svchost.exe Memory Leak.

[ZTR_888]

Hi, The svchost has a severe memory leak, 3gb + on idle. I cant seem to pinpoint the service? Im wondering if your guys can help.

Thankyou,

John.

[gringo_pr]

Hello JOHN007

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  Download DDS and save it to your desktop
  

Link1
Link2
Link3

• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
    

  [*]A window will open instructing you save & post the logs

  [*]Save the logs to a convenient place such as your desktop

  [*]Copy the contents of both logs & post in your next reply

Gringo

[ZTR_888]

Thankyou for yor time Gringo, I have done as requested, The pc is offline at the moment im using my laptop for the forum.

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 26/07/2012 03:32:28

System Uptime: 24/05/2013 16:48:47 (0 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH 990FX

Processor: AMD FX-8350 Eight-Core Processor | Socket 942 | 4731/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 200 GiB total, 105.597 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 498 GiB total, 289.815 GiB free.

F: is FIXED (NTFS) - 712 GiB total, 319.696 GiB free.

G: is FIXED (NTFS) - 33 GiB total, 13.002 GiB free.

H: is Removable

I: is FIXED (NTFS) - 200 GiB total, 72.446 GiB free.

J: is FIXED (NTFS) - 466 GiB total, 86.401 GiB free.

M: is FIXED (NTFS) - 220 GiB total, 110.349 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: AMD High Definition Audio Device

Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&18AD580A&0&0001

Manufacturer: Advanced Micro Devices

Name: AMD High Definition Audio Device

PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&18AD580A&0&0001

Service: AtiHDAudioService

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Sitecom Wireless Network PCI Adapter MiMoXR WL-151

Device ID: PCI\VEN_1814&DEV_0401&SUBSYS_9097182D&REV_00\4&2B4059EA&0&28A4

Manufacturer: Sitecom Europe BV

Name: Sitecom Wireless Network PCI Adapter MiMoXR WL-151

PNP Device ID: PCI\VEN_1814&DEV_0401&SUBSYS_9097182D&REV_00\4&2B4059EA&0&28A4

Service: rt61x64

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

3DMark 11

Adobe Audition 3.0

Adobe Audition 3.0 Vista Compatibility

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AI Suite II

AIDA64 Extreme Edition v2.30

Akamai NetSession Interface

Aliens: Colonial Marines

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD VISION Engine Control Center

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

Battlefield 2

Battlefield 3™

Battlelog Web Plugins

BitTorrentBar Toolbar

Borderlands 2

Cakewalk VST Adapter 4.4.4.0

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Cool Edit Pro 2.1

Crysis®

Dawn Of War

Dawn of War - Dark Crusade

Dawn of War - Soulstorm

Dawn of War - Tyranid Mod v0.45SS

Dawn Of War - Winter Assault

Deus Ex: Human Revolution

Diablo III

Dimension DXi Instrument

DiRT Showdown

DoW : Space Hulk

Dual-Core Optimizer

ESET Online Scanner v3

ESN Sonar

Far Cry

Far Cry (Patch 1.3)

Far Cry (Patch 1.31)

Far Cry (Patch 1.4)

foobar2000 v0.9.5.6

Fraps (remove only)

Futuremark SystemInfo

Grand Theft Auto IV

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java 7 Update 21

Java 7 Update 21 (64-bit)

Java Auto Updater

LogonStudio Vista

M-Audio FastTrackPro Driver 6.0.7 (x64)

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Xbox 360 Accessories 1.1

Moonbase Alpha

MSM32Installer

MSVCRT Redists

Native Instruments Controller Editor

Native Instruments Kontakt 2

Native Instruments Massive

Native Instruments Service Center

Need for Speed Most Wanted

Next Generation Visualisations

Nexuiz

NVIDIA PhysX

OpenAL

Origin

Paint.NET v3.5.10

PowerISO

Project5 Version 2

Project5 Version 2.5

PunkBuster Services

QuickTime

Rainmeter

Rapture3D 2.4.11 Game

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Rockstar Games Social Club

Sapphire TRIXX

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

SONAR X1 Producer x64

Sony Sound Forge 7.0

Stardock MyColors

SUPERAntiSpyware

T-RackS 3 Deluxe

The Settlers III Gold Edition

Tombraider

TotalMovieConverter

TuneUp Utilities 2013

TuneUp Utilities Language Pack (en-GB)

Ultra Mobile 3GP Video Converter 3.0.4.0421b

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Vegas Pro 12.0 (64-bit)

Vista Codec Package

WinRAR archiver

x64 Components v3.6.3

Xfire

.

