Fermions

Frankly, it's not your fault, Maniac. No anti-virus picks it up. I wonder how rare this virus is? It must be, because we've tried some serious software; and yet - nothing. One of a kind virus! The tips haven't really got me to know anything new; even so, thank you. I suppose there's no longer purpose to leave this thread open now.

Still nothing; I can't believe this... I've had it! Clean slate. Will re-install OS. Thank you for help anyway.

It has given me the "all clean"; there's not much in terms of log, so to speak. Quite a peculiar virus, as I was playing League of Legends, the "Oh-oh" sound played, along with some random music. I think about starting a search for all media files; once I will have found the needed files, I'll erase them. Still, that's getting rid of consequence rather than removing the virus itself. The log-file: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK

ComboFix 12-10-04.01 - asus 04.10.2012 13:04:23.2.8 - x64 Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.8078.5905 [GMT 4:00] Running from: c:\users\asus\Desktop\ComboFix.exe Command switches used :: c:\users\asus\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\asus\AppData\Local\28050 c:\users\asus\AppData\Local\28050\eidos\82d47fd\cache\persistent\BA8C6DA4D591E3B712775DC910D39928FFAFE49D c:\users\asus\AppData\Local\dxhr c:\users\asus\AppData\Local\dxhr\cache\cache.dat c:\users\asus\AppData\Local\dxhr\dftm.dat c:\users\asus\AppData\Local\dxhr\dfts.dat c:\users\asus\AppData\Local\dxhr\user.var . . ((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 ))))))))))))))))))))))))))))))) . . 2012-10-04 09:08 . 2012-10-04 09:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-03 20:42 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17A5F69D-F93A-418E-BDFF-29C351FC33E2}\mpengine.dll 2012-10-03 17:06 . 2010-07-25 18:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll 2012-10-03 17:06 . 2010-07-25 18:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx 2012-10-03 17:06 . 2010-07-25 18:23 33968 ----a-w- c:\windows\SysWow64\anim.dll 2012-10-03 17:06 . 2010-07-25 18:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll 2012-10-03 17:06 . 2010-07-25 18:23 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL 2012-10-03 17:06 . 2010-07-25 18:23 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL 2012-10-03 09:02 . 2012-10-03 09:02 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F10CB5C-15DD-4B8B-B78B-807BA22B69F9}\gapaengine.dll 2012-10-03 09:02 . 2012-07-05 12:13 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-03 09:02 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-02 21:25 . 2012-10-02 21:25 -------- d-----r- C:\Sandbox 2012-10-02 21:24 . 2012-10-02 21:24 -------- d-----w- c:\program files\Sandboxie 2012-10-02 00:00 . 2012-10-02 00:00 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP 2012-10-01 23:58 . 2012-10-01 23:58 -------- d-----w- c:\users\Administrator 2012-10-01 23:53 . 2012-10-01 23:53 -------- d-----w- c:\programdata\mergeparts 2012-10-01 23:50 . 2012-10-01 23:50 -------- d-----w- c:\program files (x86)\Paragon Software 2012-10-01 23:39 . 2012-10-01 23:39 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-10-01 23:38 . 2012-10-01 23:39 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-10-01 23:21 . 2012-10-01 23:21 -------- d-----w- c:\programdata\redistpart 2012-10-01 23:20 . 2012-10-01 23:20 -------- d-----w- c:\programdata\explauncher 2012-10-01 23:20 . 2012-10-01 23:20 -------- d-----w- c:\programdata\launcher 2012-10-01 23:08 . 2012-10-01 23:08 24448 ----a-w- c:\windows\SysWow64\drivers\rkhdrv40.sys 2012-10-01 22:54 . 2012-10-01 22:54 2 --shatr- c:\windows\winstart.bat 2012-10-01 22:54 . 2012-10-01 22:54 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-10-01 22:53 . 2012-10-01 22:53 -------- d-----w- c:\program files (x86)\Greatis 2012-09-26 23:31 . 2012-09-26 23:31 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes 2012-09-26 23:30 . 2012-09-26 23:30 -------- d-----w- c:\programdata\Malwarebytes 2012-09-26 23:30 . 2012-09-07 13:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-26 23:30 . 