Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malwarebytes keeps finding Stolen.Data items

Started by levi, Apr 10 2012 12:29 PM

stolen.data trojan

This topic is locked

17 replies to this topic

#1 levi

New Member

Members
9 posts

Posted 10 April 2012 - 12:29 PM

I have been running MB Anti-Malware free for a while now and usually get fully clean results. But 2 days back when I ran a check I found a ton of infections along with Stolen.Data items. I immediately cleaned it up. Today when I again ran MB Anti-Malware it again found new Stolen.Data.. Obviously its not being fully cleaned. Please help me!

I have posted the dds.txt and attach.txt logs as mentioned in the http://forums.malwar...?showtopic=9573 post. Eagerly waiting for a reply...

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.3.0
Run by Vikram at 22:50:56 on 2012-04-10
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.3567.1585 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\EVGA Precision X\EVGAPrecision.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\IProsetMonitor.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr32.exe
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\NetWorx\networx.exe
C:\Program Files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\Temp\Volume.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\EVGA Precision X\Bundle\OSDServer\RTSS.exe
C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\programs\attributes.exe
C:\Windows\system32\conhost.exe
c:\programs\phoenix.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=59.93.246.190:808;https=59.93.246.190:808;ftp=59.93.246.190:808;socks=59.93.246.190:1080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Audio] c:\users\vikram\appdata\local\temp\Soundfx .exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [<NO NAME>]
mRun: [ASUS AiChargerPlus Execute] c:\program files\installshield installation information\{e6931688-da2b-4e16-8539-3d323d69c677}\AiChargerPlus.exe
mRun: [ASUS ShellProcess Execute] c:\program files\asus\ai suite ii\asus mobilink\simulator\AsShellProcess.exe
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [OmniPage Preload] c:\program files\nuance\omnipage18\OmniPage18.exe /preload
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\vikram\appdata\roaming\microsoft\windows\start menu\programs\startup\Soundfx .exe
uPolicies-system: Shell = %windir%\lock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: ncodesolutions.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
TCP: Interfaces\{61EC26C7-594A-4783-B662-78D5543F61F5} : DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
TCP: Interfaces\{A0FCFE2C-0228-4CB7-9712-55CC9708D751} : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1} : NameServer = 8.8.4.4,208.67.220.220
TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1} : DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vikram\appdata\roaming\mozilla\firefox\profiles\emn1jwc8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\professional 7\npdf.dll
FF - plugin: c:\program files\nitro pdf\professional 7\npnitromozilla.dll
FF - plugin: c:\program files\nitro pdf\professional 7\NPShellExtension.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\drivers\AiChargerPlus.sys [2012-1-14 13696]
R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-27 261160]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-8-3 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-14 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-14 337112]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 asComSvc;ASUS Com Service;c:\program files\asus\axsp\1.00.14\atkexComSvc.exe [2011-6-13 922240]
R2 asHmComSvc;ASUS HM Com Service;c:\program files\asus\aahm\1.00.14\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.11\AsSysCtrlService.exe [2012-1-14 586880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-14 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-14 57688]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-1 44768]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-2-9 96768]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-1-14 13592]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-3-16 91936]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-27 112800]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2011-11-2 196896]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-10 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-9-14 102376]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-9-14 311784]
R3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [2011-9-20 37448]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-6 242240]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2012-1-27 268968]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\drivers\ICCWDT.sys [2010-8-17 22040]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-14 41088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-4-10 148800]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160]
R3 RTCore32;RTCore32;c:\program files\evga precision x\RTCore32.sys [2011-9-7 5632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\drivers\ASUSstpt.sys [2012-1-14 20552]
S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\drivers\ASUSumsc.sys [2012-1-14 117832]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2011-3-13 43680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-2-24 135584]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-3-26 223088]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-14 1343400]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-04-10 02:17:31 -------- d-----w- c:\program files\GPU-Z
2012-04-10 01:53:09 -------- d-----w- c:\program files\EVGA
2012-04-10 01:41:44 -------- d-----w- c:\program files\EVGA Precision X
2012-04-10 01:18:01 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-10 01:18:01 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-04-10 01:18:01 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-10 01:18:01 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-10 01:18:01 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-10 01:18:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-10 01:17:49 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-10 01:17:17 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-04-10 01:17:17 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-10 01:17:17 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-08 18:59:12 -------- d-----w- c:\program files\Yukkuri Panic!
2012-04-08 18:58:50 -------- d-----w- c:\program files\Yukkuri Panic! ADV
2012-04-08 05:59:49 -------- d-----w- c:\program files\Will
2012-04-07 20:00:24 -------- d-----w- c:\program files\MediaInfo
2012-04-07 11:32:03 -------- d-----w- c:\users\vikram\appdata\roaming\savedata
2012-04-07 11:31:06 -------- d-----w- c:\program files\あかべぇそふとつぅ
2012-04-06 19:52:11 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut11_3DCAB3F8E1464415A95392718B7291A4.exe
2012-04-06 19:52:11 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut1_413052402F904D9B89A1F5247527F664.exe
2012-04-06 19:52:11 131072 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut3_6FC8A928D9BB4B5F87E47BFA2DFFBFE5.exe
2012-04-06 19:52:10 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\ARPPRODUCTICON.exe
2012-04-06 19:50:57 -------- d-----w- c:\program files\CROSSNET
2012-04-06 18:54:06 -------- d-----w- c:\program files\directx
2012-04-06 18:53:59 -------- d-----w- c:\program files\AngelSmile
2012-04-06 14:02:04 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f956ee60-8895-4d3b-bb88-c81743ed50ed}\mpengine.dll
2012-04-03 09:17:41 -------- d-----w- C:\programs
2012-03-31 20:51:46 -------- d-----w- c:\program files\Xuse
2012-03-31 06:20:28 -------- d-----w- c:\programdata\Pendulo Studios
2012-03-31 06:13:44 -------- d-----w- c:\program files\Pendulo Studios
2012-03-31 05:49:09 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-31 05:49:09 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-31 05:49:07 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-30 03:00:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 18:32:54 -------- d-----w- c:\program files\DISCIPLINE
2012-03-29 17:40:12 -------- d-----w- c:\program files\AutoIt3
2012-03-29 17:10:05 -------- d-----w- c:\users\vikram\appdata\local\Electronic Arts
2012-03-29 17:09:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-28 21:01:15 -------- d-----w- C:\folder1
2012-03-28 15:05:54 -------- d-----w- c:\program files\Sengoku Rance English
2012-03-28 11:46:42 -------- d-----w- c:\users\vikram\appdata\roaming\RenPy
2012-03-28 11:46:01 1590784 ----a-w- c:\users\vikram\appdata\roaming\microsoft\windows\start menu\programs\startup\Soundfx .exe
2012-03-27 11:09:48 -------- d-----w- C:\AliceSoft
2012-03-26 17:08:41 86016 ----a-w- c:\windows\unvise32.exe
2012-03-26 17:08:30 -------- d-----w- c:\program files\G-Collections
2012-03-25 16:06:35 -------- d-----w- C:\Baseson
2012-03-25 12:36:10 40960 ----a-w- c:\windows\system32\StartAffinity.exe
2012-03-25 03:30:48 -------- d-----w- c:\program files\Leaf
2012-03-24 19:27:32 -------- d-----w- c:\users\vikram\appdata\roaming\Family Project
2012-03-24 16:30:57 -------- d-----w- c:\programdata\ASign
2012-03-24 16:29:11 -------- d-----w- C:\Liquid
2012-03-24 15:37:12 -------- d-----w- c:\users\vikram\appdata\roaming\Waveform
2012-03-24 06:46:41 -------- d-----w- c:\program files\Monte Cristo
2012-03-23 16:10:36 -------- d-----w- c:\users\vikram\appdata\local\ElevatedDiagnostics
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 13:12:57 -------- d-----w- c:\users\vikram\appdata\local\Eushully
2012-03-18 13:09:45 -------- d-----w- c:\program files\Eushully
2012-03-16 11:08:36 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-16 06:40:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-16 06:40:04 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-16 06:40:04 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-15 10:59:22 -------- d-----w- c:\users\vikram\appdata\roaming\Doublefine
2012-03-15 10:55:15 -------- d-----w- c:\program files\Double Fine Productions
2012-03-15 10:29:26 -------- d-----w- c:\programdata\Media Center Programs
2012-03-15 10:29:24 -------- d-----w- c:\program files\common files\BioWare
2012-03-15 08:07:12 -------- d-----w- C:\ConverterOutput
2012-03-15 08:06:33 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2012-03-15 08:06:33 395776 ----a-w- c:\windows\system32\libmplayer.dll
2012-03-15 08:06:33 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-03-15 08:06:33 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2012-03-15 08:06:33 1761280 ----a-w- c:\windows\system32\ffdshow.ax
2012-03-15 08:06:33 172032 ----a-w- c:\windows\system32\ac3filter.ax
2012-03-15 08:06:33 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2012-03-15 08:06:26 -------- d-----w- c:\program files\Cucusoft
2012-03-14 21:30:51 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:30:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:14:42 -------- d-----w- c:\program files\JULIA
2012-03-14 06:22:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:22:34 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:04:57 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 06:04:57 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:04:57 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:04:57 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:04:54 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 06:04:54 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:04:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:59:29 -------- d-----w- c:\programdata\Comodo
2012-03-13 10:44:21 -------- d-----w- c:\program files\Strange Loop Games
2012-03-13 02:21:44 -------- d-----w- c:\program files\CE Remote Tools
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\js
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\images
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\html
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\css
2012-03-13 01:58:44 -------- d-----w- c:\program files\Business Objects
2012-03-13 01:55:58 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-13 01:53:09 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-13 01:52:04 -------- d-----w- c:\windows\system32\1033
2012-03-13 01:51:43 -------- d-----w- c:\program files\HTML Help Workshop
2012-03-13 01:51:43 -------- d-----w- c:\program files\common files\Merge Modules
2012-03-13 01:32:15 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2012-03-13 01:30:58 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1036.dll
2012-03-13 01:30:58 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.3082.dll
2012-03-13 01:30:58 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1031.dll
2012-03-13 01:30:58 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1040.dll
2012-03-13 01:30:58 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1033.dll
2012-03-13 01:30:58 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1041.dll
2012-03-13 01:30:58 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1042.dll
2012-03-13 01:30:58 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1028.dll
2012-03-13 01:30:58 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.2052.dll
2012-03-13 01:30:58 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.exe
.
==================== Find3M  ====================
.
2012-04-04 10:26:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:17:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-31 06:17:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-30 03:02:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 15:43:38 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 15:43:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 15:43:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 15:43:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 15:43:20 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-11 09:39:29 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe
2012-03-06 10:11:24 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 09:02:57 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-06 08:44:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-06 08:44:56 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 07:56:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:59 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 03:48:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 13:37:38 0 ----a-w- c:\windows\msjava.dll
2012-02-19 08:57:47 5187744 ----a-w- c:\windows\PE_Rom.dll
2012-01-31 18:55:14 10804768 ----a-w- c:\program files\common files\lpuninstall.exe
2012-01-25 06:29:44 5253280 ----a-w- c:\windows\PE_File.dll
2012-01-14 15:11:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-14 15:11:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-01-14 15:11:59 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-01-14 09:37:52 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-14 09:30:31 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-01-14 08:56:26 811520 ----a-w- c:\windows\system32\user32.dll
2012-01-14 08:56:26 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:56:26 13824 ----a-w- c:\windows\system32\slwga.dll
2010-11-20 21:29:11 1169224 --sh--w- c:\windows\temp\Volume.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Windows 6.1.7601 Disk: ST310005 rev.JC45 -> Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83445000]<< >>UNKNOWN [0x8DC09000]<< >>UNKNOWN [0x8DA08000]<< >>UNKNOWN [0x866E71E8]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x8347C55A] -> \Device\Harddisk0\DR0[0x8993E5C0]
\Driver\Disk[0x8993D5C8] -> IRP_MJ_CREATE -> 0x8DC0D39F
3 [0x8DC0D59E] -> ntkrnlpa!IofCallDriver[0x8347C55A] -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0[0x8749D030]
\Driver\mv91xx[0x8749A4A8] -> IRP_MJ_CREATE -> 0x866E71E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:52:27.41 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 14/1/2012 2:26:30 PM
System Uptime: 10/4/2012 10:35:15 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8Z68-V PRO GEN3
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 500 GiB total, 369.983 GiB free.
D: is FIXED (NTFS) - 432 GiB total, 382.539 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 201.98 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 85.46 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 175.229 GiB free.
H: is CDROM ()
I: is CDROM (UDF)
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP188: 1/4/2012 3:08:15 PM - Installed Microsoft AppLocale
RP189: 1/4/2012 5:00:04 PM - Windows Backup
RP190: 3/4/2012 4:50:57 PM - Windows Update
RP191: 6/4/2012 12:53:22 PM - Installed Adobe Reader X.
RP192: 6/4/2012 7:31:42 PM - Windows Update
RP193: 7/4/2012 1:20:40 AM - Installed 星空のメモリア-Wish upon a shooting star-.
RP194: 8/4/2012 7:18:58 PM - Windows Backup
.
==== Installed Programs ======================
.
.
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
AI Suite II
Asmedia ASM104x USB 3.0 Host Controller Driver
AutoIt v3.3.8.1
avast! Free Antivirus
Bluetooth Win7 Suite
BOSS
BufferChm
calibre
CCleaner
COMODO Internet Security
Conquering the Queen
Crystal Reports Basic for Visual Studio 2008
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DisplayFusion 3.4.1
DocProc
EasyBCD 2.1.2
Escalation ADV version Escalation ADV v1.0
Escalation Yukkuri Panic! version 1.0
EVGA OC Scanner X 2.0.1
EVGA Precision X 3.0.2
Fallout Mod Manager 0.13.21
Family Project v1.0
FileHippo.com Update Checker
ForceBindIP
Fraps
Freemake Video Converter version 3.0.2
Futuremark SystemInfo
G-Senjou no Maou English
Google Chrome
Google Update Helper
GPBaseService2
Hegemony Gold: Wars of Ancient Greece
High-Definition Video Playback
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Scanjet G2410 and 2400
HP Solution Center 13.0
HP Update
hpg2410
HPPhotosmartEssential
HPProductAssistant
InstallShield for Microsoft Visual C++ 6
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections 16.5.2.0
Intel® Rapid Storage Technology
IntelR Watchdog Timer Driver (IntelR WDT)
Internet Download Manager
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 3
JMicron JMB36X Driver
Koihime_Musou
L.A. Noire
LastPass (uninstall only)
Lightning Warrior Raidy
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 91xx driver
Mass Effect
Media Player Classic - Home Cinema 1.6.0.4014
MediaInfo 0.7.55
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft AppLocale
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Visual Studio Web Authoring Component
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Application Compatibility Database
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Xbox 360 Accessories 1.2
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobipocket Reader 6.2
Mortal Kombat Arcade Kollection
MotoHelper 2.0.49 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Mozilla Firefox 11.0 (x86 en-US)
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero Dolby Files 10
Nero Express 10
Nero Multimedia Suite 10 Platinum HD
NetWorx 5.2.2
Nexus Mod Manager
Nitro Pro 7
Notepad++
Nuance OmniPage 18
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
OpenAL
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PDF Settings CS5
Picasa 3
Pidgin
Rayman Origins
Realtek High Definition Audio Driver
ReNamer
Rockstar Games Social Club
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sengoku Rance English v1.01
SolutionCenter
Steam
System Requirements Lab CYRI
Tally 9
TechPowerUp GPU-Z
TeraCopy 2.27
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Utawarerumono English v1.1
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebM Project Directshow Filters
WebReg
Windows Live ID Sign-in Assistant
WinRAR 4.11 (32-bit)
WMP 12 Playback Pack
Xuse 永遠のアセリア － この大地の果てで －  (Remove Only)
μTorrent
星空のメモリア-Wish upon a shooting star-
神採りアルケミーマイスター
神採りアルケミーマイスター Append01
神採りアルケミーマイスター Append02
神採りアルケミーマイスター Ver2.00 Update
.
==== Event Viewer Messages From Past Week ========
.
7/4/2012 12:44:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
7/4/2012 12:05:48 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/4/2012 11:58:46 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ASUS HM Com Service service to connect.
5/4/2012 11:58:46 AM, Error: Service Control Manager [7000]  - The ASUS HM Com Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/4/2012 6:43:57 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
10/4/2012 6:43:57 AM, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/4/2012 5:25:45 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
.
==== End Of File ===========================

#2 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 10 April 2012 - 03:08 PM

Hello levi and :welcome:

! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall μTorrent, because of our rules:
http://forums.malwar...showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#3 levi

New Member

Members
9 posts

Posted 10 April 2012 - 04:22 PM

Greetings @maniac,

Thanks for your prompt reply. I have done each of the steps you have mentioned. However I am not sure whether they were helpful or not. TDSSKiller seemed only to find suspicious and not even a single malicious file while the latest MB Anti-malware quick scan was completely clean

Anyways I am pasting all the logs you wanted. I will probably reply later tomorrow since its 2 oclock in the morning here. See you in about 6-8 hours.

