytes free
Post-Run: 38,924,668,928 bytes free
.
- - End Of File - - 7CB4CC7E472E40CBB19608E48A2E09EB

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 14 March 2012 - 04:31 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SuzyQ9217

SuzyQ9217
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 15 March 2012 - 04:05 AM

Hi Gringo, I managed to run TDSS as requested and the log is pasted below but unfortunately aswMBR would not run. It downloaded ok but even after giving it administrator rights to run, nothing happened.

From the scans I've done so far have you seen anything that shouldn't be there?


Cheers

Sue




00:18:49.0624 0852 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
00:18:51.0648 0852 ============================================================
00:18:51.0648 0852 Current date / time: 2012/03/15 00:18:51.0648
00:18:51.0648 0852 SystemInfo:
00:18:51.0648 0852
00:18:51.0648 0852 OS Version: 6.1.7601 ServicePack: 1.0
00:18:51.0648 0852 Product type: Workstation
00:18:51.0649 0852 ComputerName: QZEE-LAPTOP
00:18:51.0649 0852 UserName: Qzee
00:18:51.0649 0852 Windows directory: C:\Windows
00:18:51.0649 0852 System windows directory: C:\Windows
00:18:51.0650 0852 Processor architecture: Intel x86
00:18:51.0650 0852 Number of processors: 2
00:18:51.0650 0852 Page size: 0x1000
00:18:51.0650 0852 Boot type: Normal boot
00:18:51.0650 0852 ============================================================
00:18:54.0182 0852 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:18:54.0185 0852 \Device\Harddisk0\DR0:
00:18:54.0185 0852 MBR used
00:18:54.0185 0852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x176D000, BlocksNum 0x898C000
00:18:54.0185 0852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA0F9000, BlocksNum 0x8920000
00:18:54.0276 0852 Initialize success
00:18:54.0276 0852 ============================================================
00:19:08.0113 4408 ============================================================
00:19:08.0113 4408 Scan started
00:19:08.0114 4408 Mode: Manual;
00:19:08.0114 4408 ============================================================
00:19:09.0360 4408 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:19:09.0366 4408 1394ohci - ok
00:19:09.0401 4408 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:19:09.0407 4408 ACPI - ok
00:19:09.0465 4408 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:19:09.0483 4408 AcpiPmi - ok
00:19:09.0551 4408 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:19:09.0558 4408 adp94xx - ok
00:19:09.0589 4408 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:19:09.0595 4408 adpahci - ok
00:19:09.0627 4408 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:19:09.0631 4408 adpu320 - ok
00:19:09.0697 4408 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:19:09.0703 4408 AFD - ok
00:19:09.0734 4408 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:19:09.0737 4408 agp440 - ok
00:19:09.0780 4408 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:19:09.0783 4408 aic78xx - ok
00:19:09.0836 4408 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:19:09.0838 4408 aliide - ok
00:19:09.0857 4408 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:19:09.0859 4408 amdagp - ok
00:19:09.0879 4408 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:19:09.0882 4408 amdide - ok
00:19:09.0914 4408 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:19:09.0917 4408 AmdK8 - ok
00:19:09.0944 4408 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:19:09.0947 4408 AmdPPM - ok
00:19:10.0004 4408 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:19:10.0017 4408 amdsata - ok
00:19:10.0057 4408 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:19:10.0060 4408 amdsbs - ok
00:19:10.0089 4408 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:19:10.0090 4408 amdxata - ok
00:19:10.0137 4408 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:19:10.0139 4408 AppID - ok
00:19:10.0216 4408 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:19:10.0219 4408 arc - ok
00:19:10.0240 4408 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:19:10.0243 4408 arcsas - ok
00:19:10.0303 4408 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:19:10.0305 4408 AsyncMac - ok
00:19:10.0327 4408 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:19:10.0328 4408 atapi - ok
00:19:10.0388 4408 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
00:19:10.0451 4408 athr - ok
00:19:10.0527 4408 avc3 (b5b4c69ff4ff09f48bc7e5630cc63f0c) C:\Windows\system32\DRIVERS\avc3.sys
00:19:10.0531 4408 avc3 - ok
00:19:10.0581 4408 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\Windows\system32\DRIVERS\avchv.sys
00:19:10.0583 4408 avchv - ok
00:19:10.0609 4408 avckf (2bce314a25e71298add6794bfbd66266) C:\Windows\system32\DRIVERS\avckf.sys
00:19:10.0613 4408 avckf - ok
00:19:10.0668 4408 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:19:10.0675 4408 b06bdrv - ok
00:19:10.0739 4408 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:19:10.0747 4408 b57nd60x - ok
00:19:10.0863 4408 BdfNdisf (fa33f2db2f6f8afbedc917632a10d515) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
00:19:10.0866 4408 BdfNdisf - ok
