Think i may have a virus

[SuperDuperMe]

Hi all, Im looking for some help.

As of the last week my pc has started slowing up considerably, and seems to have memory constantly at 80% with not a lot going on.


Avast found a rootkit last week and said it had gotten rid of it after a boot scan but the freezing etc is still happening.

I have ran malwayre bytes but its saying there is any thing.


Im running it now again just to double check.


What other steps can i take to ensure i have not got a virus?


EDIT: Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
SuperDuperMe :: SUPERDUPERME-PC [administrator]

21/09/2012 09:52:55 AM
mbam-log-2012-09-21 (09-52-55).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 528799
Time elapsed: 2 hour(s), 6 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


was was my log

 

[johnb35]

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

Then perform a hijackthis scan.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces

 

[SuperDuperMe]

08:17:53.0722 1208 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:17:53.0832 1208 ============================================================
08:17:53.0832 1208 Current date / time: 2012/09/22 08:17:53.0832
08:17:53.0832 1208 SystemInfo:
08:17:53.0832 1208
08:17:53.0832 1208 OS Version: 6.0.6002 ServicePack: 2.0
08:17:53.0832 1208 Product type: Workstation
08:17:53.0833 1208 ComputerName: SUPERDUPERME-PC
08:17:53.0833 1208 UserName: SuperDuperMe
08:17:53.0833 1208 Windows directory: C:\Windows
08:17:53.0833 1208 System windows directory: C:\Windows
08:17:53.0833 1208 Running under WOW64
08:17:53.0833 1208 Processor architecture: Intel x64
08:17:53.0833 1208 Number of processors: 4
08:17:53.0833 1208 Page size: 0x1000
08:17:53.0833 1208 Boot type: Normal boot
08:17:53.0833 1208 ============================================================
08:17:55.0222 1208 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:17:55.0223 1208 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:17:55.0227 1208 ============================================================
08:17:55.0227 1208 \Device\Harddisk0\DR0:
08:17:55.0227 1208 MBR partitions:
08:17:55.0227 1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E9380B0
08:17:55.0227 1208 \Device\Harddisk1\DR1:
08:17:55.0227 1208 MBR partitions:
08:17:55.0228 1208 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
08:17:55.0228 1208 ============================================================
08:17:55.0253 1208 C: <-> \Device\Harddisk0\DR0\Partition1
08:17:55.0281 1208 D: <-> \Device\Harddisk1\DR1\Partition1
08:17:55.0281 1208 ============================================================
08:17:55.0281 1208 Initialize success
08:17:55.0281 1208 ============================================================
08:17:57.0095 3232 ============================================================
08:17:57.0095 3232 Scan started
08:17:57.0095 3232 Mode: Manual;
08:17:57.0095 3232 ============================================================
08:17:59.0302 3232 ================ Scan system memory ========================
08:17:59.0302 3232 System memory - ok
08:17:59.0302 3232 ================ Scan services =============================
08:18:00.0379 3232 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
08:18:00.0379 3232 acedrv11 - ok
08:18:00.0519 3232 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:18:00.0519 3232 ACPI - ok
08:18:00.0691 3232 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:18:00.0691 3232 AdobeARMservice - ok
08:18:00.0784 3232 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:18:00.0784 3232 adp94xx - ok
08:18:00.0815 3232 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:18:00.0815 3232 adpahci - ok
08:18:00.0862 3232 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:18:00.0862 3232 adpu160m - ok
08:18:00.0893 3232 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:18:00.0893 3232 adpu320 - ok
08:18:00.0940 3232 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:18:00.0940 3232 AeLookupSvc - ok
08:18:00.0971 3232 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
08:18:00.0971 3232 AFD - ok
08:18:01.0003 3232 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:18:01.0003 3232 agp440 - ok
08:18:01.0018 3232 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:18:01.0018 3232 aic78xx - ok
08:18:01.0049 3232 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
08:18:01.0049 3232 ALG - ok
08:18:01.0081 3232 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
08:18:01.0081 3232 aliide - ok
08:18:01.0143 3232 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:18:01.0143 3232 AMD External Events Utility - ok
08:18:01.0159 3232 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
08:18:01.0159 3232 amdide - ok
08:18:01.0190 3232 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:18:01.0190 3232 AmdK8 - ok
08:18:02.0422 3232 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:18:02.0469 3232 amdkmdag - ok
08:18:02.0516 3232 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:18:02.0516 3232 amdkmdap - ok
08:18:02.0563 3232 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys
08:18:02.0563 3232 AmdLLD64 - ok
08:18:02.0594 3232 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
08:18:02.0594 3232 Appinfo - ok
08:18:02.0672 3232 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:18:02.0672 3232 Apple Mobile Device - ok
08:18:02.0687 3232 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
08:18:02.0687 3232 arc - ok
08:18:02.0750 3232 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:18:02.0750 3232 arcsas - ok
08:18:03.0015 3232 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:18:03.0015 3232 aspnet_state - ok
08:18:03.0062 3232 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
08:18:03.0062 3232 aswFsBlk - ok
08:18:03.0093 3232 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:18:03.0093 3232 aswMonFlt - ok
08:18:03.0109 3232 [ 2CF56F9848BF7841FF420E9DD95029EE ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
08:18:03.0109 3232 aswRdr - ok
08:18:03.0265 3232 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:18:03.0265 3232 aswSnx - ok
08:18:03.0374 3232 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:18:03.0374 3232 aswSP - ok
08:18:03.0374 3232 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
08:18:03.0374 3232 aswTdi - ok
08:18:03.0405 3232 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:18:03.0405 3232 AsyncMac - ok
08:18:03.0436 3232 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
08:18:03.0436 3232 atapi - ok
08:18:03.0467 3232 [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
08:18:03.0467 3232 AtiHDAudioService - ok
08:18:03.0514 3232 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:18:03.0530 3232 AudioEndpointBuilder - ok
08:18:03.0530 3232 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:18:03.0545 3232 AudioSrv - ok
08:18:04.0123 3232 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:18:04.0123 3232 avast! Antivirus - ok
08:18:04.0185 3232 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
08:18:04.0185 3232 BFE - ok
08:18:04.0247 3232 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
08:18:04.0247 3232 BITS - ok