==== End Of File ===========================

[ZTR_888]

dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2

Run by Jabba at 16:57:16 on 2013-05-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.16344.14077 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uProxyOverride = <local>

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: NameServer = 192.168.137.1

TCP: Interfaces\{CE2F842B-A55D-4555-A2B4-0D3480AF23D5} : DHCPNameServer = 192.168.137.1

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2012-7-25 14464]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-7-25 586880]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-1 418376]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-1-31 2402080]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-26 46136]

R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2012-8-31 39424]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]

R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\System32\drivers\MAudioFastTrackPro.sys [2010-12-7 187912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-1 25928]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-19 11880]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-1 701512]

S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2012-7-25 24648]

S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2012-7-25 141896]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2013-1-15 92160]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-5-13 137336]

S3 imhidusb;Immersion's HID USB Driver;C:\Windows\System32\drivers\imhidusb.sys [2013-5-4 23040]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S3 rt61x64;Sitecom RT61 Wireless Network Driver for Windows Vista;C:\Windows\System32\drivers\netr6164.sys [2009-6-10 393216]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-7-25 89920]

S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]

.

=============== File Associations ===============

.

FileExt: .reg: regfile=regedit.exe "%1" [userChoice]

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-05-20 00:07:55 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-05-20 00:07:54 971680 ----a-w- C:\Windows\System32\deployJava1.dll

2013-05-20 00:07:54 311200 ----a-w- C:\Windows\System32\javaws.exe

2013-05-20 00:07:54 188832 ----a-w- C:\Windows\System32\javaw.exe

2013-05-20 00:07:54 188320 ----a-w- C:\Windows\System32\java.exe

2013-05-20 00:07:54 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-05-20 00:05:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-20 00:05:39 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-05-20 00:05:39 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-20 00:05:39 263584 ----a-w- C:\Windows\SysWow64\javaws.exe

2013-05-20 00:05:39 174496 ----a-w- C:\Windows\SysWow64\javaw.exe

2013-05-20 00:05:39 174496 ----a-w- C:\Windows\SysWow64\java.exe

2013-05-19 23:27:24 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-05-19 23:27:24 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-05-19 22:43:30 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-05-19 21:45:21 176 ----a-w- C:\Windows\SysWow64\msvcsv60.dll

2013-05-16 01:46:07 17317888 ----a-w- C:\Windows\System32\imageres.dll

2013-05-15 21:49:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 21:49:15 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-15 03:22:27 2473424 ----a-w- C:\Windows\PE_Rom.dll

2013-05-02 01:06:08 278800 ----a-w- C:\Windows\System32\MpSigStub.exe

2013-04-16 01:14:37 72702784 ----a-w- C:\Windows\System32\mrt.exe

2013-04-04 19:38:53 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll

2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll

2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll

2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe

2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll

2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll

2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe

2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll

2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2013-03-29 01:11:48 79360 ----a-w- C:\Windows\System32\amdave64.dll

2013-03-29 01:11:42 78336 ----a-w- C:\Windows\SysWow64\amdave32.dll

2013-03-29 01:11:32 74240 ----a-w- C:\Windows\System32\atisamu64.dll

2013-03-29 01:11:26 71168 ----a-w- C:\Windows\atisamu32.dll

2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll

2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2013-03-29 01:07:22 45056 ----a-w- C:\Windows\System32\atitmp64.dll

2013-03-21 04:10:18 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2013-03-21 04:10:16 28544 ----a-w- C:\Windows\System32\xfcodec64.dll

2013-03-17 04:13:59 2538960 ----a-w- C:\Windows\PE_File.dll

2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe

2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll

2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll

2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-03-05 01:57:37 2774016 ----a-w- C:\Windows\System32\win32k.sys

2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

============= FINISH: 16:57:30.19 ===============

[gringo_pr]

Hello JOHN007

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

When they are complete let me have the two reports and let me know how things are running.