00:19:10.0944 4408 bdfsfltr (5ef7ac38b4a7dc80860d7ffafac78c36) C:\Windows\system32\DRIVERS\bdfsfltr.sys
00:19:10.0952 4408 bdfsfltr - ok
00:19:10.0989 4408 bdfwfpf (2f66c9df34134419928bac00e21e2679) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
00:19:10.0992 4408 bdfwfpf - ok
00:19:11.0055 4408 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\Windows\system32\drivers\bdsandbox.sys
00:19:11.0058 4408 bdsandbox - ok
00:19:11.0166 4408 bdselfpr (03502623298901f519286dd152919908) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
00:19:11.0170 4408 bdselfpr - ok
00:19:11.0214 4408 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\Windows\system32\DRIVERS\bdvedisk.sys
00:19:11.0218 4408 BDVEDISK - ok
00:19:11.0269 4408 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:19:11.0273 4408 Beep - ok
00:19:11.0318 4408 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:19:11.0321 4408 blbdrive - ok
00:19:11.0372 4408 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:19:11.0374 4408 bowser - ok
00:19:11.0393 4408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:19:11.0395 4408 BrFiltLo - ok
00:19:11.0422 4408 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:19:11.0424 4408 BrFiltUp - ok
00:19:11.0472 4408 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:19:11.0475 4408 BridgeMP - ok
00:19:11.0507 4408 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:19:11.0513 4408 Brserid - ok
00:19:11.0542 4408 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:19:11.0545 4408 BrSerWdm - ok
00:19:11.0561 4408 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:19:11.0563 4408 BrUsbMdm - ok
00:19:11.0585 4408 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:19:11.0587 4408 BrUsbSer - ok
00:19:11.0605 4408 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:19:11.0609 4408 BTHMODEM - ok
00:19:11.0643 4408 catchme - ok
00:19:11.0698 4408 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:19:11.0701 4408 cdfs - ok
00:19:11.0758 4408 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:19:11.0763 4408 cdrom - ok
00:19:11.0822 4408 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:19:11.0826 4408 circlass - ok
00:19:11.0875 4408 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:19:11.0883 4408 CLFS - ok
00:19:11.0917 4408 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:19:11.0919 4408 CmBatt - ok
00:19:11.0955 4408 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:19:11.0956 4408 cmdide - ok
00:19:12.0004 4408 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:19:12.0023 4408 CNG - ok
00:19:12.0062 4408 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:19:12.0066 4408 Compbatt - ok
00:19:12.0107 4408 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:19:12.0125 4408 CompositeBus - ok
00:19:12.0157 4408 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:19:12.0159 4408 crcdisk - ok
00:19:12.0228 4408 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:19:12.0292 4408 CSC - ok
00:19:12.0360 4408 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:19:12.0363 4408 DfsC - ok
00:19:12.0384 4408 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:19:12.0386 4408 discache - ok
00:19:12.0437 4408 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:19:12.0440 4408 Disk - ok
00:19:12.0503 4408 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
00:19:12.0509 4408 Dot4 - ok
00:19:12.0579 4408 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:19:12.0583 4408 Dot4Print - ok
00:19:12.0613 4408 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
00:19:12.0618 4408 dot4usb - ok
00:19:12.0711 4408 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:19:12.0715 4408 drmkaud - ok
00:19:12.0768 4408 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:19:12.0831 4408 DXGKrnl - ok
00:19:12.0964 4408 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:19:13.0059 4408 ebdrv - ok
00:19:13.0133 4408 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:19:13.0140 4408 elxstor - ok
00:19:13.0183 4408 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
00:19:13.0185 4408 enecir - ok
00:19:13.0225 4408 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:19:13.0233 4408 ErrDev - ok
00:19:13.0292 4408 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:19:13.0299 4408 exfat - ok
00:19:13.0324 4408 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:19:13.0346 4408 fastfat - ok
00:19:13.0377 4408 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:19:13.0379 4408 fdc - ok
00:19:13.0408 4408 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:19:13.0410 4408 FileInfo - ok
00:19:13.0430 4408 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:19:13.0432 4408 Filetrace - ok
00:19:13.0448 4408 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:19:13.0450 4408 flpydisk - ok
00:19:13.0479 4408 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:19:13.0483 4408 FltMgr - ok
00:19:13.0507 4408 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:19:13.0509 4408 FsDepends - ok
00:19:13.0532 4408 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:19:13.0534 4408 Fs_Rec - ok
00:19:13.0588 4408 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:19:13.0591 4408 fvevol - ok
00:19:13.0626 4408 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:19:13.0629 4408 gagp30kx - ok