08:18:04.0247 3232 blbdrive - ok
08:18:04.0294 3232 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:18:04.0310 3232 Bonjour Service - ok
08:18:04.0325 3232 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:18:04.0325 3232 bowser - ok
08:18:04.0388 3232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:18:04.0388 3232 BrFiltLo - ok
08:18:04.0403 3232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:18:04.0403 3232 BrFiltUp - ok
08:18:04.0435 3232 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
08:18:04.0435 3232 Browser - ok
08:18:04.0466 3232 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
08:18:04.0466 3232 Brserid - ok
08:18:04.0481 3232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:18:04.0481 3232 BrSerWdm - ok
08:18:04.0497 3232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:18:04.0497 3232 BrUsbMdm - ok
08:18:04.0513 3232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:18:04.0513 3232 BrUsbSer - ok
08:18:04.0559 3232 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:18:04.0559 3232 BTHMODEM - ok
08:18:04.0591 3232 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:18:04.0591 3232 cdfs - ok
08:18:04.0637 3232 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:18:04.0637 3232 cdrom - ok
08:18:04.0669 3232 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
08:18:04.0669 3232 CertPropSvc - ok
08:18:04.0700 3232 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
08:18:04.0700 3232 circlass - ok
08:18:04.0871 3232 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
08:18:04.0871 3232 CLFS - ok
08:18:04.0996 3232 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:18:04.0996 3232 clr_optimization_v2.0.50727_32 - ok
08:18:05.0386 3232 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:18:05.0386 3232 clr_optimization_v2.0.50727_64 - ok
08:18:05.0449 3232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:18:05.0449 3232 clr_optimization_v4.0.30319_32 - ok
08:18:05.0495 3232 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:18:05.0495 3232 clr_optimization_v4.0.30319_64 - ok
08:18:05.0511 3232 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:18:05.0511 3232 cmdide - ok
08:18:05.0542 3232 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:18:05.0542 3232 Compbatt - ok
08:18:05.0558 3232 COMSysApp - ok
08:18:05.0589 3232 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
08:18:05.0589 3232 cpuz135 - ok
08:18:05.0605 3232 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:18:05.0605 3232 crcdisk - ok
08:18:05.0620 3232 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:18:05.0620 3232 CryptSvc - ok
08:18:05.0651 3232 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
08:18:05.0667 3232 DcomLaunch - ok
08:18:05.0714 3232 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:18:05.0714 3232 DfsC - ok
08:18:06.0385 3232 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
08:18:06.0431 3232 DFSR - ok
08:18:06.0494 3232 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:18:06.0494 3232 Dhcp - ok
08:18:06.0509 3232 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
08:18:06.0509 3232 disk - ok
08:18:06.0556 3232 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:18:06.0556 3232 Dnscache - ok
08:18:06.0572 3232 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
08:18:06.0572 3232 dot3svc - ok
08:18:06.0603 3232 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
08:18:06.0603 3232 DPS - ok
08:18:06.0634 3232 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:18:06.0634 3232 drmkaud - ok
08:18:06.0962 3232 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:18:06.0977 3232 DXGKrnl - ok
08:18:07.0040 3232 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
08:18:07.0040 3232 E1G60 - ok
08:18:07.0087 3232 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
08:18:07.0102 3232 EapHost - ok
08:18:07.0133 3232 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
08:18:07.0133 3232 Ecache - ok
08:18:07.0196 3232 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:18:07.0196 3232 ehRecvr - ok
08:18:07.0211 3232 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
08:18:07.0211 3232 ehSched - ok
08:18:07.0243 3232 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
08:18:07.0243 3232 ehstart - ok
08:18:07.0274 3232 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:18:07.0274 3232 elxstor - ok
08:18:07.0430 3232 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:18:07.0445 3232 EMDMgmt - ok
08:18:07.0477 3232 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
08:18:07.0477 3232 EventSystem - ok
08:18:07.0523 3232 [ B49A1F1010F0B78E81444D630EAB6302 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
08:18:07.0523 3232 ewusbnet - ok
08:18:07.0570 3232 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
08:18:07.0570 3232 exfat - ok
08:18:07.0711 3232 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:18:07.0711 3232 fastfat - ok
08:18:07.0804 3232 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:18:07.0804 3232 fdc - ok
08:18:07.0882 3232 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
08:18:07.0882 3232 fdPHost - ok
08:18:07.0960 3232 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
08:18:07.0960 3232 FDResPub - ok
08:18:08.0023 3232 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:18:08.0023 3232 FileInfo - ok
08:18:08.0085 3232 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:18:08.0085 3232 Filetrace - ok
08:18:08.0132 3232 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:18:08.0132 3232 flpydisk - ok
08:18:08.0288 3232 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:18:08.0288 3232 FltMgr - ok
08:18:08.0366 3232 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
08:18:08.0366 3232 FontCache - ok
08:18:08.0444 3232 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:18:08.0444 3232 FontCache3.0.0.0 - ok
08:18:08.0475 3232 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:18:08.0475 3232 Fs_Rec - ok
08:18:08.0569 3232 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:18:08.0569 3232 gagp30kx - ok
08:18:08.0647 3232 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:18:08.0647 3232 GEARAspiWDM - ok
08:18:08.0849 3232 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
08:18:08.0849 3232 gpsvc - ok
08:18:09.0052 3232 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:18:09.0052 3232 gupdate - ok
08:18:09.0083 3232 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:18:09.0083 3232 gupdatem - ok
08:18:09.0130 3232 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:18:09.0130 3232 HdAudAddService - ok
08:18:09.0349 3232 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:18:09.0349 3232 HDAudBus - ok
08:18:09.0395 3232 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:18:09.0395 3232 HidBth - ok
08:18:09.0442 3232 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:18:09.0442 3232 HidIr - ok
08:18:09.0458 3232 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
08:18:09.0458 3232 hidserv - ok
08:18:09.0505 3232 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:18:09.0505 3232 HidUsb - ok
08:18:09.0614 3232 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
08:18:09.0614 3232 hkmsvc - ok