TDSSKiller Log

02:50:01.0289 7600 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
02:50:02.0170 7600 ============================================================
02:50:02.0170 7600 Current date / time: 2012/04/11 02:50:02.0170
02:50:02.0170 7600 SystemInfo:
02:50:02.0170 7600 
02:50:02.0170 7600 OS Version: 6.1.7601 ServicePack: 1.0
02:50:02.0170 7600 Product type: Workstation
02:50:02.0170 7600 ComputerName: VIKRAM-PC
02:50:02.0170 7600 UserName: Vikram
02:50:02.0170 7600 Windows directory: C:\Windows
02:50:02.0170 7600 System windows directory: C:\Windows
02:50:02.0170 7600 Processor architecture: Intel x86
02:50:02.0170 7600 Number of processors: 4
02:50:02.0170 7600 Page size: 0x1000
02:50:02.0170 7600 Boot type: Normal boot
02:50:02.0170 7600 ============================================================
02:50:03.0173 7600 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
02:50:03.0191 7600 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
02:50:03.0196 7600 \Device\Harddisk0\DR0:
02:50:03.0196 7600 MBR used
02:50:03.0196 7600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3E800000
02:50:03.0196 7600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3E800800, BlocksNum 0x35F05000
02:50:03.0196 7600 \Device\Harddisk1\DR1:
02:50:03.0196 7600 MBR used
02:50:03.0196 7600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A382000
02:50:03.0196 7600 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3A382800, BlocksNum 0x3A382000
02:50:03.0196 7600 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x74704800, BlocksNum 0x3A382000
02:50:03.0347 7600 Initialize success
02:50:03.0347 7600 ============================================================
02:50:07.0654 8144 ============================================================
02:50:07.0655 8144 Scan started
02:50:07.0655 8144 Mode: Manual; SigCheck; TDLFS; 
02:50:07.0655 8144 ============================================================
02:50:08.0340 8144 1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
02:50:08.0422 8144 1394ohci - ok
02:50:08.0441 8144 ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:50:08.0451 8144 ACPI - ok
02:50:08.0466 8144 AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:50:08.0517 8144 AcpiPmi - ok
02:50:08.0600 8144 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:50:08.0607 8144 AdobeARMservice - ok
02:50:08.0670 8144 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:50:08.0680 8144 AdobeFlashPlayerUpdateSvc - ok
02:50:08.0700 8144 adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
02:50:08.0712 8144 adp94xx - ok
02:50:08.0723 8144 adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
02:50:08.0733 8144 adpahci - ok
02:50:08.0747 8144 adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
02:50:08.0755 8144 adpu320 - ok
02:50:08.0784 8144 AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
02:50:08.0861 8144 AeLookupSvc - ok
02:50:08.0893 8144 AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:50:08.0939 8144 AFD - ok
02:50:08.0950 8144 agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:50:08.0958 8144 agp440 - ok
02:50:08.0996 8144 aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
02:50:09.0003 8144 aic78xx - ok
02:50:09.0041 8144 AiChargerPlus   (2ea975ec6985dd2cf8b895efc1e3d9b3) C:\Windows\system32\DRIVERS\AiChargerPlus.sys
02:50:09.0069 8144 AiChargerPlus - ok
02:50:09.0107 8144 ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
02:50:09.0151 8144 ALG - ok
02:50:09.0160 8144 aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:50:09.0167 8144 aliide - ok
02:50:09.0239 8144 ALSysIO - ok
02:50:09.0268 8144 amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:50:09.0275 8144 amdagp - ok
02:50:09.0285 8144 amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:50:09.0292 8144 amdide - ok
02:50:09.0332 8144 AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
02:50:09.0357 8144 AmdK8 - ok
02:50:09.0364 8144 AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
02:50:09.0375 8144 AmdPPM - ok
02:50:09.0424 8144 amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
02:50:09.0432 8144 amdsata - ok
02:50:09.0448 8144 amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
02:50:09.0456 8144 amdsbs - ok
02:50:09.0472 8144 amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
02:50:09.0479 8144 amdxata - ok
02:50:09.0489 8144 AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:50:09.0526 8144 AppID - ok
02:50:09.0572 8144 AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
02:50:09.0592 8144 AppIDSvc - ok
02:50:09.0609 8144 Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
02:50:09.0646 8144 Appinfo - ok
02:50:09.0702 8144 AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
02:50:09.0721 8144 AppMgmt - ok
02:50:09.0738 8144 arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
02:50:09.0746 8144 arc - ok
02:50:09.0780 8144 arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
02:50:09.0787 8144 arcsas - ok
02:50:09.0875 8144 asComSvc        (6e3f4538b33bc19259e99be1826286a3) C:\Program Files\ASUS\AXSP\1.00.14\atkexComSvc.exe
02:50:09.0894 8144 asComSvc - ok
02:50:09.0916 8144 asHmComSvc      (a63173897ea1a73a75d0e65036de5b15) C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
02:50:09.0936 8144 asHmComSvc - ok
02:50:09.0965 8144 AsIO            (419f3128e01b5ac038efd500314f62b8) C:\Windows\system32\drivers\AsIO.sys
02:50:09.0971 8144 AsIO - ok
02:50:10.0011 8144 asmthub3        (0a0fea9d64cca930e5aae8e1458330d4) C:\Windows\system32\DRIVERS\asmthub3.sys
02:50:10.0050 8144 asmthub3 - ok
02:50:10.0069 8144 asmtxhci        (68064f1baac47dfae494895026ca5776) C:\Windows\system32\DRIVERS\asmtxhci.sys
02:50:10.0084 8144 asmtxhci - ok
02:50:10.0143 8144 aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:50:10.0150 8144 aspnet_state - ok
02:50:10.0186 8144 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
02:50:10.0202 8144 AsSysCtrlService - ok
02:50:10.0225 8144 AsUpIO          (a9a565c669786c402752f609afdd0dd5) C:\Windows\system32\drivers\AsUpIO.sys
02:50:10.0231 8144 AsUpIO - ok
02:50:10.0253 8144 ASUSFILTER      (2b60924733e8847ede0b9dd86be0f793) C:\Windows\system32\drivers\ASUSFILTER.sys
02:50:10.0260 8144 ASUSFILTER - ok
02:50:10.0277 8144 ASUSstpt        (6d6816201eaf341bcd66281bb8e3273b) C:\Windows\system32\DRIVERS\ASUSstpt.sys
02:50:10.0283 8144 ASUSstpt - ok
02:50:10.0302 8144 ASUSumsc        (5d39bbf8643aa7d04531eef97b54e247) C:\Windows\system32\DRIVERS\ASUSumsc.sys
02:50:10.0310 8144 ASUSumsc - ok
02:50:10.0341 8144 aswFsBlk        (581b82df5dbcc1dda6b775fac0d92472) C:\Windows\system32\drivers\aswFsBlk.sys
02:50:10.0348 8144 aswFsBlk - ok
02:50:10.0371 8144 aswMonFlt       (0787b434e9098840966c23bb1c77df49) C:\Windows\system32\drivers\aswMonFlt.sys
02:50:10.0378 8144 aswMonFlt - ok
02:50:10.0403 8144 aswRdr          (03a901b0ba42aac44d7669c7c71dbbc0) C:\Windows\System32\Drivers\aswrdr2.sys
02:50:10.0410 8144 aswRdr - ok
02:50:10.0428 8144 aswSnx          (ca9601cd277a1e510b80422a40240a95) C:\Windows\system32\drivers\aswSnx.sys
02:50:10.0441 8144 aswSnx - ok
02:50:10.0454 8144 aswSP           (05ea22dde5ca7ee3a865046aff2f0229) C:\Windows\system32\drivers\aswSP.sys
02:50:10.0464 8144 aswSP - ok
02:50:10.0471 8144 aswTdi          (3ac73a9e7378848d1bde174b4bb39212) C:\Windows\system32\drivers\aswTdi.sys
02:50:10.0478 8144 aswTdi - ok
02:50:10.0541 8144 AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:50:10.0786 8144 AsyncMac - ok
02:50:10.0826 8144 atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:50:10.0833 8144 atapi - ok
02:50:10.0868 8144 AthBTPort       (882edbafcc227852c9dca23ea48d2e78) C:\Windows\system32\DRIVERS\btath_flt.sys
02:50:10.0874 8144 AthBTPort - ok
02:50:10.0898 8144 ATHDFU          (99925b8ec4fccdb3992292fbcb31069e) C:\Windows\system32\Drivers\AthDfu.sys
02:50:10.0904 8144 ATHDFU - ok
02:50:10.0948 8144 AtherosSvc      (92758ed60f8134e3b844808413f25530) C:\Program Files\Bluetooth Suite\adminservice.exe
02:50:10.0955 8144 AtherosSvc - ok
02:50:10.0997 8144 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:50:11.0035 8144 AudioEndpointBuilder - ok
02:50:11.0040 8144 Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:50:11.0061 8144 Audiosrv - ok
02:50:11.0100 8144 avast! Antivirus (a45aa986d9490a4e5b87563d9cd7b175) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:50:11.0107 8144 avast! Antivirus - ok
02:50:11.0117 8144 AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
02:50:11.0169 8144 AxInstSV - ok
02:50:11.0186 8144 b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
02:50:11.0226 8144 b06bdrv - ok
02:50:11.0240 8144 b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:50:11.0251 8144 b57nd60x - ok
02:50:11.0278 8144 BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
02:50:11.0296 8144 BDESVC - ok
02:50:11.0312 8144 Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:50:11.0342 8144 Beep - ok
02:50:11.0363 8144 BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
02:50:11.0386 8144 BFE - ok
02:50:11.0415 8144 BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
02:50:11.0442 8144 BITS - ok
02:50:11.0454 8144 blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:50:11.0465 8144 blbdrive - ok
02:50:11.0492 8144 bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:50:11.0512 8144 bowser - ok
02:50:11.0526 8144 BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
02:50:11.0537 8144 BrFiltLo - ok
02:50:11.0551 8144 BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
02:50:11.0595 8144 BrFiltUp - ok
02:50:11.0626 8144 Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
02:50:11.0646 8144 Browser - ok
02:50:11.0658 8144 Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:50:11.0699 8144 Brserid - ok
02:50:11.0712 8144 BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:50:11.0750 8144 BrSerWdm - ok
02:50:11.0778 8144 BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:50:11.0806 8144 BrUsbMdm - ok
02:50:11.0813 8144 BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:50:11.0823 8144 BrUsbSer - ok
02:50:11.0898 8144 BTATH_A2DP      (e5b321f18a1d8b6b8dd397d92ba5946a) C:\Windows\system32\drivers\btath_a2dp.sys
02:50:11.0905 8144 BTATH_A2DP - ok
02:50:11.0933 8144 BTATH_BUS       (f60e0c722442ea91f0c253b7814d8192) C:\Windows\system32\DRIVERS\btath_bus.sys
02:50:11.0938 8144 BTATH_BUS - ok
02:50:11.0957 8144 BTATH_HCRP      (f31e369db8258b28e3dcf66705aea9e9) C:\Windows\system32\DRIVERS\btath_hcrp.sys
02:50:11.0964 8144 BTATH_HCRP - ok
02:50:11.0976 8144 BTATH_LWFLT     (6651798266fde23159d961463a63a77d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
02:50:11.0981 8144 BTATH_LWFLT - ok
02:50:12.0015 8144 BTATH_RCP       (08ef5298df80bc136523bcd2ed8b9c37) C:\Windows\system32\DRIVERS\btath_rcp.sys
02:50:12.0021 8144 BTATH_RCP - ok
02:50:12.0043 8144 BtFilter        (ef6269eab772989e338ba4c833093bac) C:\Windows\system32\DRIVERS\btfilter.sys
02:50:12.0050 8144 BtFilter - ok
02:50:12.0088 8144 BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
02:50:12.0114 8144 BthEnum - ok
02:50:12.0134 8144 BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:50:12.0146 8144 BTHMODEM - ok
02:50:12.0178 8144 BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
02:50:12.0190 8144 BthPan - ok
02:50:12.0222 8144 BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
02:50:12.0235 8144 BTHPORT - ok
02:50:12.0276 8144 bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
02:50:12.0297 8144 bthserv - ok
02:50:12.0308 8144 BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
02:50:12.0330 8144 BTHUSB - ok
02:50:12.0365 8144 cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:50:12.0418 8144 cdfs - ok
02:50:12.0463 8144 cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
02:50:12.0474 8144 cdrom - ok
02:50:12.0513 8144 CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:50:12.0532 8144 CertPropSvc - ok
02:50:12.0557 8144 circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
02:50:12.0568 8144 circlass - ok
02:50:12.0599 8144 CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:50:12.0610 8144 CLFS - ok
02:50:12.0676 8144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:50:12.0684 8144 clr_optimization_v2.0.50727_32 - ok
02:50:12.0729 8144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:50:12.0738 8144 clr_optimization_v4.0.30319_32 - ok
02:50:12.0744 8144 CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
02:50:12.0755 8144 CmBatt - ok
02:50:12.0824 8144 cmdAgent        (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
02:50:12.0851 8144 cmdAgent - ok
02:50:12.0888 8144 cmdGuard        (ed042da80d9d6a087e83df395ceefd65) C:\Windows\system32\DRIVERS\cmdguard.sys
02:50:12.0899 8144 cmdGuard - ok
02:50:12.0916 8144 cmdHlp          (ed6b6a222cb9adf6751e02ad478a89fb) C:\Windows\system32\DRIVERS\cmdhlp.sys
02:50:12.0923 8144 cmdHlp - ok
02:50:12.0939 8144 cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:50:12.0946 8144 cmdide - ok
02:50:12.0973 8144 CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
02:50:12.0987 8144 CNG - ok
02:50:12.0998 8144 Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
02:50:13.0005 8144 Compbatt - ok
02:50:13.0026 8144 CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:50:13.0076 8144 CompositeBus - ok
02:50:13.0100 8144 COMSysApp - ok
02:50:13.0144 8144 cpuz135 - ok
02:50:13.0158 8144 crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
02:50:13.0166 8144 crcdisk - ok
02:50:13.0213 8144 CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
02:50:13.0233 8144 CryptSvc - ok
02:50:13.0262 8144 CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
02:50:13.0283 8144 CSC - ok
02:50:13.0299 8144 CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
02:50:13.0335 8144 CscService - ok
02:50:13.0371 8144 DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:50:13.0408 8144 DcomLaunch - ok
02:50:13.0442 8144 defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
02:50:13.0464 8144 defragsvc - ok
02:50:13.0472 8144 DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:50:13.0504 8144 DfsC - ok
02:50:13.0551 8144 Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
02:50:13.0573 8144 Dhcp - ok
02:50:13.0589 8144 discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:50:13.0609 8144 discache - ok
02:50:13.0646 8144 Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
02:50:13.0653 8144 Disk - ok
02:50:13.0700 8144 dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
02:50:13.0737 8144 dmvsc - ok
02:50:13.0763 8144 Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
02:50:13.0785 8144 Dnscache - ok
02:50:13.0821 8144 dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
02:50:13.0842 8144 dot3svc - ok
02:50:13.0877 8144 DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
02:50:13.0897 8144 DPS - ok
02:50:13.0948 8144 drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:50:13.0959 8144 drmkaud - ok
02:50:13.0995 8144 dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:50:14.0004 8144 dtsoftbus01 - ok
02:50:14.0027 8144 DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:50:14.0041 8144 DXGKrnl - ok
02:50:14.0087 8144 e1cexpress      (27de93085f73b385ac26e6c63441b5dc) C:\Windows\system32\DRIVERS\e1c6232.sys
02:50:14.0097 8144 e1cexpress - ok
02:50:14.0123 8144 EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
02:50:14.0157 8144 EapHost - ok
02:50:14.0213 8144 ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
02:50:14.0246 8144 ebdrv - ok
02:50:14.0280 8144 EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
02:50:14.0320 8144 EFS - ok
02:50:14.0368 8144 ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
02:50:14.0391 8144 ehRecvr - ok
02:50:14.0404 8144 ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
02:50:14.0416 8144 ehSched - ok
02:50:14.0431 8144 elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
02:50:14.0443 8144 elxstor - ok
02:50:14.0466 8144 ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:50:14.0493 8144 ErrDev - ok
02:50:14.0530 8144 EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
02:50:14.0552 8144 EventSystem - ok
02:50:14.0579 8144 exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:50:14.0599 8144 exfat - ok
02:50:14.0618 8144 fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:50:14.0650 8144 fastfat - ok
02:50:14.0706 8144 Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
02:50:14.0746 8144 Fax - ok
02:50:14.0763 8144 fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
02:50:14.0773 8144 fdc - ok
02:50:14.0797 8144 fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
02:50:14.0829 8144 fdPHost - ok
02:50:14.0836 8144 FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
02:50:14.0862 8144 FDResPub - ok
02:50:14.0888 8144 FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:50:14.0896 8144 FileInfo - ok
02:50:14.0926 8144 Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:50:14.0944 8144 Filetrace - ok
02:50:14.0951 8144 flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
02:50:14.0961 8144 flpydisk - ok
02:50:14.0997 8144 FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:50:15.0006 8144 FltMgr - ok
02:50:15.0045 8144 FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
02:50:15.0077 8144 FontCache - ok
02:50:15.0142 8144 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:50:15.0149 8144 FontCache3.0.0.0 - ok
02:50:15.0236 8144 Freemake Improver (565619f1b6da86e3c7ba75a1e60ecfcd) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
02:50:15.0257 8144 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
02:50:15.0257 8144 Freemake Improver - detected UnsignedFile.Multi.Generic (1)
02:50:15.0276 8144 FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:50:15.0283 8144 FsDepends - ok
02:50:15.0295 8144 Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
02:50:15.0302 8144 Fs_Rec - ok
02:50:15.0398 8144 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
02:50:15.0406 8144 Futuremark SystemInfo Service - ok
02:50:15.0437 8144 fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:50:15.0448 8144 fvevol - ok
02:50:15.0459 8144 gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
02:50:15.0466 8144 gagp30kx - ok
02:50:15.0523 8144 gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
02:50:15.0566 8144 gpsvc - ok
02:50:15.0628 8144 gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:50:15.0636 8144 gupdate - ok
02:50:15.0640 8144 gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:50:15.0647 8144 gupdatem - ok
02:50:15.0677 8144 gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:50:15.0685 8144 gusvc - ok
02:50:15.0704 8144 hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:50:15.0721 8144 hcw85cir - ok
02:50:15.0766 8144 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
02:50:15.0780 8144 HdAudAddService - ok
02:50:15.0793 8144 HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:50:15.0833 8144 HDAudBus - ok