00:19:13.0689 4408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:19:13.0693 4408 GEARAspiWDM - ok
00:19:13.0724 4408 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:19:13.0726 4408 hcw85cir - ok
00:19:13.0827 4408 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:19:13.0853 4408 HdAudAddService - ok
00:19:13.0891 4408 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:19:13.0894 4408 HDAudBus - ok
00:19:13.0933 4408 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:19:13.0935 4408 HidBatt - ok
00:19:13.0953 4408 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:19:13.0955 4408 HidBth - ok
00:19:13.0991 4408 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:19:13.0993 4408 HidIr - ok
00:19:14.0029 4408 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
00:19:14.0042 4408 HidUsb - ok
00:19:14.0113 4408 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:19:14.0116 4408 HpSAMD - ok
00:19:14.0169 4408 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
00:19:14.0171 4408 HTCAND32 - ok
00:19:14.0228 4408 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
00:19:14.0230 4408 htcnprot - ok
00:19:14.0309 4408 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:19:14.0333 4408 HTTP - ok
00:19:14.0370 4408 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:19:14.0376 4408 hwpolicy - ok
00:19:14.0453 4408 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
00:19:14.0483 4408 i8042prt - ok
00:19:14.0765 4408 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:19:14.0797 4408 iaStorV - ok
00:19:14.0953 4408 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:19:15.0079 4408 igfx - ok
00:19:15.0141 4408 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:19:15.0143 4408 iirsp - ok
00:19:15.0174 4408 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:19:15.0176 4408 intelide - ok
00:19:15.0206 4408 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:19:15.0208 4408 intelppm - ok
00:19:15.0235 4408 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:19:15.0238 4408 IpFilterDriver - ok
00:19:15.0276 4408 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:19:15.0279 4408 IPMIDRV - ok
00:19:15.0302 4408 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:19:15.0305 4408 IPNAT - ok
00:19:15.0352 4408 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:19:15.0354 4408 IRENUM - ok
00:19:15.0381 4408 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:19:15.0383 4408 isapnp - ok
00:19:15.0413 4408 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:19:15.0418 4408 iScsiPrt - ok
00:19:15.0445 4408 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:19:15.0448 4408 kbdclass - ok
00:19:15.0475 4408 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
00:19:15.0485 4408 kbdhid - ok
00:19:15.0517 4408 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:19:15.0519 4408 KSecDD - ok
00:19:15.0549 4408 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:19:15.0551 4408 KSecPkg - ok
00:19:15.0622 4408 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:19:15.0627 4408 lltdio - ok
00:19:15.0675 4408 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:19:15.0678 4408 LSI_FC - ok
00:19:15.0704 4408 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:19:15.0708 4408 LSI_SAS - ok
00:19:15.0729 4408 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:19:15.0732 4408 LSI_SAS2 - ok
00:19:15.0756 4408 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:19:15.0759 4408 LSI_SCSI - ok
00:19:15.0790 4408 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:19:15.0793 4408 luafv - ok
00:19:15.0819 4408 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:19:15.0821 4408 megasas - ok
00:19:15.0857 4408 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:19:15.0861 4408 MegaSR - ok
00:19:15.0898 4408 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:19:15.0899 4408 Modem - ok
00:19:15.0916 4408 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:19:15.0918 4408 monitor - ok
00:19:15.0951 4408 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
00:19:15.0953 4408 mouclass - ok
00:19:15.0978 4408 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:19:15.0980 4408 mouhid - ok
00:19:16.0015 4408 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:19:16.0018 4408 mountmgr - ok
00:19:16.0043 4408 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:19:16.0076 4408 mpio - ok
00:19:16.0099 4408 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:19:16.0101 4408 mpsdrv - ok
00:19:16.0141 4408 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:19:16.0144 4408 MRxDAV - ok
00:19:16.0189 4408 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:19:16.0192 4408 mrxsmb - ok
00:19:16.0228 4408 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:19:16.0232 4408 mrxsmb10 - ok
00:19:16.0256 4408 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:19:16.0258 4408 mrxsmb20 - ok
00:19:16.0304 4408 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:19:16.0306 4408 msahci - ok
00:19:16.0339 4408 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:19:16.0342 4408 msdsm - ok
00:19:16.0393 4408 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:19:16.0394 4408 Msfs - ok