08:18:09.0676 3232 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:18:09.0676 3232 HpCISSs - ok
08:18:09.0707 3232 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:18:09.0707 3232 HTTP - ok
08:18:09.0785 3232 [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:18:09.0801 3232 hwdatacard - ok
08:18:09.0863 3232 [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
08:18:09.0863 3232 hwusbdev - ok
08:18:09.0879 3232 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:18:09.0879 3232 i2omp - ok
08:18:09.0926 3232 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:18:09.0926 3232 i8042prt - ok
08:18:10.0019 3232 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:18:10.0019 3232 iaStorV - ok
08:18:10.0097 3232 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:18:10.0097 3232 IDriverT - ok
08:18:10.0160 3232 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:18:10.0160 3232 idsvc - ok
08:18:10.0207 3232 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:18:10.0207 3232 iirsp - ok
08:18:10.0378 3232 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
08:18:10.0378 3232 IKEEXT - ok
08:18:10.0472 3232 [ F2C29AF80A68C3C606E84C185673E722 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:18:10.0487 3232 IntcAzAudAddService - ok
08:18:10.0534 3232 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
08:18:10.0534 3232 intelide - ok
08:18:10.0565 3232 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:18:10.0565 3232 intelppm - ok
08:18:10.0628 3232 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:18:10.0628 3232 IPBusEnum - ok
08:18:10.0690 3232 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:18:10.0690 3232 IpFilterDriver - ok
08:18:10.0815 3232 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:18:10.0831 3232 iphlpsvc - ok
08:18:10.0831 3232 IpInIp - ok
08:18:10.0862 3232 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:18:10.0862 3232 IPMIDRV - ok
08:18:10.0909 3232 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:18:10.0909 3232 IPNAT - ok
08:18:10.0971 3232 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:18:10.0971 3232 iPod Service - ok
08:18:11.0002 3232 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:18:11.0002 3232 IRENUM - ok
08:18:11.0033 3232 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:18:11.0033 3232 isapnp - ok
08:18:11.0080 3232 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:18:11.0080 3232 iScsiPrt - ok
08:18:11.0096 3232 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:18:11.0096 3232 iteatapi - ok
08:18:11.0127 3232 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:18:11.0127 3232 iteraid - ok
08:18:11.0143 3232 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:18:11.0143 3232 kbdclass - ok
08:18:11.0158 3232 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:18:11.0158 3232 kbdhid - ok
08:18:11.0174 3232 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
08:18:11.0174 3232 KeyIso - ok
08:18:11.0314 3232 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:18:11.0314 3232 KSecDD - ok
08:18:11.0345 3232 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:18:11.0345 3232 ksthunk - ok
08:18:11.0392 3232 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
08:18:11.0392 3232 KtmRm - ok
08:18:11.0439 3232 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:18:11.0455 3232 LanmanServer - ok
08:18:11.0486 3232 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:18:11.0486 3232 LanmanWorkstation - ok
08:18:11.0517 3232 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:18:11.0517 3232 lltdio - ok
08:18:11.0548 3232 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:18:11.0548 3232 lltdsvc - ok
08:18:11.0548 3232 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:18:11.0548 3232 lmhosts - ok
08:18:11.0579 3232 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:18:11.0579 3232 LSI_FC - ok
08:18:11.0611 3232 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:18:11.0611 3232 LSI_SAS - ok
08:18:11.0657 3232 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:18:11.0657 3232 LSI_SCSI - ok
08:18:11.0720 3232 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
08:18:11.0720 3232 luafv - ok
08:18:11.0751 3232 massfilter - ok
08:18:11.0798 3232 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:18:11.0798 3232 Mcx2Svc - ok
08:18:11.0829 3232 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
08:18:11.0845 3232 megasas - ok
08:18:11.0876 3232 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
08:18:11.0876 3232 MMCSS - ok
08:18:11.0923 3232 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
08:18:11.0923 3232 Modem - ok
08:18:11.0985 3232 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:18:11.0985 3232 monitor - ok
08:18:12.0001 3232 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:18:12.0001 3232 mouclass - ok
08:18:12.0047 3232 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:18:12.0047 3232 mouhid - ok
08:18:12.0079 3232 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:18:12.0079 3232 MountMgr - ok
08:18:12.0110 3232 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
08:18:12.0110 3232 mpio - ok
08:18:12.0141 3232 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:18:12.0141 3232 mpsdrv - ok
08:18:12.0328 3232 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
08:18:12.0328 3232 MpsSvc - ok
08:18:12.0375 3232 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:18:12.0391 3232 Mraid35x - ok
08:18:12.0453 3232 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:18:12.0453 3232 MRxDAV - ok
08:18:12.0484 3232 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:18:12.0484 3232 mrxsmb - ok
08:18:12.0500 3232 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:18:12.0500 3232 mrxsmb10 - ok
08:18:12.0515 3232 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:18:12.0515 3232 mrxsmb20 - ok
08:18:12.0547 3232 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
08:18:12.0547 3232 msahci - ok
08:18:12.0593 3232 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:18:12.0593 3232 msdsm - ok
08:18:12.0625 3232 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
08:18:12.0640 3232 MSDTC - ok
08:18:12.0703 3232 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:18:12.0703 3232 Msfs - ok
08:18:12.0765 3232 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:18:12.0765 3232 msisadrv - ok
08:18:12.0796 3232 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:18:12.0796 3232 MSiSCSI - ok
08:18:12.0796 3232 msiserver - ok
08:18:12.0827 3232 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:18:12.0827 3232 MSKSSRV - ok
08:18:12.0859 3232 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:18:12.0859 3232 MSPCLOCK - ok
08:18:12.0874 3232 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:18:12.0874 3232 MSPQM - ok
08:18:12.0968 3232 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:18:12.0968 3232 MsRPC - ok
08:18:13.0015 3232 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:18:13.0015 3232 mssmbios - ok
08:18:13.0077 3232 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:18:13.0077 3232 MSTEE - ok
08:18:13.0155 3232 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
08:18:13.0155 3232 MTsensor - ok