2012-09-26 23:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-26 08:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 20:42 . 2012-10-01 20:43 -------- d-----w- c:\users\asus\AppData\Roaming\SumatraPDF 2012-09-25 20:41 . 2012-09-25 20:41 -------- d-----w- c:\program files (x86)\SumatraPDF 2012-09-22 17:28 . 2012-10-03 17:05 -------- d-----w- c:\users\asus\AppData\Roaming\GlarySoft 2012-09-22 11:24 . 2012-09-22 11:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-09-21 19:24 . 2012-09-21 19:24 -------- d-----w- c:\users\asus\AppData\Local\Microsoft Help 2012-09-21 19:22 . 2012-09-22 17:23 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-09-21 19:22 . 2012-09-22 17:23 -------- d-----w- c:\programdata\Microsoft Help 2012-09-21 19:22 . 2012-09-21 19:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-09-19 19:59 . 2012-09-19 19:59 -------- d-----w- c:\users\asus\AppData\Roaming\Silverball Studios 2012-09-19 19:59 . 2012-09-19 19:59 -------- d-----w- c:\programdata\JAGUAR 2012-09-18 17:15 . 2012-09-25 18:51 -------- d-----w- c:\users\asus\AppData\Local\Dxtory Software 2012-09-17 08:44 . 2012-09-17 08:44 -------- d-----w- c:\windows\SysWow64\NV 2012-09-17 08:44 . 2012-09-17 08:44 -------- d-----w- c:\windows\system32\NV 2012-09-17 08:42 . 2012-10-02 08:57 -------- d-----w- c:\users\UpdatusUser 2012-09-17 08:40 . 2012-09-17 08:40 -------- d-----w- c:\windows\Sun 2012-09-17 08:40 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-09-17 08:40 . 2012-08-30 16:18 865640 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-09-17 08:40 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-09-17 08:40 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-09-17 08:40 . 2012-08-30 16:18 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-09-17 08:40 . 2012-08-30 16:18 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-09-17 08:40 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-09-17 08:40 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-09-17 08:40 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-09-17 08:39 . 2012-09-17 08:39 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-09-17 08:33 . 2012-09-17 08:33 -------- d-----w- C:\NVIDIA 2012-09-16 12:14 . 2012-09-16 12:14 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-16 12:14 . 2012-09-16 12:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-16 12:14 . 2012-09-16 12:14 -------- d-----w- c:\program files (x86)\Java 2012-09-12 17:43 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 17:43 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 17:43 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 17:43 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 17:43 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 17:43 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 17:43 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-10 20:04 . 2012-09-16 19:21 -------- d-----w- c:\program files (x86)\UltraISO 2012-09-10 19:58 . 2012-09-10 20:00 -------- d-----w- C:\USB_MultiBoot_10 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\winevt 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\wfp 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\SMI 2012-09-10 16:46 . 2012-09-10 16:46 -------- d-----w- c:\programdata\FLEXnet 2012-09-08 20:57 . 2012-09-08 20:57 -------- d-----w- c:\users\asus\AppData\Local\CAPCOM 2012-09-08 20:57 . 2012-09-08 20:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2012-09-08 17:06 . 2001-05-04 20:05 505104 ----a-r- c:\windows\SysWow64\msxml.dll 2012-09-08 17:06 . 1998-06-24 09:00 115016 ----a-r- c:\windows\SysWow64\MSINET.OCX 2012-09-08 17:06 . 2002-06-17 16:25 26088 ----a-r- c:\windows\SysWow64\xmlinst.exe 2012-09-08 17:06 . 2002-04-24 21:43 35840 ----a-r- c:\windows\SysWow64\comdlg32.oca 2012-09-08 17:06 . 2002-04-10 02:23 29184 ----a-r- c:\windows\SysWow64\MSINET.oca 2012-09-08 17:06 . 2001-05-04 20:05 28432 ----a-r- c:\windows\SysWow64\msxmlr.dll 2012-09-08 17:06 . 2000-05-22 09:00 140488 ----a-r- c:\windows\SysWow64\comdlg32.ocx 2012-09-08 17:06 . 2000-03-17 17:21 36864 ----a-r- c:\windows\SysWow64\xmlparse.dll 2012-09-08 17:06 . 2000-03-17 17:21 69632 ----a-r- c:\windows\SysWow64\xmltok.dll 2012-09-08 17:06 . 