02:50:15.0866 8144 HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
02:50:15.0876 8144 HidBatt - ok
02:50:15.0906 8144 HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
02:50:15.0918 8144 HidBth - ok
02:50:15.0940 8144 HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
02:50:15.0967 8144 HidIr - ok
02:50:15.0999 8144 hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
02:50:16.0019 8144 hidserv - ok
02:50:16.0047 8144 HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
02:50:16.0058 8144 HidUsb - ok
02:50:16.0087 8144 hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
02:50:16.0107 8144 hkmsvc - ok
02:50:16.0133 8144 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
02:50:16.0156 8144 HomeGroupListener - ok
02:50:16.0184 8144 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
02:50:16.0215 8144 HomeGroupProvider - ok
02:50:16.0308 8144 hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
02:50:16.0316 8144 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
02:50:16.0316 8144 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
02:50:16.0333 8144 HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:50:16.0341 8144 HpSAMD - ok
02:50:16.0376 8144 HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:50:16.0397 8144 HTTP - ok
02:50:16.0412 8144 hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:50:16.0419 8144 hwpolicy - ok
02:50:16.0437 8144 i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:50:16.0465 8144 i8042prt - ok
02:50:16.0525 8144 iaStor          (db81f413fa4e3f328cad7b5d59ef3f21) C:\Windows\system32\DRIVERS\iaStor.sys
02:50:16.0537 8144 iaStor - ok
02:50:16.0600 8144 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:50:16.0607 8144 IAStorDataMgrSvc - ok
02:50:16.0634 8144 iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
02:50:16.0644 8144 iaStorV - ok
02:50:16.0687 8144 ICCWDT          (8661b1d7706889463289a8660352f0f8) C:\Windows\system32\DRIVERS\ICCWDT.sys
02:50:16.0694 8144 ICCWDT - ok
02:50:16.0717 8144 IDMWFP          (abdb3c09f68292f0eb9c81855c0e47b5) C:\Windows\system32\DRIVERS\idmwfp.sys
02:50:16.0724 8144 IDMWFP - ok
02:50:16.0783 8144 IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:50:16.0789 8144 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:50:16.0789 8144 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:50:16.0854 8144 idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:50:16.0872 8144 idsvc - ok
02:50:16.0904 8144 iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
02:50:16.0912 8144 iirsp - ok
02:50:16.0948 8144 IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
02:50:17.0001 8144 IKEEXT - ok
02:50:17.0049 8144 inspect         (2ee3db2c1760171c6f72f2f1792a47b5) C:\Windows\system32\DRIVERS\inspect.sys
02:50:17.0057 8144 inspect - ok
02:50:17.0134 8144 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
02:50:17.0174 8144 IntcAzAudAddService - ok
02:50:17.0208 8144 Intel(R) PROSet Monitoring Service (1a97e12e4037492cbf22f94d3a0cebe9) C:\Windows\system32\IProsetMonitor.exe
02:50:17.0218 8144 Intel(R) PROSet Monitoring Service - ok
02:50:17.0230 8144 intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:50:17.0237 8144 intelide - ok
02:50:17.0264 8144 intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:50:17.0274 8144 intelppm - ok
02:50:17.0300 8144 IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
02:50:17.0321 8144 IPBusEnum - ok
02:50:17.0347 8144 IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:50:17.0366 8144 IpFilterDriver - ok
02:50:17.0384 8144 iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
02:50:17.0409 8144 iphlpsvc - ok
02:50:17.0421 8144 IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:50:17.0431 8144 IPMIDRV - ok
02:50:17.0458 8144 IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:50:17.0477 8144 IPNAT - ok
02:50:17.0492 8144 IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:50:17.0504 8144 IRENUM - ok
02:50:17.0520 8144 isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:50:17.0528 8144 isapnp - ok
02:50:17.0551 8144 iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:50:17.0560 8144 iScsiPrt - ok
02:50:17.0618 8144 JRAID           (fe40c1ba67ec92490fce065016806aa6) C:\Windows\system32\DRIVERS\jraid.sys
02:50:17.0626 8144 JRAID - ok
02:50:17.0677 8144 kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:50:17.0684 8144 kbdclass - ok
02:50:17.0702 8144 kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
02:50:17.0713 8144 kbdhid - ok
02:50:17.0759 8144 KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:50:17.0771 8144 KeyIso - ok
02:50:17.0793 8144 KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
02:50:17.0801 8144 KSecDD - ok
02:50:17.0818 8144 KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
02:50:17.0826 8144 KSecPkg - ok
02:50:17.0867 8144 KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
02:50:17.0891 8144 KtmRm - ok
02:50:17.0941 8144 LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
02:50:17.0964 8144 LanmanServer - ok
02:50:17.0998 8144 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
02:50:18.0033 8144 LanmanWorkstation - ok
02:50:18.0063 8144 lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:50:18.0099 8144 lltdio - ok
02:50:18.0135 8144 lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
02:50:18.0158 8144 lltdsvc - ok
02:50:18.0173 8144 lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
02:50:18.0193 8144 lmhosts - ok
02:50:18.0211 8144 LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
02:50:18.0219 8144 LSI_FC - ok
02:50:18.0230 8144 LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
02:50:18.0238 8144 LSI_SAS - ok
02:50:18.0265 8144 LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
02:50:18.0272 8144 LSI_SAS2 - ok
02:50:18.0290 8144 LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
02:50:18.0298 8144 LSI_SCSI - ok
02:50:18.0330 8144 luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:50:18.0350 8144 luafv - ok
02:50:18.0410 8144 MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
02:50:18.0418 8144 MBAMSwissArmy - ok
02:50:18.0442 8144 Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
02:50:18.0455 8144 Mcx2Svc - ok
02:50:18.0485 8144 megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
02:50:18.0493 8144 megasas - ok
02:50:18.0512 8144 MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
02:50:18.0521 8144 MegaSR - ok
02:50:18.0556 8144 MEI             (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
02:50:18.0576 8144 MEI - ok
02:50:18.0620 8144 Microsoft SharePoint Workspace Audit Service - ok
02:50:18.0639 8144 MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:50:18.0679 8144 MMCSS - ok
02:50:18.0699 8144 Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:50:18.0718 8144 Modem - ok
02:50:18.0741 8144 monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:50:18.0752 8144 monitor - ok
02:50:18.0791 8144 MotoHelper      (fa073bf55e99f21cfe3afb023cfd81dc) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
02:50:18.0800 8144 MotoHelper - ok
02:50:18.0822 8144 mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
02:50:18.0830 8144 mouclass - ok
02:50:18.0855 8144 mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:50:18.0866 8144 mouhid - ok
02:50:18.0892 8144 mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:50:18.0900 8144 mountmgr - ok
02:50:18.0917 8144 mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:50:18.0926 8144 mpio - ok
02:50:18.0959 8144 mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:50:18.0977 8144 mpsdrv - ok
02:50:19.0006 8144 MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
02:50:19.0033 8144 MpsSvc - ok
02:50:19.0044 8144 MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:50:19.0056 8144 MRxDAV - ok
02:50:19.0095 8144 mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:50:19.0114 8144 mrxsmb - ok
02:50:19.0127 8144 mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:50:19.0139 8144 mrxsmb10 - ok
02:50:19.0156 8144 mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:50:19.0167 8144 mrxsmb20 - ok
02:50:19.0185 8144 msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:50:19.0192 8144 msahci - ok
02:50:19.0223 8144 msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:50:19.0232 8144 msdsm - ok
02:50:19.0248 8144 MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
02:50:19.0280 8144 MSDTC - ok
02:50:19.0312 8144 Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:50:19.0331 8144 Msfs - ok
02:50:19.0347 8144 mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:50:19.0366 8144 mshidkmdf - ok
02:50:19.0373 8144 msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:50:19.0380 8144 msisadrv - ok
02:50:19.0423 8144 MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
02:50:19.0455 8144 MSiSCSI - ok
02:50:19.0461 8144 msiserver - ok
02:50:19.0480 8144 MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:50:19.0517 8144 MSKSSRV - ok
02:50:19.0556 8144 MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:50:19.0575 8144 MSPCLOCK - ok
02:50:19.0582 8144 MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:50:19.0601 8144 MSPQM - ok
02:50:19.0613 8144 MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:50:19.0622 8144 MsRPC - ok
02:50:19.0639 8144 mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
02:50:19.0647 8144 mssmbios - ok
02:50:19.0726 8144 MSSQL$SQLEXPRESS - ok
02:50:19.0743 8144 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
02:50:19.0751 8144 MSSQLServerADHelper - ok
02:50:19.0771 8144 MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:50:19.0790 8144 MSTEE - ok
02:50:19.0909 8144 msvsmon90       (e514d0493c272aecbac7c6c1dac635d1) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
02:50:19.0975 8144 msvsmon90 - ok
02:50:19.0984 8144 MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
02:50:20.0023 8144 MTConfig - ok
02:50:20.0047 8144 Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:50:20.0054 8144 Mup - ok
02:50:20.0098 8144 mv91xx          (19aab6a158bc8a16e756c010776a5546) C:\Windows\system32\DRIVERS\mv91xx.sys
02:50:20.0107 8144 mv91xx - ok
02:50:20.0148 8144 NAL             (35b94fb62c96807183841ca4e0fb44d8) C:\Windows\system32\Drivers\iqvw32.sys
02:50:20.0154 8144 NAL - ok
02:50:20.0185 8144 napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
02:50:20.0227 8144 napagent - ok
02:50:20.0287 8144 NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:50:20.0301 8144 NativeWifiP - ok
02:50:20.0327 8144 NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:50:20.0342 8144 NDIS - ok
02:50:20.0352 8144 NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:50:20.0371 8144 NdisCap - ok
02:50:20.0399 8144 NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:50:20.0417 8144 NdisTapi - ok
02:50:20.0442 8144 Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:50:20.0460 8144 Ndisuio - ok
02:50:20.0479 8144 NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:50:20.0514 8144 NdisWan - ok
02:50:20.0521 8144 NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:50:20.0539 8144 NDProxy - ok
02:50:20.0569 8144 NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:50:20.0606 8144 NetBIOS - ok
02:50:20.0635 8144 NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:50:20.0654 8144 NetBT - ok
02:50:20.0681 8144 Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:50:20.0693 8144 Netlogon - ok
02:50:20.0733 8144 Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
02:50:20.0757 8144 Netman - ok
02:50:20.0945 8144 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:50:20.0991 8144 NetMsmqActivator - ok
02:50:21.0018 8144 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:50:21.0026 8144 NetPipeActivator - ok
02:50:21.0040 8144 netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
02:50:21.0080 8144 netprofm - ok
02:50:21.0118 8144 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:50:21.0125 8144 NetTcpActivator - ok
02:50:21.0129 8144 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:50:21.0136 8144 NetTcpPortSharing - ok
02:50:21.0165 8144 nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
02:50:21.0172 8144 nfrd960 - ok
02:50:21.0263 8144 NitroDriverReadSpool2 (6a1134fb484af1aa9e952196b20996fc) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
02:50:21.0272 8144 NitroDriverReadSpool2 - ok
02:50:21.0312 8144 NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
02:50:21.0349 8144 NlaSvc - ok
02:50:21.0389 8144 nlsX86cc        (fac20f9060ff9c74af0c8a002bb04ae7) C:\Windows\system32\NLSSRV32.EXE
02:50:21.0398 8144 nlsX86cc - ok
02:50:21.0405 8144 Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:50:21.0424 8144 Npfs - ok
02:50:21.0435 8144 nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
02:50:21.0456 8144 nsi - ok
02:50:21.0469 8144 nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:50:21.0506 8144 nsiproxy - ok
02:50:21.0553 8144 Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
02:50:21.0573 8144 Ntfs - ok
02:50:21.0580 8144 Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:50:21.0599 8144 Null - ok
02:50:21.0640 8144 NVHDA           (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
02:50:21.0648 8144 NVHDA - ok
02:50:21.0806 8144 nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:50:21.0921 8144 nvlddmkm - ok
02:50:21.0960 8144 nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
02:50:21.0968 8144 nvraid - ok
02:50:21.0984 8144 nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
02:50:21.0993 8144 nvstor - ok
02:50:22.0037 8144 nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
02:50:22.0053 8144 nvsvc - ok
02:50:22.0174 8144 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:50:22.0228 8144 nvUpdatusService - ok
02:50:22.0266 8144 nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:50:22.0274 8144 nv_agp - ok
02:50:22.0285 8144 ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:50:22.0310 8144 ohci1394 - ok
02:50:22.0341 8144 OracleJobSchedulerXE - ok
02:50:22.0349 8144 OracleMTSRecoveryService - ok
02:50:22.0353 8144 OracleServiceXE - ok
02:50:22.0360 8144 OracleXEClrAgent - ok
02:50:22.0390 8144 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
02:50:22.0398 8144 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - warning
02:50:22.0398 8144 OracleXETNSListener - detected UnsignedFile.Multi.Generic (1)
02:50:22.0453 8144 ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:50:22.0462 8144 ose - ok
02:50:22.0565 8144 osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:50:22.0660 8144 osppsvc - ok
02:50:22.0700 8144 p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:50:22.0722 8144 p2pimsvc - ok
02:50:22.0738 8144 p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
02:50:22.0754 8144 p2psvc - ok
02:50:22.0789 8144 Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
02:50:22.0814 8144 Parport - ok
02:50:22.0854 8144 partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
02:50:22.0862 8144 partmgr - ok
02:50:22.0870 8144 Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
02:50:22.0881 8144 Parvdm - ok
02:50:22.0910 8144 PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
02:50:22.0926 8144 PcaSvc - ok
02:50:22.0939 8144 pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:50:22.0948 8144 pci - ok
02:50:22.0985 8144 pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:50:22.0992 8144 pciide - ok
02:50:23.0014 8144 pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
02:50:23.0022 8144 pcmcia - ok
02:50:23.0035 8144 pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:50:23.0043 8144 pcw - ok
02:50:23.0080 8144 PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:50:23.0117 8144 PEAUTH - ok
02:50:23.0169 8144 PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
02:50:23.0216 8144 PeerDistSvc - ok
02:50:23.0250 8144 pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
02:50:23.0311 8144 pla - ok
02:50:23.0370 8144 PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
02:50:23.0410 8144 PlugPlay - ok
02:50:23.0423 8144 PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
02:50:23.0440 8144 PNRPAutoReg - ok
02:50:23.0465 8144 PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:50:23.0479 8144 PNRPsvc - ok
02:50:23.0508 8144 PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
02:50:23.0532 8144 PolicyAgent - ok
02:50:23.0563 8144 Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
02:50:23.0584 8144 Power - ok
02:50:23.0640 8144 PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:50:23.0659 8144 PptpMiniport - ok
02:50:23.0675 8144 Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
02:50:23.0685 8144 Processor - ok
02:50:23.0706 8144 ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
02:50:23.0794 8144 ProfSvc - ok
02:50:23.0828 8144 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:50:23.0839 8144 ProtectedStorage - ok
02:50:23.0858 8144 Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:50:23.0877 8144 Psched - ok
02:50:23.0925 8144 ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
02:50:23.0946 8144 ql2300 - ok
02:50:23.0959 8144 ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
02:50:23.0967 8144 ql40xx - ok
02:50:23.0995 8144 QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
02:50:24.0012 8144 QWAVE - ok
02:50:24.0034 8144 QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:50:24.0046 8144 QWAVEdrv - ok
02:50:24.0063 8144 RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:50:24.0081 8144 RasAcd - ok
02:50:24.0119 8144 RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:50:24.0137 8144 RasAgileVpn - ok
02:50:24.0147 8144 RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
02:50:24.0170 8144 RasAuto - ok
02:50:24.0183 8144 Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:50:24.0202 8144 Rasl2tp - ok
02:50:24.0219 8144 RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
02:50:24.0243 8144 RasMan - ok
02:50:24.0261 8144 RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:50:24.0280 8144 RasPppoe - ok
02:50:24.0301 8144 RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:50:24.0333 8144 RasSstp - ok
02:50:24.0360 8144 rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:50:24.0379 8144 rdbss - ok
02:50:24.0395 8144 rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:50:24.0407 8144 rdpbus - ok
02:50:24.0429 8144 RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:50:24.0446 8144 RDPCDD - ok
02:50:24.0477 8144 RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
02:50:24.0498 8144 RDPDR - ok
02:50:24.0514 8144 RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:50:24.0545 8144 RDPENCDD - ok
02:50:24.0577 8144 RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:50:24.0595 8144 RDPREFMP - ok
02:50:24.0625 8144 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
02:50:24.0644 8144 RdpVideoMiniport - ok