08:18:13.0249 3232 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
08:18:13.0264 3232 Mup - ok
08:18:13.0436 3232 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
08:18:13.0436 3232 napagent - ok
08:18:13.0498 3232 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:18:13.0498 3232 NativeWifiP - ok
08:18:13.0545 3232 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:18:13.0545 3232 NDIS - ok
08:18:13.0561 3232 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:18:13.0561 3232 NdisTapi - ok
08:18:13.0561 3232 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:18:13.0561 3232 Ndisuio - ok
08:18:13.0592 3232 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:18:13.0592 3232 NdisWan - ok
08:18:13.0623 3232 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:18:13.0623 3232 NDProxy - ok
08:18:13.0717 3232 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:18:13.0717 3232 NetBIOS - ok
08:18:13.0810 3232 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:18:13.0810 3232 netbt - ok
08:18:13.0841 3232 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
08:18:13.0841 3232 Netlogon - ok
08:18:13.0997 3232 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
08:18:13.0997 3232 Netman - ok
08:18:14.0060 3232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:18:14.0060 3232 NetMsmqActivator - ok
08:18:14.0060 3232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:18:14.0060 3232 NetPipeActivator - ok
08:18:14.0107 3232 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
08:18:14.0107 3232 netprofm - ok
08:18:14.0122 3232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:18:14.0122 3232 NetTcpActivator - ok
08:18:14.0122 3232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:18:14.0122 3232 NetTcpPortSharing - ok
08:18:14.0153 3232 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:18:14.0153 3232 nfrd960 - ok
08:18:14.0247 3232 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
08:18:14.0247 3232 NlaSvc - ok
08:18:14.0294 3232 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:18:14.0294 3232 Npfs - ok
08:18:14.0309 3232 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
08:18:14.0325 3232 nsi - ok
08:18:14.0341 3232 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:18:14.0356 3232 nsiproxy - ok
08:18:14.0528 3232 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:18:14.0543 3232 Ntfs - ok
08:18:14.0559 3232 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
08:18:14.0559 3232 Null - ok
08:18:14.0575 3232 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:18:14.0575 3232 nvraid - ok
08:18:14.0590 3232 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:18:14.0590 3232 nvstor - ok
08:18:14.0606 3232 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:18:14.0606 3232 nv_agp - ok
08:18:14.0606 3232 NwlnkFlt - ok
08:18:14.0606 3232 NwlnkFwd - ok
08:18:14.0653 3232 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:18:14.0653 3232 ohci1394 - ok
08:18:14.0918 3232 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:18:14.0933 3232 p2pimsvc - ok
08:18:15.0074 3232 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
08:18:15.0074 3232 p2psvc - ok
08:18:15.0105 3232 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
08:18:15.0121 3232 Parport - ok
08:18:15.0183 3232 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:18:15.0183 3232 partmgr - ok
08:18:15.0261 3232 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
08:18:15.0261 3232 PcaSvc - ok
08:18:15.0355 3232 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
08:18:15.0355 3232 pci - ok
08:18:15.0401 3232 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
08:18:15.0401 3232 pciide - ok
08:18:15.0433 3232 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:18:15.0433 3232 pcmcia - ok
08:18:15.0526 3232 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:18:15.0542 3232 PEAUTH - ok
08:18:16.0556 3232 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:18:16.0556 3232 PerfHost - ok
08:18:16.0618 3232 [ EDCF18EE6169F4C7CC6E451F03F59377 ] Ph3xIB64 C:\Windows\system32\DRIVERS\Ph3xIB64.sys
08:18:16.0618 3232 Ph3xIB64 - ok
08:18:16.0681 3232 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
08:18:16.0696 3232 pla - ok
08:18:16.0727 3232 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:18:16.0727 3232 PlugPlay - ok
08:18:16.0743 3232 PnkBstrA - ok
08:18:16.0790 3232 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:18:16.0790 3232 PNRPAutoReg - ok
08:18:16.0837 3232 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:18:16.0837 3232 PNRPsvc - ok
08:18:16.0993 3232 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:18:17.0008 3232 PolicyAgent - ok
08:18:17.0024 3232 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:18:17.0024 3232 PptpMiniport - ok
08:18:17.0055 3232 [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor C:\Windows\system32\drivers\processr.sys
08:18:17.0055 3232 Processor - ok
08:18:17.0149 3232 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
08:18:17.0149 3232 ProfSvc - ok
08:18:17.0164 3232 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
08:18:17.0164 3232 ProtectedStorage - ok
08:18:17.0180 3232 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:18:17.0180 3232 PSched - ok
08:18:17.0539 3232 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:18:17.0539 3232 ql2300 - ok
08:18:17.0585 3232 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:18:17.0585 3232 ql40xx - ok
08:18:17.0663 3232 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
08:18:17.0663 3232 QWAVE - ok
08:18:17.0741 3232 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:18:17.0741 3232 QWAVEdrv - ok
08:18:17.0804 3232 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:18:17.0804 3232 RasAcd - ok
08:18:17.0897 3232 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
08:18:17.0897 3232 RasAuto - ok
08:18:17.0960 3232 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:18:17.0960 3232 Rasl2tp - ok
08:18:18.0007 3232 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
08:18:18.0007 3232 RasMan - ok
08:18:18.0038 3232 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:18:18.0038 3232 RasPppoe - ok
08:18:18.0053 3232 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:18:18.0053 3232 RasSstp - ok
08:18:18.0085 3232 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:18:18.0085 3232 rdbss - ok
08:18:18.0085 3232 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:18:18.0085 3232 RDPCDD - ok
08:18:18.0116 3232 [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:18:18.0116 3232 rdpdr - ok
08:18:18.0178 3232 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:18:18.0178 3232 RDPENCDD - ok
08:18:18.0287 3232 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:18:18.0303 3232 RDPWD - ok
08:18:18.0428 3232 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:18:18.0428 3232 RemoteAccess - ok
08:18:18.0615 3232 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:18:18.0615 3232 RemoteRegistry - ok
08:18:18.0646 3232 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
08:18:18.0646 3232 RpcLocator - ok
08:18:18.0740 3232 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
08:18:18.0740 3232 RpcSs - ok