Gringo

[ZTR_888]

Hi, Thanks for the reply, Ive done as requested here are the results.

Adware Cleaner.

# AdwCleaner v2.301 - Logfile created 05/24/2013 at 19:15:27

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : Jabba - JABBA-SLI

# Boot Mode : Normal

# Running from : I:\Windows APPz\TDSS-Killa\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\BitTorrentBar

Deleted on reboot : C:\Program Files (x86)\Conduit

Deleted on reboot : C:\Users\Jabba\AppData\Local\Conduit

Deleted on reboot : C:\Users\Jabba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid

Deleted on reboot : C:\Users\Jabba\AppData\LocalLow\BitTorrentBar

Deleted on reboot : C:\Users\Jabba\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentBar Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKLM\Software\BitTorrentBar

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34E30D19-67C9-451D-AC3A-15CE8454ED97}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA558284-5553-4AEA-9F4B-3E77E8A232FA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Jabba\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3025 octets] - [24/05/2013 19:15:17]

AdwCleaner[s1].txt - [3028 octets] - [24/05/2013 19:15:27]

########## EOF - C:\AdwCleaner[s1].txt - [3088 octets] ##########

[ZTR_888]

Junkware Removal.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Home Premium x64

Ran by Jabba on 24/05/2013 at 19:22:35.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\bittorrentbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/05/2013 at 19:24:30.51

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ZTR_888]

There still seems to be a memory leak in svchost.exe which jumps from 2300mb to 3000mb. the services which are running this svchost are..

wudfsvc

WPCBusEnum

WdiSystemHost

UxSms

TrkWrs

SysMain

PcaSvc

Netman

Hidserv

EMDmgmt

AudioEndpointBuilder

Thanks again for your time..

John

[gringo_pr]

Hello JOHN007

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[ZTR_888]

Hi Gringo, Im sorry to say that ive reformatted windows again thinking the memory leak would be fixed, But to my suprise it hasnt, im really worried now as I havent got a clue as to what could be causing this? Im sorry about this but I would still like your advise as to what to do next?

Thankyou fior your time,

John

[ZTR_888]

Hi Gringo, Im sorry to say that ive reformatted windows again thinking the memory leak would be fixed, But to my surprise it hasnt, Im really worried now as I havent got a clue as to what could be causing this? Im sorry about this but I would still like your advise as to what to do next? Thankyou for your time, John

[gringo_pr]

Go ahead and run post 9 and lets see if it clears up if not I do have a few more programs that I will try

[ZTR_888]

Hi Gringo, Ive done as you requested,

Combofix Log.

ComboFix 13-05-25.02 - Jabba 26/05/2013 19:52:13.1.8 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.16344.14181 [GMT 1:00]

Running from: i:\windows appz\TDSS-Killa\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\icon.ico

c:\windows\SysWow64\frapsvid.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 )))))))))))))))))))))))))))))))

.

.

2013-05-26 18:56 . 2013-05-26 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-25 18:45 . 2013-05-25 18:45 -------- d-----w- c:\program files\M-Audio

2013-05-25 18:38 . 2013-05-25 18:38 -------- d-----w- c:\program files\foobar2000

2013-05-25 18:32 . 2013-05-25 18:32 -------- d-----w- c:\programdata\ASUS OC Profiles

2013-05-25 18:26 . 2013-05-25 18:26 16896 ----a-w- c:\windows\AsTaskSched.dll

2013-05-25 18:25 . 2013-05-25 18:25 -------- d-----w- c:\program files\ASUS

2013-05-25 18:23 . 2013-05-25 18:23 -------- d-----w- c:\windows\SysWow64\Macromed

2013-05-25 18:18 . 2010-11-08 13:57 14464 ----a-w- c:\windows\system32\drivers\AiChargerPlus.sys

2013-05-25 18:17 . 2008-12-02 19:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll

2013-05-25 18:15 . 2013-05-25 18:15 -------- d-----w- c:\programdata\ASUS

2013-05-25 18:14 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll

2013-05-25 18:14 . 2013-05-25 18:17 -------- d-----w- c:\program files (x86)\ASUS