02:50:24.0671 8144 RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
02:50:24.0713 8144 RDPWD - ok
02:50:24.0726 8144 rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:50:24.0735 8144 rdyboost - ok
02:50:24.0760 8144 RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
02:50:24.0780 8144 RemoteAccess - ok
02:50:24.0812 8144 RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
02:50:24.0849 8144 RemoteRegistry - ok
02:50:24.0877 8144 RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
02:50:24.0889 8144 RFCOMM - ok
02:50:24.0922 8144 RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
02:50:24.0967 8144 RpcEptMapper - ok
02:50:25.0010 8144 RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
02:50:25.0040 8144 RpcLocator - ok
02:50:25.0068 8144 RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:50:25.0091 8144 RpcSs - ok
02:50:25.0119 8144 rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:50:25.0139 8144 rspndr - ok
02:50:25.0201 8144 rt61x86         (e70dab50dc67d4037a612384d649313f) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
02:50:25.0211 8144 rt61x86 - ok
02:50:25.0287 8144 RTCore32        (293a2a421fd8d064803d22a252b2de97) C:\Program Files\EVGA Precision X\RTCore32.sys
02:50:25.0291 8144 RTCore32 ( UnsignedFile.Multi.Generic ) - warning
02:50:25.0291 8144 RTCore32 - detected UnsignedFile.Multi.Generic (1)
02:50:25.0318 8144 s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
02:50:25.0339 8144 s3cap - ok
02:50:25.0368 8144 SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:50:25.0379 8144 SamSs - ok
02:50:25.0404 8144 sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:50:25.0412 8144 sbp2port - ok
02:50:25.0426 8144 SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
02:50:25.0447 8144 SCardSvr - ok
02:50:25.0481 8144 scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:50:25.0516 8144 scfilter - ok
02:50:25.0551 8144 Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
02:50:25.0598 8144 Schedule - ok
02:50:25.0624 8144 SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:50:25.0642 8144 SCPolicySvc - ok
02:50:25.0653 8144 SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
02:50:25.0677 8144 SDRSVC - ok
02:50:25.0703 8144 secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:50:25.0722 8144 secdrv - ok
02:50:25.0745 8144 seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
02:50:25.0778 8144 seclogon - ok
02:50:25.0795 8144 SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
02:50:25.0817 8144 SENS - ok
02:50:25.0845 8144 SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
02:50:25.0858 8144 SensrSvc - ok
02:50:25.0888 8144 Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
02:50:25.0899 8144 Serenum - ok
02:50:25.0916 8144 Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
02:50:25.0927 8144 Serial - ok
02:50:25.0941 8144 sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
02:50:25.0951 8144 sermouse - ok
02:50:25.0978 8144 SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
02:50:26.0000 8144 SessionEnv - ok
02:50:26.0013 8144 sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:50:26.0024 8144 sffdisk - ok
02:50:26.0040 8144 sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:50:26.0065 8144 sffp_mmc - ok
02:50:26.0097 8144 sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:50:26.0108 8144 sffp_sd - ok
02:50:26.0135 8144 sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
02:50:26.0145 8144 sfloppy - ok
02:50:26.0186 8144 SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
02:50:26.0209 8144 SharedAccess - ok
02:50:26.0225 8144 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
02:50:26.0264 8144 ShellHWDetection - ok
02:50:26.0282 8144 sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:50:26.0289 8144 sisagp - ok
02:50:26.0325 8144 SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
02:50:26.0332 8144 SiSRaid2 - ok
02:50:26.0342 8144 SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
02:50:26.0350 8144 SiSRaid4 - ok
02:50:26.0392 8144 Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:50:26.0411 8144 Smb - ok
02:50:26.0428 8144 SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
02:50:26.0441 8144 SNMPTRAP - ok
02:50:26.0467 8144 spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:50:26.0475 8144 spldr - ok
02:50:26.0493 8144 Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
02:50:26.0534 8144 Spooler - ok
02:50:26.0591 8144 sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
02:50:26.0662 8144 sppsvc - ok
02:50:26.0677 8144 sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
02:50:26.0702 8144 sppuinotify - ok
02:50:26.0742 8144 sptd            (ab5c8f6e63674dbad9c1e449e8fd77ce) C:\Windows\System32\Drivers\sptd.sys
02:50:26.0754 8144 sptd - ok
02:50:26.0826 8144 SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:50:26.0836 8144 SQLBrowser - ok
02:50:26.0877 8144 SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:50:26.0884 8144 SQLWriter - ok
02:50:26.0920 8144 srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:50:26.0933 8144 srv - ok
02:50:26.0953 8144 srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:50:26.0965 8144 srv2 - ok
02:50:26.0979 8144 srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:50:26.0990 8144 srvnet - ok
02:50:27.0012 8144 SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
02:50:27.0034 8144 SSDPSRV - ok
02:50:27.0047 8144 SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
02:50:27.0073 8144 SstpSvc - ok
02:50:27.0100 8144 Steam Client Service - ok
02:50:27.0165 8144 Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:50:27.0178 8144 Stereo Service - ok
02:50:27.0215 8144 stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
02:50:27.0222 8144 stexstor - ok
02:50:27.0272 8144 StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
02:50:27.0293 8144 StiSvc - ok
02:50:27.0321 8144 storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
02:50:27.0329 8144 storflt - ok
02:50:27.0341 8144 storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
02:50:27.0349 8144 storvsc - ok
02:50:27.0363 8144 swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
02:50:27.0370 8144 swenum - ok
02:50:27.0449 8144 SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:50:27.0475 8144 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
02:50:27.0475 8144 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
02:50:27.0511 8144 swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
02:50:27.0536 8144 swprv - ok
02:50:27.0551 8144 Synth3dVsc      (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
02:50:27.0559 8144 Synth3dVsc - ok
02:50:27.0585 8144 SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
02:50:27.0627 8144 SysMain - ok
02:50:27.0656 8144 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
02:50:27.0686 8144 TabletInputService - ok
02:50:27.0711 8144 TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
02:50:27.0734 8144 TapiSrv - ok
02:50:27.0751 8144 TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
02:50:27.0773 8144 TBS - ok
02:50:27.0831 8144 Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
02:50:27.0852 8144 Tcpip - ok
02:50:27.0881 8144 TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
02:50:27.0901 8144 TCPIP6 - ok
02:50:27.0930 8144 tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:50:27.0959 8144 tcpipreg - ok
02:50:27.0991 8144 TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:50:28.0000 8144 TDPIPE - ok
02:50:28.0024 8144 TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
02:50:28.0035 8144 TDTCP - ok
02:50:28.0046 8144 tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
02:50:28.0075 8144 tdx - ok
02:50:28.0098 8144 TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
02:50:28.0105 8144 TermDD - ok
02:50:28.0146 8144 terminpt        (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
02:50:28.0162 8144 terminpt - ok
02:50:28.0194 8144 TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
02:50:28.0218 8144 TermService - ok
02:50:28.0233 8144 Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
02:50:28.0263 8144 Themes - ok
02:50:28.0288 8144 THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:50:28.0308 8144 THREADORDER - ok
02:50:28.0344 8144 TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
02:50:28.0386 8144 TrkWks - ok
02:50:28.0437 8144 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
02:50:28.0457 8144 TrustedInstaller - ok
02:50:28.0480 8144 tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:50:28.0498 8144 tssecsrv - ok
02:50:28.0513 8144 TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:50:28.0554 8144 TsUsbFlt - ok
02:50:28.0570 8144 TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
02:50:28.0613 8144 TsUsbGD - ok
02:50:28.0657 8144 tsusbhub        (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
02:50:28.0668 8144 tsusbhub - ok
02:50:28.0718 8144 tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:50:28.0736 8144 tunnel - ok
02:50:28.0750 8144 uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
02:50:28.0758 8144 uagp35 - ok
02:50:28.0773 8144 udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:50:28.0810 8144 udfs - ok
02:50:28.0852 8144 UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
02:50:28.0865 8144 UI0Detect - ok
02:50:28.0888 8144 uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:50:28.0896 8144 uliagpkx - ok
02:50:28.0923 8144 umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
02:50:28.0934 8144 umbus - ok
02:50:28.0964 8144 UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
02:50:28.0974 8144 UmPass - ok
02:50:29.0010 8144 UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
02:50:29.0042 8144 UmRdpService - ok
02:50:29.0072 8144 upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
02:50:29.0097 8144 upnphost - ok
02:50:29.0128 8144 usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
02:50:29.0139 8144 usbccgp - ok
02:50:29.0151 8144 usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:50:29.0163 8144 usbcir - ok
02:50:29.0198 8144 usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
02:50:29.0208 8144 usbehci - ok
02:50:29.0227 8144 usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
02:50:29.0239 8144 usbhub - ok
02:50:29.0261 8144 usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
02:50:29.0293 8144 usbohci - ok
02:50:29.0337 8144 usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:50:29.0348 8144 usbprint - ok
02:50:29.0394 8144 usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
02:50:29.0406 8144 usbscan - ok
02:50:29.0430 8144 USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:50:29.0453 8144 USBSTOR - ok
02:50:29.0473 8144 usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
02:50:29.0483 8144 usbuhci - ok
02:50:29.0510 8144 UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
02:50:29.0531 8144 UxSms - ok
02:50:29.0557 8144 VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:50:29.0568 8144 VaultSvc - ok
02:50:29.0580 8144 vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:50:29.0587 8144 vdrvroot - ok
02:50:29.0615 8144 vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
02:50:29.0641 8144 vds - ok
02:50:29.0654 8144 vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:50:29.0701 8144 vga - ok
02:50:29.0738 8144 VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:50:29.0757 8144 VgaSave - ok
02:50:29.0764 8144 VGPU - ok
02:50:29.0782 8144 vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:50:29.0790 8144 vhdmp - ok
02:50:29.0803 8144 viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:50:29.0810 8144 viaagp - ok
02:50:29.0834 8144 ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
02:50:29.0862 8144 ViaC7 - ok
02:50:29.0881 8144 viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:50:29.0888 8144 viaide - ok
02:50:29.0934 8144 vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
02:50:29.0943 8144 vmbus - ok
02:50:29.0959 8144 VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
02:50:29.0969 8144 VMBusHID - ok
02:50:29.0977 8144 volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:50:29.0984 8144 volmgr - ok
02:50:30.0021 8144 volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:50:30.0031 8144 volmgrx - ok
02:50:30.0049 8144 volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:50:30.0059 8144 volsnap - ok
02:50:30.0092 8144 vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
02:50:30.0101 8144 vsmraid - ok
02:50:30.0159 8144 VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
02:50:30.0199 8144 VSS - ok
02:50:30.0219 8144 vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
02:50:30.0247 8144 vwifibus - ok
02:50:30.0274 8144 W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
02:50:30.0311 8144 W32Time - ok
02:50:30.0320 8144 WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
02:50:30.0331 8144 WacomPen - ok
02:50:30.0361 8144 WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:50:30.0380 8144 WANARP - ok
02:50:30.0383 8144 Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:50:30.0401 8144 Wanarpv6 - ok
02:50:30.0452 8144 WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
02:50:30.0492 8144 WatAdminSvc - ok
02:50:30.0525 8144 wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
02:50:30.0571 8144 wbengine - ok
02:50:30.0596 8144 WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
02:50:30.0613 8144 WbioSrvc - ok
02:50:30.0630 8144 wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
02:50:30.0648 8144 wcncsvc - ok
02:50:30.0661 8144 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
02:50:30.0677 8144 WcsPlugInService - ok
02:50:30.0694 8144 Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
02:50:30.0701 8144 Wd - ok
02:50:30.0719 8144 Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:50:30.0730 8144 Wdf01000 - ok
02:50:30.0745 8144 WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:50:30.0802 8144 WdiServiceHost - ok
02:50:30.0805 8144 WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:50:30.0819 8144 WdiSystemHost - ok
02:50:30.0836 8144 WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
02:50:30.0869 8144 WebClient - ok
02:50:30.0901 8144 Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
02:50:30.0924 8144 Wecsvc - ok
02:50:30.0936 8144 wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
02:50:30.0974 8144 wercplsupport - ok
02:50:31.0000 8144 WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
02:50:31.0037 8144 WerSvc - ok
02:50:31.0069 8144 WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:50:31.0088 8144 WfpLwf - ok
02:50:31.0098 8144 WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:50:31.0105 8144 WIMMount - ok
02:50:31.0170 8144 WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
02:50:31.0206 8144 WinDefend - ok
02:50:31.0224 8144 WinHttpAutoProxySvc - ok
02:50:31.0272 8144 Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
02:50:31.0291 8144 Winmgmt - ok
02:50:31.0320 8144 WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
02:50:31.0367 8144 WinRM - ok
02:50:31.0390 8144 Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
02:50:31.0415 8144 Wlansvc - ok
02:50:31.0498 8144 wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:50:31.0538 8144 wlidsvc - ok
02:50:31.0553 8144 WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:50:31.0563 8144 WmiAcpi - ok
02:50:31.0596 8144 wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
02:50:31.0629 8144 wmiApSrv - ok
02:50:31.0696 8144 WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:50:31.0731 8144 WMPNetworkSvc - ok
02:50:31.0740 8144 WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
02:50:31.0759 8144 WPCSvc - ok
02:50:31.0769 8144 WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
02:50:31.0796 8144 WPDBusEnum - ok
02:50:31.0804 8144 ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:50:31.0835 8144 ws2ifsl - ok
02:50:31.0861 8144 wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
02:50:31.0880 8144 wscsvc - ok
02:50:31.0886 8144 WSearch - ok
02:50:31.0937 8144 wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
02:50:31.0996 8144 wuauserv - ok
02:50:32.0025 8144 WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:50:32.0056 8144 WudfPf - ok
02:50:32.0106 8144 WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:50:32.0124 8144 WUDFRd - ok
02:50:32.0153 8144 wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
02:50:32.0175 8144 wudfsvc - ok
02:50:32.0205 8144 WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
02:50:32.0238 8144 WwanSvc - ok
02:50:32.0281 8144 xusb21          (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
02:50:32.0325 8144 xusb21 - ok
02:50:32.0346 8144 MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:50:32.0495 8144 \Device\Harddisk0\DR0 - ok
02:50:32.0497 8144 MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
02:50:32.0932 8144 \Device\Harddisk1\DR1 - ok
02:50:32.0934 8144 Boot (0x1200)   (52ab77de226eb81194e3292d9f0ad086) \Device\Harddisk0\DR0\Partition0
02:50:32.0935 8144 \Device\Harddisk0\DR0\Partition0 - ok
02:50:32.0952 8144 Boot (0x1200)   (fe6b540cd15585cea3e82985d7ff97f1) \Device\Harddisk0\DR0\Partition1
02:50:32.0954 8144 \Device\Harddisk0\DR0\Partition1 - ok
02:50:32.0956 8144 Boot (0x1200)   (9883314227139c187c56960fbb65ca66) \Device\Harddisk1\DR1\Partition0
02:50:32.0957 8144 \Device\Harddisk1\DR1\Partition0 - ok
02:50:32.0959 8144 Boot (0x1200)   (1209be58c579edcc3c5da98ab0f80ca2) \Device\Harddisk1\DR1\Partition1
02:50:32.0960 8144 \Device\Harddisk1\DR1\Partition1 - ok
02:50:32.0962 8144 Boot (0x1200)   (07fcf1ed3783cc118fb714fe64edefb2) \Device\Harddisk1\DR1\Partition2
02:50:32.0964 8144 \Device\Harddisk1\DR1\Partition2 - ok
02:50:32.0964 8144 ============================================================
02:50:32.0964 8144 Scan finished
02:50:32.0964 8144 ============================================================
02:50:32.0970 9072 Detected object count: 6
02:50:32.0970 9072 Actual detected object count: 6
02:50:36.0371 9072 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:36.0371 9072 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:36.0372 9072 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:36.0372 9072 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:36.0372 9072 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:36.0372 9072 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:36.0373 9072 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:36.0373 9072 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:36.0374 9072 RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:36.0374 9072 RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:36.0375 9072 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
02:50:36.0375 9072 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:50:37.0919 7596 Deinitialize success