00:19:16.0421 4408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:19:16.0422 4408 mshidkmdf - ok
00:19:16.0439 4408 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:19:16.0441 4408 msisadrv - ok
00:19:16.0484 4408 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:19:16.0486 4408 MSKSSRV - ok
00:19:16.0496 4408 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:19:16.0498 4408 MSPCLOCK - ok
00:19:16.0524 4408 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:19:16.0526 4408 MSPQM - ok
00:19:16.0555 4408 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:19:16.0558 4408 MsRPC - ok
00:19:16.0578 4408 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:19:16.0579 4408 mssmbios - ok
00:19:16.0590 4408 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:19:16.0592 4408 MSTEE - ok
00:19:16.0602 4408 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:19:16.0604 4408 MTConfig - ok
00:19:16.0621 4408 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:19:16.0623 4408 Mup - ok
00:19:16.0666 4408 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:19:16.0671 4408 NativeWifiP - ok
00:19:16.0747 4408 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:19:16.0782 4408 NDIS - ok
00:19:16.0811 4408 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:19:16.0813 4408 NdisCap - ok
00:19:16.0845 4408 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:19:16.0848 4408 NdisTapi - ok
00:19:16.0905 4408 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:19:16.0908 4408 Ndisuio - ok
00:19:16.0951 4408 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:19:16.0955 4408 NdisWan - ok
00:19:16.0998 4408 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:19:17.0010 4408 NDProxy - ok
00:19:17.0063 4408 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:19:17.0064 4408 NetBIOS - ok
00:19:17.0113 4408 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:19:17.0117 4408 NetBT - ok
00:19:17.0215 4408 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:19:17.0225 4408 nfrd960 - ok
00:19:17.0246 4408 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:19:17.0248 4408 Npfs - ok
00:19:17.0272 4408 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:19:17.0274 4408 nsiproxy - ok
00:19:17.0343 4408 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:19:17.0390 4408 Ntfs - ok
00:19:17.0411 4408 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:19:17.0414 4408 Null - ok
00:19:17.0446 4408 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:19:17.0462 4408 nvraid - ok
00:19:17.0516 4408 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:19:17.0543 4408 nvstor - ok
00:19:17.0589 4408 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:19:17.0595 4408 nv_agp - ok
00:19:17.0634 4408 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:19:17.0640 4408 ohci1394 - ok
00:19:17.0737 4408 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:19:17.0740 4408 Parport - ok
00:19:17.0779 4408 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:19:17.0782 4408 partmgr - ok
00:19:17.0807 4408 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:19:17.0810 4408 Parvdm - ok
00:19:17.0860 4408 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:19:17.0864 4408 pci - ok
00:19:17.0899 4408 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:19:17.0901 4408 pciide - ok
00:19:17.0923 4408 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:19:17.0928 4408 pcmcia - ok
00:19:17.0956 4408 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:19:17.0957 4408 pcw - ok
00:19:17.0991 4408 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:19:18.0007 4408 PEAUTH - ok
00:19:18.0075 4408 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:19:18.0078 4408 PptpMiniport - ok
00:19:18.0098 4408 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:19:18.0100 4408 Processor - ok
00:19:18.0162 4408 Ps2 (bffdb363485501a38f0bca83aec810db) C:\Windows\system32\DRIVERS\PS2.sys
00:19:18.0164 4408 Ps2 - ok
00:19:18.0219 4408 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:19:18.0223 4408 Psched - ok
00:19:18.0295 4408 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:19:18.0353 4408 ql2300 - ok
00:19:18.0382 4408 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:19:18.0385 4408 ql40xx - ok
00:19:18.0413 4408 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:19:18.0416 4408 QWAVEdrv - ok
00:19:18.0447 4408 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:19:18.0449 4408 RasAcd - ok
00:19:18.0497 4408 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:19:18.0499 4408 RasAgileVpn - ok
00:19:18.0515 4408 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:19:18.0518 4408 Rasl2tp - ok
00:19:18.0556 4408 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:19:18.0559 4408 RasPppoe - ok
00:19:18.0599 4408 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:19:18.0607 4408 RasSstp - ok
00:19:18.0650 4408 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:19:18.0654 4408 rdbss - ok
00:19:18.0678 4408 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:19:18.0680 4408 rdpbus - ok
00:19:18.0719 4408 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:19:18.0721 4408 RDPCDD - ok