08:18:18.0802 3232 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:18:18.0802 3232 rspndr - ok
08:18:18.0865 3232 [ 1C546EA56A06B773A52EE48E0205072D ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys
08:18:18.0865 3232 RTL8187 - ok
08:18:18.0911 3232 [ 8F018E901EF4FF276FDA3ADAAF96C0F5 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
08:18:18.0911 3232 RtlProt - ok
08:18:18.0958 3232 [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiH0255 C:\Windows\system32\DRIVERS\SaiH0255.sys
08:18:18.0958 3232 SaiH0255 - ok
08:18:18.0989 3232 [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
08:18:18.0989 3232 SaiMini - ok
08:18:19.0021 3232 [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
08:18:19.0021 3232 SaiNtBus - ok
08:18:19.0036 3232 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
08:18:19.0036 3232 SamSs - ok
08:18:19.0067 3232 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:18:19.0083 3232 sbp2port - ok
08:18:19.0130 3232 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:18:19.0130 3232 SCardSvr - ok
08:18:19.0364 3232 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
08:18:19.0379 3232 Schedule - ok
08:18:19.0489 3232 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:18:19.0489 3232 SCPolicySvc - ok
08:18:19.0598 3232 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:18:19.0613 3232 SDRSVC - ok
08:18:19.0613 3232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:18:19.0613 3232 secdrv - ok
08:18:19.0645 3232 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
08:18:19.0645 3232 seclogon - ok
08:18:19.0754 3232 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
08:18:19.0754 3232 SENS - ok
08:18:19.0863 3232 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:18:19.0863 3232 Serenum - ok
08:18:19.0941 3232 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:18:19.0941 3232 Serial - ok
08:18:19.0972 3232 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:18:19.0972 3232 sermouse - ok
08:18:20.0050 3232 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
08:18:20.0050 3232 SessionEnv - ok
08:18:20.0159 3232 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:18:20.0159 3232 sffdisk - ok
08:18:20.0253 3232 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:18:20.0253 3232 sffp_mmc - ok
08:18:20.0300 3232 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:18:20.0300 3232 sffp_sd - ok
08:18:20.0393 3232 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:18:20.0393 3232 sfloppy - ok
08:18:20.0565 3232 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:18:20.0581 3232 SharedAccess - ok
08:18:20.0705 3232 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:18:20.0705 3232 ShellHWDetection - ok
08:18:20.0737 3232 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:18:20.0737 3232 SiSRaid2 - ok
08:18:20.0815 3232 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:18:20.0815 3232 SiSRaid4 - ok
08:18:20.0893 3232 SjyPkt - ok
08:18:21.0173 3232 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
08:18:21.0189 3232 slsvc - ok
08:18:21.0220 3232 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:18:21.0220 3232 SLUINotify - ok
08:18:21.0298 3232 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:18:21.0298 3232 Smb - ok
08:18:21.0376 3232 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:18:21.0376 3232 SNMPTRAP - ok
08:18:21.0407 3232 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
08:18:21.0407 3232 spldr - ok
08:18:21.0439 3232 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
08:18:21.0439 3232 Spooler - ok
08:18:21.0532 3232 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
08:18:21.0532 3232 srv - ok
08:18:21.0548 3232 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:18:21.0563 3232 srv2 - ok
08:18:21.0563 3232 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:18:21.0563 3232 srvnet - ok
08:18:21.0626 3232 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:18:21.0626 3232 SSDPSRV - ok
08:18:21.0657 3232 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:18:21.0657 3232 SstpSvc - ok
08:18:21.0688 3232 Steam Client Service - ok
08:18:21.0719 3232 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
08:18:21.0735 3232 stisvc - ok
08:18:21.0766 3232 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:18:21.0766 3232 swenum - ok
08:18:21.0891 3232 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
08:18:21.0891 3232 swprv - ok
08:18:21.0922 3232 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:18:21.0922 3232 Symc8xx - ok
08:18:21.0953 3232 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:18:21.0953 3232 Sym_hi - ok
08:18:22.0000 3232 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:18:22.0000 3232 Sym_u3 - ok
08:18:22.0187 3232 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
08:18:22.0187 3232 SysMain - ok
08:18:22.0203 3232 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:18:22.0219 3232 TabletInputService - ok
08:18:22.0265 3232 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:18:22.0265 3232 TapiSrv - ok
08:18:22.0343 3232 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
08:18:22.0343 3232 TBS - ok
08:18:22.0671 3232 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:18:22.0671 3232 Tcpip - ok
08:18:23.0014 3232 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:18:23.0014 3232 Tcpip6 - ok
08:18:23.0092 3232 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:18:23.0092 3232 tcpipreg - ok
08:18:23.0170 3232 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:18:23.0170 3232 TDPIPE - ok
08:18:23.0248 3232 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:18:23.0248 3232 TDTCP - ok
08:18:23.0295 3232 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:18:23.0295 3232 tdx - ok
08:18:23.0389 3232 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:18:23.0389 3232 TermDD - ok
08:18:23.0638 3232 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
08:18:23.0638 3232 TermService - ok
08:18:23.0669 3232 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
08:18:23.0669 3232 Themes - ok
08:18:23.0685 3232 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
08:18:23.0685 3232 THREADORDER - ok
08:18:23.0701 3232 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
08:18:23.0701 3232 TrkWks - ok
08:18:23.0732 3232 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:18:23.0732 3232 TrustedInstaller - ok
08:18:23.0747 3232 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:18:23.0747 3232 tssecsrv - ok
08:18:23.0779 3232 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:18:23.0779 3232 tunmp - ok
08:18:23.0810 3232 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:18:23.0810 3232 tunnel - ok
08:18:23.0841 3232 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:18:23.0841 3232 uagp35 - ok
08:18:23.0872 3232 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:18:23.0872 3232 udfs - ok
08:18:23.0888 3232 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:18:23.0888 3232 UI0Detect - ok
08:18:23.0919 3232 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:18:23.0919 3232 uliagpkx - ok
08:18:23.0997 3232 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:18:23.0997 3232 uliahci - ok