#4 levi

New Member

Members
9 posts

Posted 10 April 2012 - 04:23 PM

MBAM Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.10.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Vikram :: VIKRAM-PC [administrator]
11/4/2012 2:26:37 AM
mbam-log-2012-04-11 (02-26-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243012
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.3.0
Run by Vikram at 2:37:05 on 2012-04-11
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.3567.1287 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\EVGA Precision X\EVGAPrecision.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\IProsetMonitor.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr32.exe
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\NetWorx\networx.exe
C:\Program Files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Download Manager\IDMan.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\Temp\Volume.exe
C:\Windows\system32\mdm.exe
C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\EVGA Precision X\Bundle\OSDServer\RTSS.exe
C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\programs\attributes.exe
C:\Windows\system32\conhost.exe
c:\programs\phoenix.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\jdownloads\PrincessEris\PrincessEris\akuma_erisu.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=59.93.246.190:808;https=59.93.246.190:808;ftp=59.93.246.190:808;socks=59.93.246.190:1080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Audio] c:\users\vikram\appdata\local\temp\Soundfx .exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [<NO NAME>]
mRun: [ASUS AiChargerPlus Execute] c:\program files\installshield installation information\{e6931688-da2b-4e16-8539-3d323d69c677}\AiChargerPlus.exe
mRun: [ASUS ShellProcess Execute] c:\program files\asus\ai suite ii\asus mobilink\simulator\AsShellProcess.exe
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [OmniPage Preload] c:\program files\nuance\omnipage18\OmniPage18.exe /preload
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\vikram\appdata\roaming\microsoft\windows\start menu\programs\startup\Soundfx .exe
uPolicies-system: Shell = %windir%\lock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: ncodesolutions.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
TCP: Interfaces\{61EC26C7-594A-4783-B662-78D5543F61F5} : DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
TCP: Interfaces\{A0FCFE2C-0228-4CB7-9712-55CC9708D751} : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1} : NameServer = 8.8.4.4,208.67.220.220
TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1} : DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vikram\appdata\roaming\mozilla\firefox\profiles\emn1jwc8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\professional 7\npdf.dll
FF - plugin: c:\program files\nitro pdf\professional 7\npnitromozilla.dll
FF - plugin: c:\program files\nitro pdf\professional 7\NPShellExtension.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\drivers\AiChargerPlus.sys [2012-1-14 13696]
R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-27 261160]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-8-3 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-14 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-14 337112]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 asComSvc;ASUS Com Service;c:\program files\asus\axsp\1.00.14\atkexComSvc.exe [2011-6-13 922240]
R2 asHmComSvc;ASUS HM Com Service;c:\program files\asus\aahm\1.00.14\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.11\AsSysCtrlService.exe [2012-1-14 586880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-14 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-14 57688]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-1 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-2-9 96768]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-1-14 13592]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-3-16 91936]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-27 112800]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2011-11-2 196896]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-10 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-9-14 102376]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-9-14 311784]
R3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [2011-9-20 37448]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-6 242240]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2012-1-27 268968]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\drivers\ICCWDT.sys [2010-8-17 22040]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-11 40776]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-14 41088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-4-10 148800]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160]
R3 RTCore32;RTCore32;c:\program files\evga precision x\RTCore32.sys [2011-9-7 5632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\drivers\ASUSstpt.sys [2012-1-14 20552]
S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\drivers\ASUSumsc.sys [2012-1-14 117832]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2011-3-13 43680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-2-24 135584]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-3-26 223088]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-14 1343400]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-04-10 20:16:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{49a4cbe7-03cc-4c90-86ea-9b0e79586a92}\offreg.dll
2012-04-10 18:33:59 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{49a4cbe7-03cc-4c90-86ea-9b0e79586a92}\mpengine.dll
2012-04-10 02:17:31 -------- d-----w- c:\program files\GPU-Z
2012-04-10 01:53:09 -------- d-----w- c:\program files\EVGA
2012-04-10 01:41:44 -------- d-----w- c:\program files\EVGA Precision X
2012-04-10 01:18:01 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-10 01:18:01 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-04-10 01:18:01 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-10 01:18:01 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-10 01:18:01 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-10 01:18:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-10 01:17:49 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-10 01:17:17 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-04-10 01:17:17 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-10 01:17:17 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-08 18:59:12 -------- d-----w- c:\program files\Yukkuri Panic!
2012-04-08 18:58:50 -------- d-----w- c:\program files\Yukkuri Panic! ADV
2012-04-08 05:59:49 -------- d-----w- c:\program files\Will
2012-04-07 20:00:24 -------- d-----w- c:\program files\MediaInfo
2012-04-07 11:32:03 -------- d-----w- c:\users\vikram\appdata\roaming\savedata
2012-04-07 11:31:06 -------- d-----w- c:\program files\あかべぇそふとつぅ
2012-04-06 19:52:11 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut11_3DCAB3F8E1464415A95392718B7291A4.exe
2012-04-06 19:52:11 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut1_413052402F904D9B89A1F5247527F664.exe
2012-04-06 19:52:11 131072 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut3_6FC8A928D9BB4B5F87E47BFA2DFFBFE5.exe
2012-04-06 19:52:10 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\ARPPRODUCTICON.exe
2012-04-06 19:50:57 -------- d-----w- c:\program files\CROSSNET
2012-04-06 18:54:06 -------- d-----w- c:\program files\directx
2012-04-06 18:53:59 -------- d-----w- c:\program files\AngelSmile
2012-04-03 09:17:41 -------- d-----w- C:\programs
2012-03-31 20:51:46 -------- d-----w- c:\program files\Xuse
2012-03-31 06:20:28 -------- d-----w- c:\programdata\Pendulo Studios
2012-03-31 06:13:44 -------- d-----w- c:\program files\Pendulo Studios
2012-03-31 05:49:09 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-31 05:49:09 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-31 05:49:07 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-30 03:00:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 18:32:54 -------- d-----w- c:\program files\DISCIPLINE
2012-03-29 17:40:12 -------- d-----w- c:\program files\AutoIt3
2012-03-29 17:10:05 -------- d-----w- c:\users\vikram\appdata\local\Electronic Arts
2012-03-29 17:09:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-28 21:01:15 -------- d-----w- C:\folder1
2012-03-28 15:05:54 -------- d-----w- c:\program files\Sengoku Rance English
2012-03-28 11:46:42 -------- d-----w- c:\users\vikram\appdata\roaming\RenPy
2012-03-28 11:46:01 1590784 ----a-w- c:\users\vikram\appdata\roaming\microsoft\windows\start menu\programs\startup\Soundfx .exe
2012-03-27 11:09:48 -------- d-----w- C:\AliceSoft
2012-03-26 17:08:41 86016 ----a-w- c:\windows\unvise32.exe
2012-03-26 17:08:30 -------- d-----w- c:\program files\G-Collections
2012-03-25 16:06:35 -------- d-----w- C:\Baseson
2012-03-25 12:36:10 40960 ----a-w- c:\windows\system32\StartAffinity.exe
2012-03-25 03:30:48 -------- d-----w- c:\program files\Leaf
2012-03-24 19:27:32 -------- d-----w- c:\users\vikram\appdata\roaming\Family Project
2012-03-24 16:30:57 -------- d-----w- c:\programdata\ASign
2012-03-24 16:29:11 -------- d-----w- C:\Liquid
2012-03-24 15:37:12 -------- d-----w- c:\users\vikram\appdata\roaming\Waveform
2012-03-24 06:46:41 -------- d-----w- c:\program files\Monte Cristo
2012-03-23 16:10:36 -------- d-----w- c:\users\vikram\appdata\local\ElevatedDiagnostics
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 13:12:57 -------- d-----w- c:\users\vikram\appdata\local\Eushully
2012-03-18 13:09:45 -------- d-----w- c:\program files\Eushully
2012-03-16 11:08:36 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-16 06:40:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-16 06:40:04 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-16 06:40:04 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-15 10:59:22 -------- d-----w- c:\users\vikram\appdata\roaming\Doublefine
2012-03-15 10:55:15 -------- d-----w- c:\program files\Double Fine Productions
2012-03-15 10:29:26 -------- d-----w- c:\programdata\Media Center Programs
2012-03-15 10:29:24 -------- d-----w- c:\program files\common files\BioWare
2012-03-15 08:07:12 -------- d-----w- C:\ConverterOutput
2012-03-15 08:06:33 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2012-03-15 08:06:33 395776 ----a-w- c:\windows\system32\libmplayer.dll
2012-03-15 08:06:33 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-03-15 08:06:33 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2012-03-15 08:06:33 1761280 ----a-w- c:\windows\system32\ffdshow.ax
2012-03-15 08:06:33 172032 ----a-w- c:\windows\system32\ac3filter.ax
2012-03-15 08:06:33 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2012-03-15 08:06:26 -------- d-----w- c:\program files\Cucusoft
2012-03-14 21:30:51 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:30:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 15:14:42 -------- d-----w- c:\program files\JULIA
2012-03-14 06:22:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:22:34 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:04:57 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 06:04:57 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:04:57 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:04:57 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:04:54 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 06:04:54 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:04:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:59:29 -------- d-----w- c:\programdata\Comodo
2012-03-13 10:44:21 -------- d-----w- c:\program files\Strange Loop Games
2012-03-13 02:21:44 -------- d-----w- c:\program files\CE Remote Tools
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\js
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\images
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\html
2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\css
2012-03-13 01:58:44 -------- d-----w- c:\program files\Business Objects
2012-03-13 01:55:58 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-13 01:53:09 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-13 01:52:04 -------- d-----w- c:\windows\system32\1033
2012-03-13 01:51:43 -------- d-----w- c:\program files\HTML Help Workshop
2012-03-13 01:51:43 -------- d-----w- c:\program files\common files\Merge Modules
2012-03-13 01:32:15 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2012-03-13 01:30:58 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1036.dll
2012-03-13 01:30:58 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.3082.dll
2012-03-13 01:30:58 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1031.dll
2012-03-13 01:30:58 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1040.dll
2012-03-13 01:30:58 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1033.dll
2012-03-13 01:30:58 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1041.dll
2012-03-13 01:30:58 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1042.dll
2012-03-13 01:30:58 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1028.dll
2012-03-13 01:30:58 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.2052.dll
2012-03-13 01:30:58 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.exe
.
==================== Find3M  ====================
.
2012-04-04 10:26:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:17:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-31 06:17:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-30 03:02:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 15:43:38 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 15:43:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 15:43:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 15:43:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 15:43:20 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-11 09:39:29 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe
2012-03-06 10:11:24 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 09:02:57 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-06 08:44:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-06 08:44:56 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 07:56:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:59 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 03:48:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 13:37:38 0 ----a-w- c:\windows\msjava.dll
2012-02-19 08:57:47 5187744 ----a-w- c:\windows\PE_Rom.dll
2012-02-14 06:39:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-01-31 18:55:14 10804768 ----a-w- c:\program files\common files\lpuninstall.exe
2012-01-25 06:29:44 5253280 ----a-w- c:\windows\PE_File.dll
2012-01-14 15:11:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-14 15:11:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-01-14 15:11:59 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-01-14 09:37:52 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-14 09:30:31 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-01-14 08:56:26 811520 ----a-w- c:\windows\system32\user32.dll
2012-01-14 08:56:26 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:56:26 13824 ----a-w- c:\windows\system32\slwga.dll
2010-11-20 21:29:11 1169224 --sh--w- c:\windows\temp\Volume.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST310005 rev.JC45 -> Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83445000]<< >>UNKNOWN [0x8DC09000]<< >>UNKNOWN [0x8DA08000]<< >>UNKNOWN [0x866E71E8]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x8347C55A] -> \Device\Harddisk0\DR0[0x8993E5C0]
\Driver\Disk[0x8993D5C8] -> IRP_MJ_CREATE -> 0x8DC0D39F
3 [0x8DC0D59E] -> ntkrnlpa!IofCallDriver[0x8347C55A] -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0[0x8749D030]
\Driver\mv91xx[0x8749A4A8] -> IRP_MJ_CREATE -> 0x866E71E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH:  2:38:38.14 ===============

ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 14/1/2012 2:26:30 PM
System Uptime: 10/4/2012 10:35:15 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8Z68-V PRO GEN3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 500 GiB total, 372.1 GiB free.
D: is FIXED (NTFS) - 432 GiB total, 382.54 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 201.953 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 84.751 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 175.229 GiB free.
H: is CDROM ()
I: is CDROM (UDF)
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP190: 3/4/2012 4:50:57 PM - Windows Update
RP191: 6/4/2012 12:53:22 PM - Installed Adobe Reader X.
RP192: 6/4/2012 7:31:42 PM - Windows Update
RP193: 7/4/2012 1:20:40 AM - Installed 星空のメモリア-Wish upon a shooting star-.
RP194: 8/4/2012 7:18:58 PM - Windows Backup
RP195: 11/4/2012 12:03:40 AM - Windows Update
RP196: 11/4/2012 1:35:34 AM - Windows Update
.
==== Installed Programs ======================
.
.
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
AI Suite II
Asmedia ASM104x USB 3.0 Host Controller Driver
AutoIt v3.3.8.1
avast! Free Antivirus
Bluetooth Win7 Suite
BOSS
BufferChm
calibre
CCleaner
COMODO Internet Security
Conquering the Queen
Crystal Reports Basic for Visual Studio 2008
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DisplayFusion 3.4.1
DocProc
EasyBCD 2.1.2
Escalation ADV version Escalation ADV v1.0
Escalation Yukkuri Panic! version 1.0
EVGA OC Scanner X 2.0.1
EVGA Precision X 3.0.2
Fallout Mod Manager 0.13.21
Family Project v1.0
FileHippo.com Update Checker
ForceBindIP
Fraps
Freemake Video Converter version 3.0.2
Futuremark SystemInfo
G-Senjou no Maou English
Google Chrome
Google Update Helper
GPBaseService2
Hegemony Gold: Wars of Ancient Greece
High-Definition Video Playback
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Scanjet G2410 and 2400
HP Solution Center 13.0
HP Update
hpg2410
HPPhotosmartEssential
HPProductAssistant
InstallShield for Microsoft Visual C++ 6
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.5.2.0
Intel(R) Rapid Storage Technology
IntelR Watchdog Timer Driver (IntelR WDT)
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 3
JMicron JMB36X Driver
Koihime_Musou
L.A. Noire
LastPass (uninstall only)
Lightning Warrior Raidy
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 91xx driver
Mass Effect
Media Player Classic - Home Cinema 1.6.0.4014
MediaInfo 0.7.55
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft AppLocale
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Visual Studio Web Authoring Component
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Application Compatibility Database
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Xbox 360 Accessories 1.2
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobipocket Reader 6.2
Mortal Kombat Arcade Kollection
MotoHelper 2.0.49 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Mozilla Firefox 11.0 (x86 en-US)
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero Dolby Files 10
Nero Express 10
Nero Multimedia Suite 10 Platinum HD
NetWorx 5.2.2
Nexus Mod Manager
Nitro Pro 7
Notepad++
Nuance OmniPage 18
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
OpenAL
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PDF Settings CS5
Picasa 3
Pidgin
Rayman Origins
Realtek High Definition Audio Driver
ReNamer
Rockstar Games Social Club
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sengoku Rance English v1.01
SolutionCenter
Steam
System Requirements Lab CYRI
Tally 9
TechPowerUp GPU-Z
TeraCopy 2.27
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Utawarerumono English v1.1
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WebM Project Directshow Filters
WebReg
Windows Live ID Sign-in Assistant
WinRAR 4.11 (32-bit)
WMP 12 Playback Pack
Xuse 永遠のアセリア － この大地の果てで －  (Remove Only)
星空のメモリア-Wish upon a shooting star-
神採りアルケミーマイスター
神採りアルケミーマイスター Append01
神採りアルケミーマイスター Append02
神採りアルケミーマイスター Ver2.00 Update
.
==== Event Viewer Messages From Past Week ========
.
7/4/2012 12:44:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
7/4/2012 12:05:48 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/4/2012 11:58:46 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ASUS HM Com Service service to connect.
5/4/2012 11:58:46 AM, Error: Service Control Manager [7000]  - The ASUS HM Com Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/4/2012 6:43:57 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
10/4/2012 6:43:57 AM, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/4/2012 11:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
.
==== End Of File ===========================

#5 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 11 April 2012 - 01:24 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#6 levi