2013-05-25 18:14 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys

2013-05-25 18:14 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys

2013-05-25 07:49 . 2013-05-24 22:55 -------- d-----w- c:\windows\Panther

2013-05-25 07:49 . 2013-05-25 03:55 -------- d-----w- C:\Boot

2013-05-25 07:06 . 1998-05-07 09:57 143872 ----a-w- c:\windows\SysWow64\iacenc.dll

2013-05-25 07:04 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe

2013-05-25 06:42 . 2013-05-25 06:42 -------- d-----w- c:\program files (x86)\PowerISO

2013-05-25 06:42 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys

2013-05-25 06:28 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2013-05-25 06:27 . 2007-10-22 02:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll

2013-05-25 05:55 . 2013-01-31 09:37 37664 ----a-w- c:\windows\system32\uxtuneup.dll

2013-05-25 05:55 . 2013-01-31 09:37 29984 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2013-05-25 05:53 . 2013-01-31 09:38 35104 ----a-w- c:\windows\system32\TURegOpt.exe

2013-05-25 05:53 . 2013-01-31 09:37 26400 ----a-w- c:\windows\system32\authuitu.dll

2013-05-25 05:53 . 2013-01-31 09:37 21792 ----a-w- c:\windows\SysWow64\authuitu.dll

2013-05-25 05:52 . 2013-05-25 05:55 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013

2013-05-25 05:52 . 2013-05-25 05:52 -------- d-----w- c:\programdata\TuneUp Software

2013-05-25 05:52 . 2013-05-26 06:08 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2013-05-25 05:52 . 2013-05-25 05:52 -------- d--h--w- c:\programdata\Common Files

2013-05-25 05:38 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-25 05:38 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-25 05:38 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-25 05:36 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-05-25 05:36 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll

2013-05-25 05:36 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-05-25 05:36 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-05-25 05:36 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll

2013-05-25 05:36 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll

2013-05-25 05:36 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-05-25 05:36 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll

2013-05-25 05:36 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-05-25 05:36 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-05-25 05:36 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll

2013-05-25 05:36 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-05-25 05:24 . 2013-05-25 05:24 -------- d-----w- c:\program files\Windows Portable Devices

2013-05-25 05:24 . 2013-05-25 05:24 -------- d-----w- c:\program files (x86)\Windows Portable Devices

2013-05-25 05:23 . 2013-05-25 05:23 -------- d-----w- c:\windows\SysWow64\spool

2013-05-25 04:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-05-25 04:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-05-25 04:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-05-25 04:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-05-25 04:54 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-05-25 04:54 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-05-25 04:54 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-05-25 04:54 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-05-25 04:54 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-05-25 04:54 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-05-25 04:54 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-05-25 04:54 . 2009-07-14 12:19 20480 ----a-w- c:\windows\system32\winusb.dll

2013-05-25 04:54 . 2009-07-14 12:12 16896 ----a-w- c:\windows\SysWow64\winusb.dll

2013-05-25 04:50 . 2013-05-25 04:50 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll

2013-05-25 04:35 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll

2013-05-25 04:35 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2013-05-25 04:35 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll

2013-05-25 04:35 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll

2013-05-25 04:35 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll

2013-05-25 04:35 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-05-25 04:34 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll

2013-05-25 04:34 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll

2013-05-25 04:34 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-05-25 04:34 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-05-25 04:34 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-05-25 04:25 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll

2013-05-25 04:25 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-05-25 04:25 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll

2013-05-25 04:25 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-05-25 04:19 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-05-25 04:19 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-05-25 04:19 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll

2013-05-25 04:17 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-05-25 04:17 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll

2013-05-25 04:17 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-25 04:17 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-25 04:17 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-25 04:17 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-25 04:17 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-25 04:17 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll

2013-05-25 04:17 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

2013-05-25 04:17 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll

2013-05-25 04:17 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll

2013-05-25 04:17 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll

2013-05-25 04:15 . 2012-02-01 15:31 1815552 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-05-25 04:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2013-05-25 04:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2013-05-25 04:14 . 2011-06-15 16:16 180736 ----a-w- c:\windows\system32\xmllite.dll