00:19:18.0765 4408 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:19:18.0768 4408 RDPDR - ok
00:19:18.0807 4408 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:19:18.0809 4408 RDPENCDD - ok
00:19:18.0832 4408 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:19:18.0834 4408 RDPREFMP - ok
00:19:18.0866 4408 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
00:19:18.0888 4408 RDPWD - ok
00:19:18.0943 4408 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:19:18.0946 4408 rdyboost - ok
00:19:18.0987 4408 rimmptsk (243a8c2727c0f85769f697fea100566c) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:19:18.0989 4408 rimmptsk - ok
00:19:19.0003 4408 rimsptsk (a1cdcadf19ed45e213c225c15ea93e6b) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:19:19.0005 4408 rimsptsk - ok
00:19:19.0041 4408 rismxdp (c72a20c1b40c8c975fc86ca66c8a9882) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:19:19.0043 4408 rismxdp - ok
00:19:19.0125 4408 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:19:19.0131 4408 rspndr - ok
00:19:19.0168 4408 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:19:19.0177 4408 s3cap - ok
00:19:19.0273 4408 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:19:19.0276 4408 SASDIFSV - ok
00:19:19.0298 4408 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:19:19.0302 4408 SASKUTIL - ok
00:19:19.0352 4408 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:19:19.0381 4408 sbp2port - ok
00:19:19.0429 4408 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:19:19.0432 4408 scfilter - ok
00:19:19.0471 4408 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
00:19:19.0484 4408 sdbus - ok
00:19:19.0544 4408 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:19:19.0549 4408 secdrv - ok
00:19:19.0597 4408 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:19:19.0599 4408 Serenum - ok
00:19:19.0624 4408 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:19:19.0627 4408 Serial - ok
00:19:19.0662 4408 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:19:19.0665 4408 sermouse - ok
00:19:19.0816 4408 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
00:19:19.0837 4408 sffdisk - ok
00:19:19.0870 4408 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:19:19.0874 4408 sffp_mmc - ok
00:19:19.0902 4408 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:19:19.0904 4408 sffp_sd - ok
00:19:19.0928 4408 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:19:19.0930 4408 sfloppy - ok
00:19:19.0985 4408 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:19:19.0988 4408 sisagp - ok
00:19:20.0018 4408 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:19:20.0031 4408 SiSRaid2 - ok
00:19:20.0059 4408 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:19:20.0062 4408 SiSRaid4 - ok
00:19:20.0096 4408 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:19:20.0099 4408 Smb - ok
00:19:20.0147 4408 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:19:20.0149 4408 spldr - ok
00:19:20.0211 4408 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:19:20.0217 4408 srv - ok
00:19:20.0243 4408 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:19:20.0248 4408 srv2 - ok
00:19:20.0301 4408 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:19:20.0306 4408 SrvHsfHDA - ok
00:19:20.0393 4408 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:19:20.0440 4408 SrvHsfV92 - ok
00:19:20.0479 4408 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:19:20.0501 4408 SrvHsfWinac - ok
00:19:20.0522 4408 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:19:20.0526 4408 srvnet - ok
00:19:20.0576 4408 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:19:20.0578 4408 stexstor - ok
00:19:20.0617 4408 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
00:19:20.0620 4408 StillCam - ok
00:19:20.0673 4408 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:19:20.0675 4408 storflt - ok
00:19:20.0702 4408 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:19:20.0715 4408 storvsc - ok
00:19:20.0732 4408 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:19:20.0735 4408 swenum - ok
00:19:20.0805 4408 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\Windows\system32\DRIVERS\SynTP.sys
00:19:20.0851 4408 SynTP - ok
00:19:20.0938 4408 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:19:20.0974 4408 Tcpip - ok
00:19:21.0029 4408 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:19:21.0037 4408 TCPIP6 - ok
00:19:21.0083 4408 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:19:21.0086 4408 tcpipreg - ok
00:19:21.0125 4408 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:19:21.0127 4408 TDPIPE - ok
00:19:21.0158 4408 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:19:21.0167 4408 TDTCP - ok
00:19:21.0210 4408 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:19:21.0215 4408 tdx - ok
00:19:21.0252 4408 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:19:21.0257 4408 TermDD - ok
00:19:21.0373 4408 trufos (9016639c71328e4667d06119937aa20a) C:\Windows\system32\DRIVERS\trufos.sys
00:19:21.0376 4408 trufos - ok
00:19:21.0425 4408 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:19:21.0427 4408 tssecsrv - ok
00:19:21.0487 4408 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:19:21.0489 4408 TsUsbFlt - ok