New Member

Members
9 posts

Posted 11 April 2012 - 02:10 AM

Here is ComboFix.txt

ComboFix 12-04-10.02 - Vikram 4/2012 Wed  12:24:38.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.3567.2254 [GMT 5.5:30]
Running from: e:\downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
  Error: Cfiles.dat
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\users\Vikram\AppData\Local\Tempals_inst.exe
c:\users\Vikram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soundfx .exe
c:\windows\apppatch\AppLoc.exe
c:\windows\msjava.dll
c:\windows\system\VI30AUT.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-11 to 2012-04-11  )))))))))))))))))))))))))))))))
.
.
2012-04-10 20:07 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 20:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 20:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 20:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 20:06 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 20:06 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 18:33 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A4CBE7-03CC-4C90-86EA-9B0E79586A92}\mpengine.dll
2012-04-10 02:17 . 2012-04-10 02:17 -------- d-----w- c:\program files\GPU-Z
2012-04-10 01:53 . 2012-04-10 01:53 -------- d-----w- c:\program files\EVGA
2012-04-10 01:41 . 2012-04-11 06:51 -------- d-----w- c:\program files\EVGA Precision X
2012-04-10 01:18 . 2012-04-10 01:18 -------- d-----w- c:\users\UpdatusUser
2012-04-10 01:18 . 2012-02-29 20:58 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-10 01:18 . 2012-02-29 20:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-10 01:18 . 2012-02-29 20:55 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-10 01:18 . 2012-02-29 20:53 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-10 01:18 . 2012-02-29 20:53 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-10 01:18 . 2012-02-29 20:53 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-04-10 01:17 . 2012-04-10 01:17 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-10 01:17 . 2012-01-17 12:46 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-10 01:17 . 2012-01-17 12:45 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-10 01:17 . 2012-01-17 12:45 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-04-08 18:59 . 2012-04-08 18:59 -------- d-----w- c:\program files\Yukkuri Panic!
2012-04-08 18:58 . 2012-04-08 19:07 -------- d-----w- c:\program files\Yukkuri Panic! ADV
2012-04-08 05:59 . 2012-04-08 05:59 -------- d-----w- c:\program files\Will
2012-04-07 20:00 . 2012-04-07 20:00 -------- d-----w- c:\program files\MediaInfo
2012-04-07 11:32 . 2012-04-07 11:32 -------- d-----w- c:\users\Vikram\AppData\Roaming\savedata
2012-04-07 11:31 . 2012-04-07 11:31 -------- d-----w- c:\program files\あかべぇそふとつぅ
2012-04-06 19:52 . 2012-04-06 19:52 69632 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\NewShortcut11_3DCAB3F8E1464415A95392718B7291A4.exe
2012-04-06 19:52 . 2012-04-06 19:52 69632 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\NewShortcut1_413052402F904D9B89A1F5247527F664.exe
2012-04-06 19:52 . 2012-04-06 19:52 131072 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\NewShortcut3_6FC8A928D9BB4B5F87E47BFA2DFFBFE5.exe
2012-04-06 19:52 . 2012-04-06 19:52 69632 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\ARPPRODUCTICON.exe
2012-04-06 19:50 . 2012-04-06 19:50 -------- d-----w- c:\program files\CROSSNET
2012-04-06 18:54 . 2012-04-06 18:54 -------- d-----w- c:\program files\directx
2012-04-06 18:53 . 2012-04-06 18:53 -------- d-----w- c:\program files\AngelSmile
2012-04-03 09:17 . 2012-04-03 09:17 -------- d-----w- C:\programs
2012-03-31 20:51 . 2012-03-31 20:51 -------- d-----w- c:\program files\Xuse
2012-03-31 06:20 . 2012-03-31 06:20 -------- d-----w- c:\programdata\Pendulo Studios
2012-03-31 06:13 . 2012-03-31 06:13 -------- d-----w- c:\program files\Pendulo Studios
2012-03-31 05:49 . 2008-07-12 02:48 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-31 05:49 . 2008-07-12 02:48 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-31 05:49 . 2008-07-12 02:48 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-30 03:00 . 2012-03-30 03:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 18:32 . 2012-03-29 19:02 -------- d-----w- c:\program files\DISCIPLINE
2012-03-29 17:40 . 2012-03-29 17:40 -------- d-----w- c:\program files\AutoIt3
2012-03-29 17:10 . 2012-03-29 17:10 -------- d-----w- c:\users\Vikram\AppData\Local\Electronic Arts
2012-03-29 17:09 . 2012-03-29 17:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-29 16:07 . 2012-03-29 16:07 -------- d-----w- c:\program files\Ubisoft
2012-03-28 21:01 . 2012-03-28 21:01 -------- d-----w- C:\folder1
2012-03-28 15:05 . 2012-03-28 15:30 -------- d-----w- c:\program files\Sengoku Rance English
2012-03-28 11:46 . 2012-03-28 11:46 -------- d-----w- c:\users\Vikram\AppData\Roaming\RenPy
2012-03-27 11:09 . 2012-03-28 15:05 -------- d-----w- C:\AliceSoft
2012-03-26 17:08 . 1999-12-17 03:43 86016 ----a-w- c:\windows\unvise32.exe
2012-03-26 17:08 . 2012-03-26 17:08 -------- d-----w- c:\program files\G-Collections
2012-03-25 16:06 . 2012-03-25 16:06 -------- d-----w- C:\Baseson
2012-03-25 12:36 . 2006-03-26 07:46 40960 ----a-w- c:\windows\system32\StartAffinity.exe
2012-03-25 03:30 . 2012-03-25 03:30 -------- d-----w- c:\program files\Leaf
2012-03-24 19:27 . 2012-03-26 18:09 -------- d-----w- c:\users\Vikram\AppData\Roaming\Family Project
2012-03-24 16:30 . 2012-03-24 16:30 -------- d-----w- c:\programdata\ASign
2012-03-24 16:29 . 2012-03-24 16:29 -------- d-----w- C:\Liquid
2012-03-24 15:37 . 2012-03-24 15:37 -------- d-----w- c:\users\Vikram\AppData\Roaming\Waveform
2012-03-24 06:46 . 2012-03-30 03:21 -------- d-----w- c:\program files\Monte Cristo
2012-03-23 16:10 . 2012-03-23 16:10 -------- d-----w- c:\users\Vikram\AppData\Local\ElevatedDiagnostics
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 13:12 . 2012-03-18 13:12 -------- d-----w- c:\users\Vikram\AppData\Local\Eushully
2012-03-18 13:09 . 2012-03-18 13:09 -------- d-----w- c:\program files\Eushully
2012-03-16 11:08 . 2012-02-08 01:13 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-16 06:40 . 2012-03-13 04:39 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-16 06:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 06:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-15 10:59 . 2012-03-15 10:59 -------- d-----w- c:\users\Vikram\AppData\Roaming\Doublefine
2012-03-15 10:55 . 2012-03-15 10:55 -------- d-----w- c:\program files\Double Fine Productions
2012-03-15 10:29 . 2012-03-15 10:29 -------- d-----w- c:\programdata\Media Center Programs
2012-03-15 10:29 . 2012-03-16 08:57 -------- d-----w- c:\program files\Common Files\BioWare
2012-03-15 08:07 . 2012-03-15 09:25 -------- d-----w- C:\ConverterOutput
2012-03-15 08:06 . 2004-10-12 09:16 1761280 ----a-w- c:\windows\system32\ffdshow.ax
2012-03-15 08:06 . 2004-10-12 09:12 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-03-15 08:06 . 2004-10-12 09:10 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2012-03-15 08:06 . 2004-10-05 10:46 395776 ----a-w- c:\windows\system32\libmplayer.dll
2012-03-15 08:06 . 2004-10-03 20:20 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2012-03-15 08:06 . 2003-04-02 18:47 172032 ----a-w- c:\windows\system32\ac3filter.ax
2012-03-15 08:06 . 2003-03-25 01:19 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2012-03-15 08:06 . 2012-03-15 08:06 -------- d-----w- c:\program files\Cucusoft
2012-03-14 15:14 . 2012-03-14 21:31 -------- d-----w- c:\program files\JULIA
2012-03-14 06:22 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:04 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 06:04 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:04 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:04 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:04 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:04 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:04 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 05:59 . 2012-03-14 06:01 -------- d-----w- c:\programdata\Comodo
2012-03-13 21:35 . 2012-03-13 21:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-13 10:44 . 2012-03-13 10:44 -------- d-----w- c:\program files\Strange Loop Games
2012-03-13 02:21 . 2012-03-13 02:21 -------- d-----w- c:\program files\CE Remote Tools
2012-03-13 01:58 . 2012-03-13 02:38 -------- d-----w- c:\windows\system32\js
2012-03-13 01:58 . 2012-03-13 02:38 -------- d-----w- c:\windows\system32\html
2012-03-13 01:58 . 2012-03-13 02:38 -------- d-----w- c:\windows\system32\css
2012-03-13 01:58 . 2012-03-13 01:58 -------- d-----w- c:\windows\system32\images
2012-03-13 01:58 . 2012-03-13 01:58 -------- d-----w- c:\program files\Business Objects
2012-03-13 01:55 . 2012-03-16 15:33 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-13 01:53 . 2012-03-13 01:53 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-13 01:52 . 2012-03-13 01:52 -------- d-----w- c:\windows\symbols
2012-03-13 01:52 . 2012-03-13 01:52 -------- d-----w- c:\windows\system32\1033
2012-03-13 01:51 . 2012-03-13 21:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-03-13 01:51 . 2012-03-13 01:52 -------- d-----w- c:\program files\HTML Help Workshop
2012-03-13 01:33 . 2012-03-13 01:58 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-13 01:33 . 2012-03-13 01:33 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-13 01:32 . 2012-03-13 01:32 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2012-03-13 01:30 . 2012-03-13 01:30 97296 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
2012-03-13 01:30 . 2012-03-13 01:30 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
2012-03-13 01:30 . 2012-03-13 01:30 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
2012-03-13 01:30 . 2012-03-13 01:30 95248 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
2012-03-13 01:30 . 2012-03-13 01:30 91152 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
2012-03-13 01:30 . 2012-03-13 01:30 81424 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
2012-03-13 01:30 . 2012-03-13 01:30 79888 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
2012-03-13 01:30 . 2012-03-13 01:30 76304 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
2012-03-13 01:30 . 2012-03-13 01:30 75792 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
2012-03-13 01:30 . 2012-03-13 01:30 562688 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 10:26 . 2012-01-24 13:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:17 . 2012-01-15 11:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-31 06:17 . 2012-01-15 11:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-30 03:02 . 2012-01-27 09:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 15:43 . 2012-03-11 15:43 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 15:43 . 2012-03-11 15:43 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 15:43 . 2012-03-11 15:43 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 15:43 . 2012-03-11 15:43 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 15:43 . 2012-03-11 15:43 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-11 09:39 . 2012-03-11 09:39 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe
2012-03-06 10:11 . 2012-03-06 10:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 09:02 . 2012-01-14 11:22 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-06 08:44 . 2012-03-06 08:45 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-06 08:44 . 2012-01-16 07:41 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 23:59 . 2012-02-21 18:36 812352 ----a-w- c:\windows\system32\nvumdshim.dll
2012-02-29 23:59 . 2012-02-21 18:36 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2012-02-21 18:36 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2012-02-21 18:36 301376 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-29 23:59 . 2012-02-21 18:36 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2012-02-21 18:36 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2012-02-21 18:36 215360 ----a-w- c:\windows\system32\nvinit.dll
2012-02-29 23:59 . 2012-02-21 18:36 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-29 23:59 . 2012-02-21 18:36 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2012-02-21 18:36 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2012-02-21 18:36 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2012-01-15 06:07 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2012-01-15 06:07 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2012-01-15 06:07 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 07:56 . 2012-02-29 07:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-23 16:23 . 2012-01-14 15:18 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2012-01-14 15:18 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2012-01-14 15:18 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2012-01-14 15:18 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2012-03-01 18:28 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-23 16:10 . 2012-01-14 15:18 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2012-01-14 15:18 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2012-01-14 15:18 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 03:48 . 2012-01-14 10:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 08:57 . 2012-01-15 09:17 5187744 ----a-w- c:\windows\PE_Rom.dll
2012-02-14 06:39 . 2012-02-14 06:39 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 13:57 . 2012-02-03 13:57 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-31 18:55 . 2012-01-31 18:55 10804768 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-25 06:29 . 2012-01-25 06:29 5253280 ----a-w- c:\windows\PE_File.dll
2012-01-15 06:24 . 2012-01-15 06:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-15 06:24 . 2012-01-15 06:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-15 06:24 . 2012-01-15 06:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-15 06:24 . 2012-01-15 06:24 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-15 06:24 . 2012-01-15 06:24 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-15 06:24 . 2012-01-15 06:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-15 06:24 . 2012-01-15 06:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-15 06:24 . 2012-01-15 06:24 367104 ----a-w- c:\windows\system32\html.iec
2012-01-15 06:24 . 2012-01-15 06:24 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-15 06:24 . 2012-01-15 06:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-15 06:24 . 2012-01-15 06:24 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-15 06:24 . 2012-01-15 06:24 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-15 06:24 . 2012-01-15 06:24 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-15 06:24 . 2012-01-15 06:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-15 06:24 . 2012-01-15 06:24 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-15 06:24 . 2012-01-15 06:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-15 06:24 . 2012-01-15 06:24 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 15:11 . 2012-01-14 15:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-14 15:11 . 2012-01-14 15:11 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-01-14 15:11 . 2012-01-14 15:11 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-01-14 09:37 . 2011-03-13 05:23 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-14 09:30 . 2012-01-14 09:30 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-01-14 08:56 . 2010-11-20 21:29 811520 ----a-w- c:\windows\system32\user32.dll
2012-01-14 08:56 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:56 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll
2012-03-13 04:39 . 2012-03-16 06:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-01-14 3310592]
"ASUS AiChargerPlus Execute"="c:\program files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"ASUS ShellProcess Execute"="c:\program files\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-13 302240]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-13 490656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"OmniPage Preload"="c:\program files\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 ALSysIO;ALSysIO;c:\users\Vikram\AppData\Local\Temp\ALSysIO.sys [x]
R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys [2011-09-15 20552]
R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys [2011-09-15 117832]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 43680]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-03-25 223088]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1343400]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 13696]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 261160]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 91936]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 112800]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [2011-11-02 196896]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-02 68896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 102376]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 311784]
S3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [2011-09-20 37448]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-06 242240]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2011-07-20 268968]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 22040]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RTCore32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:02]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 10:33]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 10:33]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=59.93.246.190:808;https=59.93.246.190:808;ftp=59.93.246.190:808;socks=59.93.246.190:1080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: ncodesolutions.com
TCP: DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
TCP: Interfaces\{A0FCFE2C-0228-4CB7-9712-55CC9708D751}: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1}: NameServer = 8.8.4.4,208.67.220.220
FF - ProfilePath - c:\users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\emn1jwc8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{3FD0C489-0F02-481a-A3E1-9754CD396761} - c:\program files\Intel\IntelR Watchdog Timer Driver (IntelR WDT)\Uninstall\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4156299321-180426101-3961678622-1000_Classes\CLSID\{06a5488b-9c41-4f8c-a1c9-4a6d99ecf3a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000004c
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4156299321-180426101-3961678622-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):88,c1,49,e8,bf,8d,0e,e8,ed,f0,6e,22,d5,e7,cd,3a,2e,57,29,c4,12,
   c1,07,37,3a,72,be,5a,c1,68,57,23,66,ce,6d,35,60,4c,fd,c0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
.
Completion time: 2012-04-11  12:33:57
ComboFix-quarantined-files.txt  2012-04-11 07:03
.
Pre-Run: 403,076,919,296 bytes free
Post-Run: 402,897,465,344 bytes free
.
- - End Of File - - B12C90DF8DF743EFD5D58CF6DC641CCD

#7 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 11 April 2012 - 02:22 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\system32\1033