2013-05-25 04:14 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2013-05-25 04:14 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-25 04:14 . 2011-11-18 20:55 1585152 ----a-w- c:\windows\system32\ntdll.dll

2013-05-25 04:14 . 2011-11-18 20:55 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-05-25 04:14 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys

2013-05-25 04:14 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll

2013-05-25 04:14 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll

2013-05-25 04:11 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll

2013-05-25 04:11 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll

2013-05-25 04:08 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll

2013-05-25 04:08 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll

2013-05-25 04:08 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll

2013-05-25 04:08 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe

2013-05-25 04:08 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe

2013-05-25 03:50 . 2013-05-25 03:50 -------- d-----w- c:\windows\SysWow64\ca-ES

2013-05-25 03:50 . 2013-05-25 03:50 -------- d-----w- c:\windows\SysWow64\vi-VN

2013-05-25 03:50 . 2013-05-25 03:50 -------- d-----w- c:\windows\SysWow64\eu-ES

2013-05-25 03:50 . 2013-05-25 03:50 -------- d-----w- c:\windows\system32\ca-ES

2013-05-25 03:50 . 2013-05-25 03:50 -------- d-----w- c:\windows\system32\eu-ES

2013-05-25 03:50 . 2013-05-25 03:50 -------- d-----w- c:\windows\system32\vi-VN

2013-05-25 03:43 . 2009-04-11 07:15 275432 ----a-w- c:\windows\system32\drivers\fltMgr.sys

2013-05-25 03:16 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

2013-05-25 03:16 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll

2013-05-25 03:16 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll

2013-05-25 03:16 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll

2013-05-25 03:16 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2013-05-25 03:16 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll

2013-05-25 02:41 . 2013-05-25 02:41 -------- d-----w- c:\program files\Rainmeter

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-03 15:15 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe

2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-03-29 02:37 . 2013-03-29 02:37 139696 ----a-w- c:\windows\system32\atiuxp64.dll

2013-03-29 02:37 . 2013-03-29 02:37 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-03-29 02:37 . 2013-03-29 02:37 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-03-29 02:37 . 2013-03-29 02:37 112440 ----a-w- c:\windows\system32\atiu9p64.dll

2013-03-29 02:37 . 2013-03-29 02:37 1155264 ----a-w- c:\windows\system32\aticfx64.dll

2013-03-29 02:37 . 2013-03-29 02:37 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-03-29 02:36 . 2013-03-29 02:36 8272136 ----a-w- c:\windows\system32\atidxx64.dll

2013-03-29 02:36 . 2013-03-29 02:36 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-03-29 02:36 . 2013-03-29 02:36 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-03-29 02:36 . 2013-03-29 02:36 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-03-29 02:36 . 2013-03-29 02:36 5000320 ----a-w- c:\windows\system32\atiumd6a.dll

2013-03-29 02:36 . 2013-03-29 02:36 6985624 ----a-w- c:\windows\system32\atiumd64.dll

2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe

2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe

2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe

2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe

2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe

2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll

2013-03-29 02:10 . 2013-03-29 02:10 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll

2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-03-29 02:04 . 2013-03-29 02:04 24229376 ----a-w- c:\windows\system32\atio6axx.dll

2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll

2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe

2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe

2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll

2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll

2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll

2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2013-03-29 01:11 . 2013-03-29 01:11 79360 ----a-w- c:\windows\system32\amdave64.dll

2013-03-29 01:11 . 2013-03-29 01:11 78336 ----a-w- c:\windows\SysWow64\amdave32.dll

2013-03-29 01:11 . 2013-03-29 01:11 74240 ----a-w- c:\windows\system32\atisamu64.dll

2013-03-29 01:11 . 2013-03-29 01:11 71168 ----a-w- c:\windows\atisamu32.dll

2013-03-29 01:10 . 2013-03-29 01:10 636416 ----a-w- c:\windows\system32\atiadlxx.dll

2013-03-29 01:10 . 2013-03-29 01:10 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-03-29 01:10 . 2013-03-29 01:10 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2013-03-29 01:10 . 2013-03-29 01:10 44032 ----a-w- c:\windows\system32\atig6txx.dll

2013-03-29 01:09 . 2013-03-29 01:09 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-03-29 01:07 . 2013-03-29 01:07 45056 ----a-w- c:\windows\system32\atitmp64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]

"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-10-22 1389944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-05-15 6470760]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-{6F7614CC-F33A-4877-8814-49856F441F3C} - c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}\MyColors.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2013-05-26 19:57:26

ComboFix-quarantined-files.txt 2013-05-26 18:57

.