00:19:21.0536 4408 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:19:21.0539 4408 tunnel - ok
00:19:21.0574 4408 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:19:21.0576 4408 uagp35 - ok
00:19:21.0619 4408 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:19:21.0635 4408 udfs - ok
00:19:21.0692 4408 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:19:21.0695 4408 uliagpkx - ok
00:19:21.0744 4408 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:19:21.0747 4408 umbus - ok
00:19:21.0787 4408 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:19:21.0795 4408 UmPass - ok
00:19:21.0870 4408 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:19:21.0872 4408 USBAAPL - ok
00:19:21.0907 4408 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:19:21.0910 4408 usbccgp - ok
00:19:21.0951 4408 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:19:21.0954 4408 usbcir - ok
00:19:21.0993 4408 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
00:19:21.0995 4408 usbehci - ok
00:19:22.0045 4408 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:19:22.0049 4408 usbhub - ok
00:19:22.0091 4408 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
00:19:22.0093 4408 usbohci - ok
00:19:22.0124 4408 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:19:22.0126 4408 usbprint - ok
00:19:22.0168 4408 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:19:22.0171 4408 usbscan - ok
00:19:22.0204 4408 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:19:22.0207 4408 USBSTOR - ok
00:19:22.0241 4408 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:19:22.0243 4408 usbuhci - ok
00:19:22.0305 4408 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:19:22.0310 4408 vdrvroot - ok
00:19:22.0364 4408 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:19:22.0367 4408 vga - ok
00:19:22.0417 4408 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:19:22.0419 4408 VgaSave - ok
00:19:22.0456 4408 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:19:22.0478 4408 vhdmp - ok
00:19:22.0513 4408 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:19:22.0516 4408 viaagp - ok
00:19:22.0550 4408 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:19:22.0553 4408 ViaC7 - ok
00:19:22.0573 4408 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:19:22.0576 4408 viaide - ok
00:19:22.0613 4408 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:19:22.0617 4408 vmbus - ok
00:19:22.0637 4408 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:19:22.0646 4408 VMBusHID - ok
00:19:22.0682 4408 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:19:22.0684 4408 volmgr - ok
00:19:22.0734 4408 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:19:22.0739 4408 volmgrx - ok
00:19:22.0777 4408 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:19:22.0782 4408 volsnap - ok
00:19:22.0827 4408 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:19:22.0831 4408 vsmraid - ok
00:19:22.0869 4408 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:19:22.0871 4408 vwifibus - ok
00:19:22.0902 4408 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:19:22.0905 4408 vwififlt - ok
00:19:22.0943 4408 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
00:19:22.0945 4408 vwifimp - ok
00:19:22.0975 4408 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:19:22.0977 4408 WacomPen - ok
00:19:23.0025 4408 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:19:23.0030 4408 WANARP - ok
00:19:23.0039 4408 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:19:23.0042 4408 Wanarpv6 - ok
00:19:23.0084 4408 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:19:23.0086 4408 Wd - ok
00:19:23.0124 4408 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:19:23.0131 4408 Wdf01000 - ok
00:19:23.0182 4408 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:19:23.0185 4408 WfpLwf - ok
00:19:23.0206 4408 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:19:23.0208 4408 WIMMount - ok
00:19:23.0264 4408 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
00:19:23.0266 4408 WinUSB - ok
00:19:23.0312 4408 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:19:23.0314 4408 WmiAcpi - ok
00:19:23.0354 4408 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:19:23.0356 4408 ws2ifsl - ok
00:19:23.0412 4408 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:19:23.0415 4408 WudfPf - ok
00:19:23.0452 4408 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:19:23.0455 4408 WUDFRd - ok
00:19:23.0524 4408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:19:23.0582 4408 \Device\Harddisk0\DR0 - ok
00:19:23.0589 4408 Boot (0x1200) (f752f5f51eae5326fe12817681fe0231) \Device\Harddisk0\DR0\Partition0
00:19:23.0591 4408 \Device\Harddisk0\DR0\Partition0 - ok
00:19:23.0619 4408 Boot (0x1200) (c4ee51b85d53132f3d53dffd1e9f6f62) \Device\Harddisk0\DR0\Partition1
00:19:23.0620 4408 \Device\Harddisk0\DR0\Partition1 - ok
00:19:23.0621 4408 ============================================================
00:19:23.0621 4408 Scan finished
00:19:23.0621 4408 ============================================================
00:19:23.0632 5064 Detected object count: 0
00:19:23.0632 5064 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 15 March 2012 - 07:23 AM