2012-09-08 17:06 -------- d-----w- c:\program files (x86)\Ubi Soft 2012-09-08 17:06 . 1998-06-18 09:00 89360 ----a-r- c:\windows\SysWow64\VB5DB.DLL 2012-09-08 17:06 . 2012-09-08 17:06 57344 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{88D489A4-D954-414F-9F49-117EFB372951}\_A2A8F60BF71B_4A7D_94E7_DD1F6B6EB4A3.exe 2012-09-08 17:03 . 2012-09-08 17:03 53248 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe 2012-09-08 17:02 . 2012-09-08 17:04 53248 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll 2012-09-08 17:02 . 2012-09-08 17:04 126976 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe 2012-09-08 17:02 . 2012-09-08 17:04 114688 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll 2012-09-04 21:40 . 2012-09-04 21:40 -------- d-----w- c:\users\asus\AppData\Local\stellarium 2012-09-04 21:40 . 2012-09-04 21:40 -------- d-----w- c:\users\asus\AppData\Roaming\Stellarium . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-04 08:32 . 2012-07-04 15:05 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-10-04 08:32 . 2012-07-05 12:01 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-10-02 17:32 . 2012-07-05 12:01 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe 2012-10-02 17:32 . 2012-07-05 12:01 58288 ------w- c:\windows\SysWow64\rpcnet.exe 2012-10-02 17:30 . 2012-07-04 15:08 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll 2012-10-02 17:29 . 2012-07-04 15:05 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe 2012-10-02 00:07 . 2012-04-23 20:37 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-10-02 00:07 . 2012-04-23 20:37 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-10-02 00:00 . 2012-04-23 20:32 3058304 ----a-w- c:\windows\AsScrPro.exe 2012-09-16 12:14 . 2012-07-05 10:58 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-16 12:14 . 2012-07-05 10:58 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-13 07:41 . 2012-07-05 14:53 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-30 18:03 . 2012-08-30 18:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 18:03 . 2012-03-20 16:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 06:40 . 2012-08-30 06:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-08-20 19:44 . 2012-08-20 19:44 1700352 ------w- c:\windows\SysWow64\gdiplus.dll 2012-08-20 19:44 . 2012-08-20 19:44 1060864 ------w- c:\windows\SysWow64\mfc71.dll 2012-08-14 12:37 . 2012-08-14 12:37 70344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 12:37 . 2012-08-14 12:37 426184 ------w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-27 17:20 . 2012-07-27 16:51 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-07-26 15:08 . 2012-07-26 15:08 862664 ------w- c:\windows\SysWow64\msvcr110.dll 2012-07-26 15:08 . 2012-07-26 15:08 82888 ------w- c:\windows\SysWow64\mfcm110u.dll 2012-07-26 15:08 . 2012-07-26 15:08 82888 ------w- c:\windows\SysWow64\mfcm110.dll 2012-07-26 15:08 . 2012-07-26 15:08 74704 ------w- c:\windows\SysWow64\mfc110fra.dll 2012-07-26 15:08 . 2012-07-26 15:08 74704 ------w- c:\windows\SysWow64\mfc110deu.dll 2012-07-26 15:08 . 2012-07-26 15:08 73680 ------w- c:\windows\SysWow64\mfc110esn.dll 2012-07-26 15:08 . 2012-07-26 15:08 72656 ------w- c:\windows\SysWow64\mfc110ita.dll 2012-07-26 15:08 . 2012-07-26 15:08 70608 ------w- c:\windows\SysWow64\mfc110rus.dll 2012-07-26 15:08 . 2012-07-26 15:08 64976 ------w- c:\windows\SysWow64\mfc110enu.dll 2012-07-26 15:08 . 2012-07-26 15:08 53712 ------w- c:\windows\SysWow64\mfc110jpn.dll 2012-07-26 15:08 . 2012-07-26 15:08 534480 ------w- c:\windows\SysWow64\msvcp110.dll 2012-07-26 15:08 . 2012-07-26 15:08 53200 ------w- c:\windows\SysWow64\mfc110kor.dll 2012-07-26 15:08 . 2012-07-26 15:08 46032 ------w- c:\windows\SysWow64\mfc110cht.dll 2012-07-26 15:08 . 2012-07-26 15:08 46032 ------w- c:\windows\SysWow64\mfc110chs.dll 2012-07-26 15:08 . 2012-07-26 15:08 4446152 ------w- c:\windows\SysWow64\mfc110u.dll 2012-07-26 15:08 . 2012-07-26 15:08 4411848 ------w- c:\windows\SysWow64\mfc110.dll 2012-07-26 15:08 . 2012-07-26 15:08 320976 ------w- c:\windows\SysWow64\vcamp110.dll 2012-07-26 15:08 . 2012-07-26 15:08 251864 ------w- c:\windows\SysWow64\vccorlib110.dll 2012-07-26 15:08 . 