Pre-Run: 130,976,055,296 bytes free

Post-Run: 130,845,704,192 bytes free

.

- - End Of File - - BC912C46007551DB5B727D8DAD879697

[ZTR_888]

The problem is the Memory Leak which seems to be at 2600mb on idle. Then jumping in 100mb stages to 3000mb, Ive turned Superfetch off which causes Ram to jump, But the problem is still in svchost.exe im pretty sure off.

Thankyou for your time Gring and sorry about the delay.

John.

[gringo_pr]

Hello JOHN007

There is a chance that this is malware and I am going to run a few scans to make sure it is not.

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.
  Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
  If the forum still complains about it being to long send me everything that is at the end of the report after where it says
  ==================
  Scan finished
  ==================
  

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

• Quit all programs that you may have started.
  
• Please disconnect any external drives from the computer before you run this scan!
  
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
  
• For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on "Scan" button
  
• Wait until the Status box shows "Scan Finished"
  
• click on "delete"
  
• Wait until the Status box shows "Deleting Finished"
  
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
  
• the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  
• Exit/Close RogueKiller+
  

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

[ZTR_888]

Hi Gringo, Thanks for the quick reply, Ive done as requested here are the logs.RKreport2_D_05262013_02d2051.txtTDSSKiller.2.8.16.0_26.05.2013_20.36.53_log.txt

[ZTR_888]

Ive restarted the pc and now the Memory Leak seems to be 'now' at 2200mb on idle. Then jumping in 20mb stages to 2900mb. Hope this helps,

Thanks again for your time Gringo.

John.

[gringo_pr]

Helo

what did you reinstall after the format? I do not see any maleware to cause this problem

[ZTR_888]

Hi Gringo , The programs ive installed are

The Updates from windows,

Drivers from the mobo cd. Asus Sabertooth,

An old game Settlers 3,

Ccleaner,

Foobar,(music playlist)

Ati drivers.

Just basic programs really.

Hope this helps,

Thanks again,

John

[gringo_pr]

Hello John

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

• •Internet access
  •Windows Update
  •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
  
• it will ask to download extra definitions - ALLOW IT
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  

When you are complete please send me both reports

Gringo

[ZTR_888]

Hi Gringo, Ive done as requested,

Malware didnt pick up any virus,

here is the log to ASW

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-05-27 05:57:25

-----------------------------

05:57:25.377 OS Version: Windows x64 6.0.6002 Service Pack 2

05:57:25.377 Number of processors: 8 586 0x200

05:57:25.378 ComputerName: JABBA-PC UserName: Jabba

05:57:26.204 Initialize success

05:57:33.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

05:57:33.359 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3

05:57:33.360 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

05:57:33.361 Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3

05:57:33.362 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3

05:57:33.363 Disk 2 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 3

05:57:33.668 Disk 0 MBR read successfully

05:57:33.669 Disk 0 MBR scan

05:57:33.670 Disk 0 Windows VISTA default MBR code

05:57:33.758 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 205000 MB offset 2048

05:57:33.784 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 510000 MB offset 419842048

05:57:33.833 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 205000 MB offset 1464322048

05:57:33.888 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 33867 MB offset 1884162048

05:57:33.896 Disk 0 scanning C:\Windows\system32\drivers

05:57:36.503 Service scanning

05:57:44.148 Modules scanning

05:57:44.150 Disk 0 trace - called modules:

05:57:44.163 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

05:57:44.165 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f11f790]

05:57:44.168 3 CLASSPNP.SYS[fffffa6000fd4c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800df7b590]

05:57:44.170 Scan finished successfully

05:57:53.266 Disk 0 MBR has been saved successfully to "C:\Users\Jabba\Desktop\MBR.dat"