Hello

From the scans I've done so far have you seen anything that shouldn't be there?
From what I have seen so far no - how long have you had bitdefender? have you installed anything new recently?



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SuzyQ9217

SuzyQ9217
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 March 2012 - 05:46 PM

Hi Gringo, Sorry for late reply, just done 3 x 13 hour days so not been on PC much. I installed Bitdefender a couple of weeks ago. I did have AVG but it let a Trojan through so decided to try something different and Bitdefender had good reviews. What antivirus do you recommend, free and/or paid?
PC still timing out and CPU quite high although not all of the time. I've noticed the laptop is getting quite hot, could this be a cause of my problems? I haven't installed anything new recently. Here's the logs that you've requested.

Thanks


Sue


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Qzee :: QZEE-LAPTOP [administrator]

19/03/2012 22:31:58
mbam-log-2012-03-19 (22-31-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215527
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)










Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:29, on 19/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskmgr.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 7583 bytes

Hi Gringo, Sorry for late reply, just done 3 x 13 hour days so not been on PC much. I installed Bitdefender a couple of weeks ago. I did have AVG but it let a Trojan through so decided to try something different and Bitdefender had good reviews. What antivirus do you recommend, free and/or paid?
PC still timing out and CPU quite high although not all of the time. I've noticed the laptop is getting quite hot, could this be a cause of my problems? I haven't installed anything new recently. Here's the logs that you've requested.

Thanks


Sue


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Qzee :: QZEE-LAPTOP [administrator]

19/03/2012 22:31:58
mbam-log-2012-03-19 (22-31-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215527
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)










Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:29, on 19/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskmgr.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 7583 bytes

Hi Gringo, Sorry for late reply, just done 3 x 13 hour days so not been on PC much. I installed Bitdefender a couple of weeks ago. I did have AVG but it let a Trojan through so decided to try something different and Bitdefender had good reviews. What antivirus do you recommend, free and/or paid?
PC still timing out and CPU quite high although not all of the time. I've noticed the laptop is getting quite hot, could this be a cause of my problems? I haven't installed anything new recently. Here's the logs that you've requested.

Thanks


Sue


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Qzee :: QZEE-LAPTOP [administrator]

19/03/2012 22:31:58
mbam-log-2012-03-19 (22-31-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215527
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)










Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:29, on 19/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskmgr.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Qzee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 7583 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 19 March 2012 - 08:48 PM

Hello


Over heating can cause it - lets try something


put the laptop on a table

open the cd drive

blow a fan on the laptop and if possible have the air go inside the open cd tray

let me know if it still freezes while doing this


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 22 March 2012 - 03:26 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 24 March 2012 - 11:34 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 27 March 2012 - 11:52 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users