08:18:24.0122 3232 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:18:24.0122 3232 UlSata - ok
08:18:24.0169 3232 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:18:24.0169 3232 ulsata2 - ok
08:18:24.0200 3232 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:18:24.0200 3232 umbus - ok
08:18:24.0278 3232 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
08:18:24.0278 3232 upnphost - ok
08:18:24.0340 3232 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:18:24.0340 3232 USBAAPL64 - ok
08:18:24.0371 3232 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:18:24.0371 3232 usbccgp - ok
08:18:24.0387 3232 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:18:24.0387 3232 usbcir - ok
08:18:24.0418 3232 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:18:24.0418 3232 usbehci - ok
08:18:24.0527 3232 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:18:24.0527 3232 usbhub - ok
08:18:24.0559 3232 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:18:24.0559 3232 usbohci - ok
08:18:24.0590 3232 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:18:24.0590 3232 usbprint - ok
08:18:24.0621 3232 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:18:24.0621 3232 USBSTOR - ok
08:18:24.0637 3232 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:18:24.0637 3232 usbuhci - ok
08:18:24.0652 3232 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
08:18:24.0668 3232 UxSms - ok
08:18:24.0715 3232 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
08:18:24.0715 3232 vds - ok
08:18:24.0761 3232 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:18:24.0761 3232 vga - ok
08:18:24.0839 3232 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:18:24.0839 3232 VgaSave - ok
08:18:24.0871 3232 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
08:18:24.0871 3232 viaide - ok
08:18:24.0917 3232 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:18:24.0917 3232 volmgr - ok
08:18:24.0964 3232 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:18:24.0980 3232 volmgrx - ok
08:18:25.0058 3232 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:18:25.0073 3232 volsnap - ok
08:18:25.0089 3232 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:18:25.0089 3232 vsmraid - ok
08:18:25.0479 3232 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
08:18:25.0495 3232 VSS - ok
08:18:25.0635 3232 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
08:18:25.0635 3232 W32Time - ok
08:18:25.0682 3232 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:18:25.0682 3232 WacomPen - ok
08:18:25.0729 3232 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:18:25.0729 3232 Wanarp - ok
08:18:25.0744 3232 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:18:25.0744 3232 Wanarpv6 - ok
08:18:25.0760 3232 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:18:25.0775 3232 wcncsvc - ok
08:18:25.0869 3232 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:18:25.0869 3232 WcsPlugInService - ok
08:18:25.0900 3232 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys
08:18:25.0900 3232 Wd - ok
08:18:26.0243 3232 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:18:26.0259 3232 Wdf01000 - ok
08:18:26.0321 3232 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:18:26.0337 3232 WdiServiceHost - ok
08:18:26.0353 3232 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:18:26.0353 3232 WdiSystemHost - ok
08:18:26.0399 3232 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
08:18:26.0399 3232 WebClient - ok
08:18:26.0571 3232 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:18:26.0571 3232 Wecsvc - ok
08:18:26.0602 3232 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:18:26.0618 3232 wercplsupport - ok
08:18:26.0665 3232 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
08:18:26.0665 3232 WerSvc - ok
08:18:26.0696 3232 WinDefend - ok
08:18:26.0696 3232 WinHttpAutoProxySvc - ok
08:18:26.0883 3232 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:18:26.0883 3232 Winmgmt - ok
08:18:26.0977 3232 WinRing0_1_2_0 - ok
08:18:27.0226 3232 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
08:18:27.0242 3232 WinRM - ok
08:18:27.0460 3232 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:18:27.0476 3232 Wlansvc - ok
08:18:27.0757 3232 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:18:27.0757 3232 wlidsvc - ok
08:18:27.0850 3232 [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:18:27.0850 3232 WmiAcpi - ok
08:18:27.0975 3232 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:18:27.0975 3232 wmiApSrv - ok
08:18:28.0022 3232 WMPNetworkSvc - ok
08:18:28.0115 3232 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:18:28.0115 3232 WPCSvc - ok
08:18:28.0162 3232 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:18:28.0162 3232 WPDBusEnum - ok
08:18:28.0193 3232 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
08:18:28.0193 3232 WpdUsb - ok
08:18:28.0724 3232 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:18:28.0739 3232 WPFFontCache_v0400 - ok
08:18:28.0771 3232 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:18:28.0771 3232 ws2ifsl - ok
08:18:28.0817 3232 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
08:18:28.0833 3232 wscsvc - ok
08:18:28.0833 3232 WSearch - ok
08:18:29.0426 3232 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:18:29.0441 3232 wuauserv - ok
08:18:29.0488 3232 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:18:29.0488 3232 WUDFRd - ok
08:18:29.0504 3232 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:18:29.0519 3232 wudfsvc - ok
08:18:29.0566 3232 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
08:18:29.0566 3232 xusb21 - ok
08:18:29.0629 3232 [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
08:18:29.0629 3232 yukonx64 - ok
08:18:29.0660 3232 ZTEusbmdm6k - ok
08:18:29.0675 3232 ZTEusbnmea - ok
08:18:29.0675 3232 ZTEusbser6k - ok
08:18:29.0707 3232 ================ Scan global ===============================
08:18:29.0738 3232 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
08:18:29.0785 3232 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
08:18:29.0800 3232 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
08:18:29.0925 3232 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
08:18:29.0941 3232 [Global] - ok
08:18:29.0941 3232 ================ Scan MBR ==================================
08:18:29.0956 3232 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:18:31.0766 3232 \Device\Harddisk0\DR0 - ok
08:18:31.0766 3232 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:18:31.0781 3232 \Device\Harddisk1\DR1 - ok
08:18:31.0781 3232 ================ Scan VBR ==================================
08:18:31.0781 3232 [ AA16025AAB95639B0B83FECD5F99F404 ] \Device\Harddisk0\DR0\Partition1
08:18:31.0797 3232 \Device\Harddisk0\DR0\Partition1 - ok
08:18:31.0797 3232 [ 2D225F1875A5CE4B793D2A82FF5FBB59 ] \Device\Harddisk1\DR1\Partition1
08:18:31.0797 3232 \Device\Harddisk1\DR1\Partition1 - ok
08:18:31.0797 3232 ============================================================
08:18:31.0797 3232 Scan finished
08:18:31.0797 3232 ============================================================
08:18:31.0797 3240 Detected object count: 0
08:18:31.0797 3240 Actual detected object count: 0