05:57:53.268 The log file has been saved successfully to "C:\Users\Jabba\Desktop\aswMBR.txt"

[ZTR_888]

Ive done a Highjackthis scan and seen that some dll files are missing, Hope this helps,

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 06:00:29, on 27/05/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16483)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe

I:\Windows APPz\TDSS-Killa\HijackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')

O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 5401 bytes

[ZTR_888]

ive done a flash on the bios to try and make sure there wasnt a bios virus. Ive googled some of the missing dll files and havent got anywhere really? Some say its suspicious activity I just dont know, Hope this helps,

Thankyou for your time Gringo.

John

[gringo_pr]

Greetings

The missing files in the hijackthis report is normal for 64bit computers as hijackthis is looking for them in the wrong location

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

• Run HijackThis (rightclick and run as admin)
  
• Click on the Scan button
  
• Put a check beside all of the items listed below (if present):
  
  • 
    O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    

[*] Close all open windows and browsers/email, etc...

[*] Click on the "Fix Checked" button

[*] When completed, close the application.

• NOTE**You can research each of those lines

>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
    

  [*]When asked, allow the add/on to be installed

  • Click Start
    

  [*]Make sure that the option Remove found threats is unticked

  [*]Click on Advanced Settings, ensure the options

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    

  [*]Click Scan

  [*]wait for the virus definitions to be downloaded

  [*]Wait for the scan to finish

When the scan is complete

• If no threats were found
  
  • put a checkmark in "Uninstall application on close"
    
  • close program
    
  • report to me that nothing was found
    

• If threats were found
  
  • click on "list of threats found"
    
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
    
  • Click on back
    
  • put a checkmark in "Uninstall application on close"
    
  • click on finish
    
  • close program
    
  • copy and paste the report here
    

Gringo

[ZTR_888]

Hi Gringo, Ive done as requested but I cant seem to find the online scanner log? Ive ran both programs and didnt find any viruses,

Here is the log to malware rootkit.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, M:\ DRIVE_FIXED

CPU speed: 4.731000 GHz

Memory total: 17138356224, free: 14838865920

Downloaded database version: v2013.05.27.01

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

05/27/2013 05:51:13

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\jraid.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\AiChargerPlus.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\asmtxhci.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\ohci1394.sys

\SystemRoot\system32\DRIVERS\1394BUS.SYS

\SystemRoot\system32\DRIVERS\Rtlh64.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\processr.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdLH6.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\asmthub3.sys

\SystemRoot\SysWow64\drivers\ASUSFILTER.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\SysWow64\drivers\AsUpIO.sys

\SystemRoot\SysWow64\drivers\AsIO.sys

\SystemRoot\system32\DRIVERS\MAudioFastTrackPro.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\xusb21.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys

\SystemRoot\system32\drivers\HTTP.sys

\??\C:\Users\Jabba\AppData\Local\Temp\TRIXX.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR4

Upper Device Object: 0xfffffa800ef5d610

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000009b\

Lower Device Object: 0xfffffa8010b9f280

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800f3d7060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xfffffa800dfc7940

Lower Device Driver Name: \Driver\atapi\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800f224790

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa800df88590

Lower Device Driver Name: \Driver\atapi\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800f11f790

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa800df7b590

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800f11f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800f11f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800f11f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa800df7b590, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: A372FCC3

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 419840000

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 419842048 Numsec = 1044480000

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1464322048 Numsec = 419840000

Partition 3 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1884162048 Numsec = 69359616

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800f224790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800f2242c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800f224790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa800df88590, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: A372FCF7

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 460800000

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 460802048 Numsec = 1492717568

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xfffffa800f3d7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800f3d7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800f3d7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa800dfc7940, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 879C151B

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 512

Drive: 3, DevicePointer: 0xfffffa800ef5d610, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800d87d040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ef5d610, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8010b9f280, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 3

Scanning MBR on drive 3...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1D15993

Partition information:

Partition 0 type is Other (0x6)

Partition is ACTIVE.

Partition starts at LBA: 32 Numsec = 4069344

Partition file system is FAT

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2083520512 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_3_0_32_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_r.mbam...

Removal finished