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#8 levi

New Member

Members
9 posts

Posted 11 April 2012 - 03:10 AM

ComboFix 12-04-10.02 - Vikram 4/2012 Wed  13:09:16.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.3567.2040 [GMT 5.5:30]
Running from: e:\downloads\Programs\ComboFix.exe
Command switches used :: e:\downloads\Programs\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
  Error: Cfiles.dat
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
(((((((((((((((((((((((((   Files Created from 2012-03-11 to 2012-04-11  )))))))))))))))))))))))))))))))
.
.
2012-04-11 07:47 . 2012-04-11 07:47 -------- d-----w- c:\users\Vikram\AppData\Local\temp
2012-04-11 07:47 . 2012-04-11 07:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-11 07:47 . 2012-04-11 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 07:02 . 2012-04-11 07:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A4CBE7-03CC-4C90-86EA-9B0E79586A92}\offreg.dll
2012-04-10 20:07 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 20:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 20:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 20:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 20:06 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 20:06 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 18:33 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A4CBE7-03CC-4C90-86EA-9B0E79586A92}\mpengine.dll
2012-04-10 02:17 . 2012-04-10 02:17 -------- d-----w- c:\program files\GPU-Z
2012-04-10 01:53 . 2012-04-10 01:53 -------- d-----w- c:\program files\EVGA
2012-04-10 01:41 . 2012-04-11 06:51 -------- d-----w- c:\program files\EVGA Precision X
2012-04-10 01:18 . 2012-04-10 01:18 -------- d-----w- c:\users\UpdatusUser
2012-04-10 01:18 . 2012-02-29 20:58 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-10 01:18 . 2012-02-29 20:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-10 01:18 . 2012-02-29 20:55 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-10 01:18 . 2012-02-29 20:53 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-10 01:18 . 2012-02-29 20:53 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-04-10 01:18 . 2012-02-29 20:53 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-04-10 01:17 . 2012-04-10 01:17 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-10 01:17 . 2012-01-17 12:46 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-10 01:17 . 2012-01-17 12:45 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-10 01:17 . 2012-01-17 12:45 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-04-08 18:59 . 2012-04-08 18:59 -------- d-----w- c:\program files\Yukkuri Panic!
2012-04-08 18:58 . 2012-04-08 19:07 -------- d-----w- c:\program files\Yukkuri Panic! ADV
2012-04-08 05:59 . 2012-04-08 05:59 -------- d-----w- c:\program files\Will
2012-04-07 20:00 . 2012-04-07 20:00 -------- d-----w- c:\program files\MediaInfo
2012-04-07 11:32 . 2012-04-07 11:32 -------- d-----w- c:\users\Vikram\AppData\Roaming\savedata
2012-04-07 11:31 . 2012-04-07 11:31 -------- d-----w- c:\program files\あかべぇそふとつぅ
2012-04-06 19:52 . 2012-04-06 19:52 69632 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\NewShortcut11_3DCAB3F8E1464415A95392718B7291A4.exe
2012-04-06 19:52 . 2012-04-06 19:52 69632 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\NewShortcut1_413052402F904D9B89A1F5247527F664.exe
2012-04-06 19:52 . 2012-04-06 19:52 131072 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\NewShortcut3_6FC8A928D9BB4B5F87E47BFA2DFFBFE5.exe
2012-04-06 19:52 . 2012-04-06 19:52 69632 ----a-r- c:\users\Vikram\AppData\Roaming\Microsoft\Installer\{300D7C4F-086D-4D6F-969F-ED00006DE81C}\ARPPRODUCTICON.exe
2012-04-06 19:50 . 2012-04-06 19:50 -------- d-----w- c:\program files\CROSSNET
2012-04-06 18:54 . 2012-04-06 18:54 -------- d-----w- c:\program files\directx
2012-04-06 18:53 . 2012-04-06 18:53 -------- d-----w- c:\program files\AngelSmile
2012-04-03 09:17 . 2012-04-03 09:17 -------- d-----w- C:\programs
2012-03-31 20:51 . 2012-03-31 20:51 -------- d-----w- c:\program files\Xuse
2012-03-31 06:20 . 2012-03-31 06:20 -------- d-----w- c:\programdata\Pendulo Studios
2012-03-31 06:13 . 2012-03-31 06:13 -------- d-----w- c:\program files\Pendulo Studios
2012-03-31 05:49 . 2008-07-12 02:48 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-03-31 05:49 . 2008-07-12 02:48 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-03-31 05:49 . 2008-07-12 02:48 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-30 03:00 . 2012-03-30 03:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 18:32 . 2012-03-29 19:02 -------- d-----w- c:\program files\DISCIPLINE
2012-03-29 17:40 . 2012-03-29 17:40 -------- d-----w- c:\program files\AutoIt3
2012-03-29 17:10 . 2012-03-29 17:10 -------- d-----w- c:\users\Vikram\AppData\Local\Electronic Arts
2012-03-29 17:09 . 2012-03-29 17:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-29 16:07 . 2012-03-29 16:07 -------- d-----w- c:\program files\Ubisoft
2012-03-28 21:01 . 2012-03-28 21:01 -------- d-----w- C:\folder1
2012-03-28 15:05 . 2012-03-28 15:30 -------- d-----w- c:\program files\Sengoku Rance English
2012-03-28 11:46 . 2012-03-28 11:46 -------- d-----w- c:\users\Vikram\AppData\Roaming\RenPy
2012-03-27 11:09 . 2012-03-28 15:05 -------- d-----w- C:\AliceSoft
2012-03-26 17:08 . 1999-12-17 03:43 86016 ----a-w- c:\windows\unvise32.exe
2012-03-26 17:08 . 2012-03-26 17:08 -------- d-----w- c:\program files\G-Collections
2012-03-25 16:06 . 2012-03-25 16:06 -------- d-----w- C:\Baseson
2012-03-25 12:36 . 2006-03-26 07:46 40960 ----a-w- c:\windows\system32\StartAffinity.exe
2012-03-25 03:30 . 2012-03-25 03:30 -------- d-----w- c:\program files\Leaf
2012-03-24 19:27 . 2012-03-26 18:09 -------- d-----w- c:\users\Vikram\AppData\Roaming\Family Project
2012-03-24 16:30 . 2012-03-24 16:30 -------- d-----w- c:\programdata\ASign
2012-03-24 16:29 . 2012-03-24 16:29 -------- d-----w- C:\Liquid
2012-03-24 15:37 . 2012-03-24 15:37 -------- d-----w- c:\users\Vikram\AppData\Roaming\Waveform
2012-03-24 06:46 . 2012-03-30 03:21 -------- d-----w- c:\program files\Monte Cristo
2012-03-23 16:10 . 2012-03-23 16:10 -------- d-----w- c:\users\Vikram\AppData\Local\ElevatedDiagnostics
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 13:12 . 2012-03-18 13:12 -------- d-----w- c:\users\Vikram\AppData\Local\Eushully
2012-03-18 13:09 . 2012-03-18 13:09 -------- d-----w- c:\program files\Eushully
2012-03-16 11:08 . 2012-02-08 01:13 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-16 06:40 . 2012-03-13 04:39 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-16 06:40 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 06:40 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-15 10:59 . 2012-03-15 10:59 -------- d-----w- c:\users\Vikram\AppData\Roaming\Doublefine
2012-03-15 10:55 . 2012-03-15 10:55 -------- d-----w- c:\program files\Double Fine Productions
2012-03-15 10:29 . 2012-03-15 10:29 -------- d-----w- c:\programdata\Media Center Programs
2012-03-15 10:29 . 2012-03-16 08:57 -------- d-----w- c:\program files\Common Files\BioWare
2012-03-15 08:07 . 2012-03-15 09:25 -------- d-----w- C:\ConverterOutput
2012-03-15 08:06 . 2004-10-12 09:16 1761280 ----a-w- c:\windows\system32\ffdshow.ax
2012-03-15 08:06 . 2004-10-12 09:12 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-03-15 08:06 . 2004-10-12 09:10 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2012-03-15 08:06 . 2004-10-05 10:46 395776 ----a-w- c:\windows\system32\libmplayer.dll
2012-03-15 08:06 . 2004-10-03 20:20 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2012-03-15 08:06 . 2003-04-02 18:47 172032 ----a-w- c:\windows\system32\ac3filter.ax
2012-03-15 08:06 . 2003-03-25 01:19 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2012-03-15 08:06 . 2012-03-15 08:06 -------- d-----w- c:\program files\Cucusoft
2012-03-14 15:14 . 2012-03-14 21:31 -------- d-----w- c:\program files\JULIA
2012-03-14 06:22 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:04 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 06:04 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:04 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:04 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:04 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:04 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:04 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 05:59 . 2012-03-14 06:01 -------- d-----w- c:\programdata\Comodo
2012-03-13 21:35 . 2012-03-13 21:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-13 10:44 . 2012-03-13 10:44 -------- d-----w- c:\program files\Strange Loop Games
2012-03-13 02:21 . 2012-03-13 02:21 -------- d-----w- c:\program files\CE Remote Tools
2012-03-13 01:58 . 2012-03-13 02:38 -------- d-----w- c:\windows\system32\js
2012-03-13 01:58 . 2012-03-13 02:38 -------- d-----w- c:\windows\system32\css
2012-03-13 01:58 . 2012-03-13 01:58 -------- d-----w- c:\program files\Business Objects
2012-03-13 01:55 . 2012-03-16 15:33 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-13 01:53 . 2012-03-13 01:53 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-13 01:52 . 2012-03-13 01:52 -------- d-----w- c:\windows\symbols
2012-03-13 01:52 . 2012-03-13 01:52 -------- d-----w- c:\windows\system32\1033
2012-03-13 01:51 . 2012-03-13 21:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-03-13 01:51 . 2012-03-13 01:52 -------- d-----w- c:\program files\HTML Help Workshop
2012-03-13 01:33 . 2012-03-13 01:58 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-13 01:33 . 2012-03-13 01:33 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-13 01:32 . 2012-03-13 01:32 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2012-03-13 01:30 . 2012-03-13 01:30 97296 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
2012-03-13 01:30 . 2012-03-13 01:30 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
2012-03-13 01:30 . 2012-03-13 01:30 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
2012-03-13 01:30 . 2012-03-13 01:30 95248 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
2012-03-13 01:30 . 2012-03-13 01:30 91152 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
2012-03-13 01:30 . 2012-03-13 01:30 81424 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
2012-03-13 01:30 . 2012-03-13 01:30 79888 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
2012-03-13 01:30 . 2012-03-13 01:30 76304 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
2012-03-13 01:30 . 2012-03-13 01:30 75792 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
2012-03-13 01:30 . 2012-03-13 01:30 562688 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 10:26 . 2012-01-24 13:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:17 . 2012-01-15 11:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-31 06:17 . 2012-01-15 11:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-30 03:02 . 2012-01-27 09:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 15:43 . 2012-03-11 15:43 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 15:43 . 2012-03-11 15:43 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 15:43 . 2012-03-11 15:43 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 15:43 . 2012-03-11 15:43 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 15:43 . 2012-03-11 15:43 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-11 09:39 . 2012-03-11 09:39 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe
2012-03-06 10:11 . 2012-03-06 10:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 09:02 . 2012-01-14 11:22 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-06 08:44 . 2012-03-06 08:45 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-06 08:44 . 2012-01-16 07:41 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 23:59 . 2012-02-21 18:36 812352 ----a-w- c:\windows\system32\nvumdshim.dll
2012-02-29 23:59 . 2012-02-21 18:36 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2012-02-21 18:36 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2012-02-21 18:36 301376 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-29 23:59 . 2012-02-21 18:36 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2012-02-21 18:36 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2012-02-21 18:36 215360 ----a-w- c:\windows\system32\nvinit.dll
2012-02-29 23:59 . 2012-02-21 18:36 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-29 23:59 . 2012-02-21 18:36 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2012-02-21 18:36 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2012-02-21 18:36 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2012-01-15 06:07 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2012-01-15 06:07 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2012-01-15 06:07 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 07:56 . 2012-02-29 07:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-23 16:23 . 2012-01-14 15:18 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2012-01-14 15:18 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2012-01-14 15:18 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2012-01-14 15:18 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2012-03-01 18:28 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-23 16:10 . 2012-01-14 15:18 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2012-01-14 15:18 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2012-01-14 15:18 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 03:48 . 2012-01-14 10:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 08:57 . 2012-01-15 09:17 5187744 ----a-w- c:\windows\PE_Rom.dll
2012-02-14 06:39 . 2012-02-14 06:39 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 13:57 . 2012-02-03 13:57 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-31 18:55 . 2012-01-31 18:55 10804768 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-25 06:29 . 2012-01-25 06:29 5253280 ----a-w- c:\windows\PE_File.dll
2012-01-15 06:24 . 2012-01-15 06:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-15 06:24 . 2012-01-15 06:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-15 06:24 . 2012-01-15 06:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-15 06:24 . 2012-01-15 06:24 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-15 06:24 . 2012-01-15 06:24 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-15 06:24 . 2012-01-15 06:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-15 06:24 . 2012-01-15 06:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-15 06:24 . 2012-01-15 06:24 367104 ----a-w- c:\windows\system32\html.iec
2012-01-15 06:24 . 2012-01-15 06:24 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-15 06:24 . 2012-01-15 06:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-15 06:24 . 2012-01-15 06:24 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-15 06:24 . 2012-01-15 06:24 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-15 06:24 . 2012-01-15 06:24 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-15 06:24 . 2012-01-15 06:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-15 06:24 . 2012-01-15 06:24 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-15 06:24 . 2012-01-15 06:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-15 06:24 . 2012-01-15 06:24 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-14 15:11 . 2012-01-14 15:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-14 15:11 . 2012-01-14 15:11 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-01-14 15:11 . 2012-01-14 15:11 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-01-14 09:37 . 2011-03-13 05:23 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-14 09:30 . 2012-01-14 09:30 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-01-14 08:56 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-01-14 08:56 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll
2012-03-13 04:39 . 2012-03-16 06:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2012-01-12 2789280]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-01-14 3310592]
"ASUS AiChargerPlus Execute"="c:\program files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"ASUS ShellProcess Execute"="c:\program files\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-13 302240]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-13 490656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"OmniPage Preload"="c:\program files\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-04-02 96768]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 ALSysIO;ALSysIO;c:\users\Vikram\AppData\Local\Temp\ALSysIO.sys [x]
R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys [2011-09-15 20552]
R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys [2011-09-15 117832]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 43680]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-03-25 223088]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1343400]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 13696]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 261160]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 91936]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 112800]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [2011-11-02 196896]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-02 68896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 102376]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 311784]
S3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [2011-09-20 37448]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-06 242240]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2011-07-20 268968]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 22040]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RTCore32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:02]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 10:33]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 10:33]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=59.93.246.190:808;https=59.93.246.190:808;ftp=59.93.246.190:808;socks=59.93.246.190:1080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: ncodesolutions.com
TCP: DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8
TCP: Interfaces\{A0FCFE2C-0228-4CB7-9712-55CC9708D751}: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1}: NameServer = 8.8.4.4,208.67.220.220
FF - ProfilePath - c:\users\Vikram\AppData\Roaming\Mozilla\Firefox\Profiles\emn1jwc8.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4156299321-180426101-3961678622-1000_Classes\CLSID\{06a5488b-9c41-4f8c-a1c9-4a6d99ecf3a1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000004c
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4156299321-180426101-3961678622-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):88,c1,49,e8,bf,8d,0e,e8,ed,f0,6e,22,d5,e7,cd,3a,2e,57,29,c4,12,
   c1,07,37,3a,72,be,5a,c1,68,57,23,66,ce,6d,35,60,4c,fd,c0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
.
Completion time: 2012-04-11  13:18:15
ComboFix-quarantined-files.txt  2012-04-11 07:48
ComboFix2.txt  2012-04-11 07:09
.
Pre-Run: 402,941,313,024 bytes free
Post-Run: 402,645,110,784 bytes free
.
- - End Of File - - 666E9E1F3E346858127120260D30C41C

#9 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 11 April 2012 - 04:52 AM

Please locate and manually delete this folder:
c:\windows\system32\1033

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#10 levi

New Member

Members
9 posts

Posted 11 April 2012 - 05:08 AM

Deleted the above mentioned folder and emptied recycle bin as well.

#11 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 11 April 2012 - 05:12 AM

Please compress C:\Qoobox folder:
http://windows.micro...files-zip-files

Then upload it in:
http://www.4shared.com/

Finally, send me a PM with the download link.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#12 levi

New Member

Members
9 posts

Posted 11 April 2012 - 07:57 AM

Sent you the required PM.

#13 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 11 April 2012 - 01:46 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#14 levi

New Member

Members
9 posts

Posted 12 April 2012 - 05:55 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f09667b67387874e96fef035b3e7613b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 09:45:20
# local_time=2012-04-12 03:15:20 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 2512390 9916845 0 0
# compatibility_mode=5893 16776573 100 94 0 85849418 0 0
# compatibility_mode=8192 67108863 100 0 51182 51182 0 0
# scanned=250006
# found=13
# cleaned=13
# scan_time=3893
D:\agth\agth.dll probably a variant of Win32/AGTH.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Motorola Upgrades\CM7 Recommended\SuperOneClickv2.1.1-ShortFuse\Exploits\GingerBreak Android/Exploit.Lotoor.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Motorola Upgrades\CM7 Recommended\SuperOneClickv2.1.1-ShortFuse\Exploits\psneuter Android/Exploit.Lotoor.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Translation Aggregator 0.4.9.r171\agth.dll probably a variant of Win32/AGTH.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\cnet_windirstat1_1_2_setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\DefragSetup.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\FreemakeVideoConverter_3.0.1.3.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\notepad-portable.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\SkipScreen-Setup.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\smart-defrag-setup-beta.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Downloads\Programs\video23gp_install.exe Win32/Adware.MarketScore.A application (deleted - quarantined) 00000000000000000000000000000000 C
E:\jdownloads\Nero10Lite MAK\Nero10Lite_MAK\Nero_Lite_Installer.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C

#15 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 12 April 2012 - 06:28 AM

How are things now?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#16 levi

New Member

Members
9 posts

Posted 12 April 2012 - 08:52 AM

The latest quick scans by MB Anti-Malware seem to be coming up clean after I updated to the latest database. Hopefully my machine is completely clean now. Thank you for your help!

#17 Maniac

Forum Deity

Experts
17,444 posts

Gender:Male
Location:Bulgaria, EU

Posted 12 April 2012 - 03:11 PM

Glad I could help!

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner. Manually delete DDS and TDSSKiller.

Some malware prevention tips:
http://forums.malwar...=0

Safe surfing!

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#18 LDTate

Forum Deity

Moderators
20,228 posts

Gender:Male
Location:Missouri, USA

Posted 18 April 2012 - 07:44 AM

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Larry Tate
Consumer Support Specialist

Back to Resolved HijackThis Logs

Also tagged with one or more of these keywords: stolen.data, trojan

Malwarebytes Anti-Malware Support → False Positives → File Detections → False Positive: Trojan.FakeMS.TT Started by candystand, 15 Jun 2013 trojan, false, positive	8 replies 330 views	arkmabat 17 Jun 2013
Malwarebytes Anti-Malware Support → False Positives → File Detections → Help? Started by IROBotEagle, 15 Jun 2013 Trojan	2 replies 74 views	shadowwar 15 Jun 2013
Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → Laptop Malware - Packer? Zbot? Rootkit.0Access? Started by mosedavid, 09 Jun 2013 Zbot, Malware.packer, Trojan and 1 more... 1 2	Hot 23 replies 246 views	Maurice Naggar 11 Jun 2013
Malware Removal Support → Malware Removal Help → Bug Battling For 2 Weeks & Still Cannot Get It - NEED HELP! Started by ChildPlease, 07 Jun 2013 Virus, Malware, Adware, Rogue and 1 more...	1 reply 65 views	D-FRED-BROWN 07 Jun 2013
Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → Trojan: PSW.onlinegames4.ALGT Started by aejulian, 03 Jun 2013 trojan	8 replies 197 views	Maurice Naggar 09 Jun 2013

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Malwarebytes keeps finding Stolen.Data items

Also tagged with one or more of these keywords: stolen.data, trojan

0 user(s) are reading this topic

Sign In