 

[SuperDuperMe]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:21:38 AM, on 22/09/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\SuperDuperMe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperDuperMe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperDuperMe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperDuperMe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SuperDuperMe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1144A381-31EA-496F-A33E-51B997B4C17D}&mid=d3756a6bbddc47d090f7d15756fb5d2c-6edc2752e7f23e6a699f0a442ad6df1990c009ca&lang=en&ds=od011&pr=sa&d=2012-04-21 16:22:54&v=11.0.0.9&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\SuperDuperMe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7808 bytes

 

[tcb-com-frm-12]

A favorite trick of Virus's and Trojans is to make a restore point and hide itself in there, when the computer is 'Cleaned', it uses a registry entry (which are not normally deleted) to restore itself back to the system.
Check your restore points and if the are points that you suspect then delete them.

It could also be that your system has ben hijacked as is being used as to spread infection to other computers- without your knowledge.(botnet)
Terry

 

[SuperDuperMe]

I dont have my pc set up to make restoration point

And no disrespect but as i dont know how qualified you are in terms of malwayre ill wait for Johnb to come back as i know hes like a malwayre know how god.

 

[johnb35]

I don't see any issues there so lets scan a little deeper.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[SuperDuperMe]

ComboFix 12-09-22.02 - SuperDuperMe 22/09/2012 21:44:13.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2706 [GMT 1:00]
Running from: c:\users\SuperDuperMe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 07:21 . 2012-09-22 07:21 388096 ----a-r- c:\users\SuperDuperMe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-22 07:21 . 2012-09-22 07:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-21 14:26 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E35EF76F-5A16-48CB-9D76-A9F46475A8C1}\mpengine.dll
2012-09-21 11:05 . 2012-09-21 11:05 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\CrashRpt
2012-09-21 11:05 . 2012-09-21 11:05 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-09-19 06:08 . 2012-09-19 06:08 -------- d-----w- c:\users\SuperDuperMe\AppData\Roaming\fltk.org
2012-09-19 06:08 . 2012-09-19 06:08 -------- d-----w- c:\programdata\fltk.org
2012-09-16 09:45 . 2012-09-17 19:24 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\Take On Helicopters
2012-09-16 07:47 . 2012-09-16 07:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-16 07:46 . 2012-09-16 07:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 12:19 . 2012-09-15 12:19 -------- d-----w- c:\programdata\Saitek
2012-09-15 12:18 . 2012-09-15 12:18 -------- d-----w- c:\program files\Saitek
2012-09-15 07:11 . 2012-09-15 07:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-15 07:11 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 20:29 . 2012-09-14 20:29 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\CRE
2012-09-14 20:29 . 2012-09-14 20:29 -------- d-----w- c:\users\AppData
2012-09-14 20:29 . 2012-09-14 20:29 -------- d-----w- c:\program files (x86)\Conduit
2012-09-14 20:29 . 2012-09-14 20:33 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\Conduit
2012-09-14 20:28 . 2012-09-14 20:32 -------- d-----w- c:\users\SuperDuperMe\AppData\Roaming\Nico Mak Computing
2012-09-14 20:28 . 2011-11-10 09:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-09-14 20:28 . 2012-09-14 20:32 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2012-09-09 12:14 . 2012-09-09 12:14 -------- d-----w- c:\users\SuperDuperMe\AppData\Roaming\six-zsync
2012-09-08 19:57 . 2012-09-12 16:48 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-09-08 19:56 . 2012-09-08 19:57 -------- d-----w- c:\programdata\Battle.net
2012-09-08 19:00 . 2012-09-08 19:00 -------- d-----w- c:\program files\Nexus Mod Manager
2012-09-08 14:48 . 2012-09-08 19:00 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\Black_Tree_Gaming
2012-09-08 14:29 . 2012-09-08 14:29 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\The Witcher 2
2012-09-08 14:24 . 2012-09-08 14:51 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\Oblivion
2012-09-08 14:03 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-09-08 14:03 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-09-08 14:03 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-09-08 14:03 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-09-08 14:03 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-09-08 14:03 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-09-08 14:03 . 2012-09-08 14:03 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-09-08 14:03 . 2012-09-08 14:03 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-09-08 13:09 . 2012-09-08 14:33 -------- d-----w- c:\program files (x86)\The Witcher 2
2012-09-07 17:09 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 21:41 . 2012-09-06 21:41 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\Take On Helicopters Demo
2012-09-06 21:28 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-06 21:28 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-09-06 21:28 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-06 21:27 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-06 21:27 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-09-06 21:27 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-09-06 21:27 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-09-06 21:27 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-09-06 21:25 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-09-06 21:25 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-09-06 21:25 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-09-06 21:25 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-06 21:24 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-09-06 21:24 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-05 17:31 . 2012-09-05 17:31 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\The Lord of the Rings Online
2012-09-05 17:10 . 2012-09-05 17:14 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\Turbine
2012-09-05 17:10 . 2012-09-05 17:38 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\ApplicationHistory
2012-09-04 19:24 . 2012-09-04 19:24 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\SWTOR
2012-09-04 16:51 . 2012-09-04 16:51 -------- d-----w- c:\programdata\Rockstar Games
2012-09-03 20:57 . 2012-09-03 20:57 -------- d-----w- c:\users\hedev
2012-09-03 17:43 . 2012-09-03 17:40 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-09-02 14:14 . 2003-05-23 11:28 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-02 14:14 . 2003-05-23 11:28 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-02 14:14 . 2003-05-23 11:28 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-09-02 13:34 . 2012-09-14 20:32 -------- d-----w- c:\programdata\Tarma Installer
2012-08-24 20:01 . 2012-08-24 20:01 -------- d-----w- c:\users\SuperDuperMe\AppData\Local\2DBoy
2012-08-24 20:01 . 2012-08-24 20:01 -------- d-----w- c:\programdata\2DBoy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 19:39 . 2012-03-10 17:05 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-22 19:39 . 2012-03-04 23:09 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-22 13:30 . 2012-03-10 17:05 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-21 12:34 . 2012-03-10 17:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-16 07:46 . 2012-06-18 18:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-16 07:46 . 2012-02-25 01:43 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 17:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-08-21 09:13 . 2012-02-24 18:53 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-24 18:53 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-24 18:53 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-24 18:53 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-24 18:53 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-02-24 18:53 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-02-24 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-24 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-02-24 18:53 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-16 17:11 . 2012-03-05 09:12 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-08-16 17:11 . 2012-03-05 09:12 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-08-16 17:11 . 2012-03-05 09:12 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-16 17:11 . 2012-03-05 09:12 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-07 10:02 . 2009-08-18 11:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-06 10:44 . 2011-12-06 02:33 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-06 10:43 . 2012-07-06 10:42 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-06 10:42 . 2011-12-06 03:17 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-06 10:42 . 2012-07-06 10:42 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-06 10:42 . 2012-07-06 10:42 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-06 10:42 . 2012-07-06 10:41 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-06 10:41 . 2012-07-06 10:41 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-06 10:41 . 2012-07-06 10:41 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-07-06 10:41 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-06 10:40 . 2011-12-06 02:28 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-06 10:40 . 2012-07-06 10:40 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-06 10:40 . 2011-12-06 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-06 10:40 . 2012-07-06 10:39 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-06 10:39 . 2012-07-06 10:39 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-06 10:39 . 2011-12-06 02:11 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-06 10:39 . 2012-07-06 10:38 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-06 10:39 . 2012-07-06 10:37 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-06 10:38 . 2012-07-06 10:38 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-06 10:37 . 2011-12-06 02:10 45056 ----a-w- c:\windows\system32\atitmp64.dll
2012-07-06 10:37 . 2012-07-06 10:33 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-06 10:37 . 2012-07-06 10:36 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-07-06 10:36 . 2012-07-06 10:32 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-06 10:36 . 2012-07-06 10:36 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-06 10:36 . 2012-07-06 10:36 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-06 10:36 . 2012-07-06 10:36 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-06 10:36 . 2012-07-06 10:36 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-06 10:34 . 2012-07-06 10:33 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-06 10:33 . 2012-07-06 10:33 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-06 10:33 . 2012-07-06 10:33 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-06 10:33 . 2012-07-06 10:33 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-06 10:33 . 2012-07-06 10:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-06 10:33 . 2012-07-06 10:29 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-06 10:33 . 2012-07-06 10:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-06 10:33 . 2012-07-06 10:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-06 10:33 . 2012-07-06 10:32 92176 ----a-w- c:\windows\system32\drivers\AtihdLH6.sys
2012-07-06 10:32 . 2012-07-06 10:29 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-06 10:32 . 2012-07-06 10:30 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-06 10:32 . 2012-07-06 10:32 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-06 10:32 . 2012-07-06 10:29 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-06 10:31 . 2012-07-06 10:31 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-06 10:31 . 2011-12-06 02:24 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-06 10:30 . 2012-07-06 10:30 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-06 10:29 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-07-06 10:29 . 2012-07-06 10:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-06 10:28 . 2012-07-06 10:28 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-06 10:28 . 2012-07-06 10:28 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-06 10:28 . 2012-07-06 10:28 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\3MobileWiFi\3MobileWiFi" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files (x86)\ASUS WiFi-AP Solo\RtWLan.exe [2012-2-25 995328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 18:53]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 18:53]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113226052-4232362135-2693474079-1000Core.job
- c:\users\SuperDuperMe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:40]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-113226052-4232362135-2693474079-1000UA.job
- c:\users\SuperDuperMe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:40]
.
2012-09-22 c:\windows\Tasks\RtlVistaStart.job
- c:\program files (x86)\ASUS WiFi-AP Solo\RtWLan.exe [2012-02-25 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-14 7074336]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-14 1833504]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 290816]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={1144A381-31EA-496F-A33E-51B997B4C17D}&mid=d3756a6bbddc47d090f7d15756fb5d2c-6edc2752e7f23e6a699f0a442ad6df1990c009ca&lang=en&ds=od011&pr=sa&d=2012-04-21 16:22&v=11.0.0.9&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
AddRemove-Take On Hinds - c:\program files (x86)\steam\steamapps\common\take on helicoptersHinds\DataCacheRemoval.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-113226052-4232362135-2693474079-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,db,c1,7d,4b,f5,66,42,d8,58,32,98,03,49,56,d7,7d,81,a1,0c,97,f7,b0,
d3,8b,ee,cb,12,d3,55,e7,59,23,3c,0b,7a,e6,34,78,c6,83,f6,93,84,a2,00,24,7d,\
"??"=hex:3c,9b,85,e0,f3,ff,00,c3,97,74,c7,3a,05,eb,57,e7
.
[HKEY_USERS\S-1-5-21-113226052-4232362135-2693474079-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,5d,bb,aa,0f,60,a8,c6,9f,40,41,5f,0d,5e,6d,d9,d6,a0,d9,d0,06,
8a,6f,db,69,86,e9,55,6f,f6,cd,00,5e,de,9d,35,b0,ed,29,f8,ba,06,7d,09,75,3b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-09-22 22:02:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-22 21:02
.
Pre-Run: 47,191,683,072 bytes free
Post-Run: 46,635,446,272 bytes free
.
- - End Of File - - BFA4EB8F8ACE1923BCD117EBD24C312D

 

[SuperDuperMe]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:06 PM, on 22/09/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1144A381-31EA-496F-A33E-51B997B4C17D}&mid=d3756a6bbddc47d090f7d15756fb5d2c-6edc2752e7f23e6a699f0a442ad6df1990c009ca&lang=en&ds=od011&pr=sa&d=2012-04-21 16:22:54&v=11.0.0.9&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6566 bytes

 

[SuperDuperMe]

Pc seems to be running fine, however, on my desktop there is now a shortcut that looks like IE, but says "the internet"

:/ This only appeared after combofix and hijackthis :/


Is this normal.

 

[johnb35]

Uninstall the winzip registry optimizer, its not needed. Combofix places the IE icon on your desktop. You can rename it to Internet Explorer or delete it if you use a different browser. Let me know if you continue to have issues. Look at task manager to see what process is using the memory next time.

 

[SuperDuperMe]

That win zip thing I got automatically from a download, thought I had deleted it earlier this week but evidently not. Could that gave caused my problems and what exactly is it

 

[johnb35]

It's a program that supposedly optimizes the registry, but its a good thing to not run registry cleaners/optimizers as you could do more damage then good. And I doubt it would do anything like that.

 

[SuperDuperMe]

I cant find it on control panel or in revo uninstaller. Is there any other way to get rid of it?

 

[johnb35]

Rerun revo and point it to this directory.

c:\program files (x86)\WinZip Registry Optimizer

Should detect it then and get rid of it.

 

[SuperDuperMe]

Couldnt work out to direct revo to it. However iv found the root of my problem....



When i download from steam my pc runs really slow. I didnt clock on to it until i was downloading a game today and my pc froze up again. Same thing happened the other day which i thought was a virus.

 

[johnb35]

Try updating your wireless or lan driver for whatever type of connection you use. Or its a possibility that the hardware itself is going.

 

[SuperDuperMe]

Most likely the hardware it's old and not exactly been looked after