2012-07-26 15:08 153536 ------w- c:\windows\SysWow64\atl110.dll 2012-07-26 15:08 . 2012-07-26 15:08 115656 ------w- c:\windows\SysWow64\vcomp110.dll 2012-07-18 18:15 . 2012-08-15 14:40 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 20:07 . 2012-08-15 14:48 552960 ----a-w- c:\windows\system32\drivers\bthport.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 TolbarUpdater;Toolbar Updater;c:\users\asus\AppData\Local\Temp\ToolbarUpdater.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 rkhdrv40;Rootkit Unhooker Driver; [x] R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736] R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 iusb3hcs;Драйвер хост-контроллера и коммутатора Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-16 277120] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-10-28 106144] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-28 363800] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-28 158880] S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968] S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-07 16512] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-10-28 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-28 330912] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-28 110240] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-10-28 30368] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-10-28 167584] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-10-28 68256] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-10-28 280992] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-10-28 521376] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488] S3 iusb3hub;Драйвер концентратора Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120] S3 iusb3xhc;Драйвер расширяемого хост-контроллера Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-10-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 09:41] . 2012-10-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 09:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-28 984224] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-28 800416] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-22 440600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="PhotoManagerDeluxe.8.alb" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-04 13:09:35 ComboFix-quarantined-files.txt 2012-10-04 09:09 ComboFix2.txt 2012-10-03 20:42 . Pre-Run: 353 819 279 360 байт свободно Post-Run: 353 747 369 984 байт свободно . - - End Of File - - 0536B0D10A43185D99051DA123545CD0

ComboFix 12-10-03.03 - asus 04.10.2012 0:36.1.8 - x64 Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.8078.4878 [GMT 4:00] Running from: c:\users\asus\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\ntuser.dat c:\users\asus\AppData\Local\uninst.tmp c:\windows\Download.ico c:\windows\SysWow64\components c:\windows\SysWow64\components\binary.manifest c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 ))))))))))))))))))))))))))))))) . . 2012-10-03 20:41 . 2012-10-03 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-03 17:06 . 2010-07-25 18:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll 2012-10-03 17:06 . 2010-07-25 18:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx 2012-10-03 17:06 . 2010-07-25 18:23 33968 ----a-w- c:\windows\SysWow64\anim.dll 2012-10-03 17:06 . 2010-07-25 18:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll 2012-10-03 17:06 . 2010-07-25 18:23 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL 2012-10-03 17:06 . 2010-07-25 18:23 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL 2012-10-03 16:11 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EC44236-BFC5-4B87-B707-5D8C1CD2999F}\mpengine.dll 2012-10-03 09:02 . 2012-10-03 09:02 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F10CB5C-15DD-4B8B-B78B-807BA22B69F9}\gapaengine.dll 2012-10-03 09:02 . 2012-07-05 12:13 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-03 09:02 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-02 21:25 . 2012-10-02 21:25 -------- d-----r- C:\Sandbox 2012-10-02 21:24 . 2012-10-02 21:24 -------- d-----w- c:\program files\Sandboxie 2012-10-02 00:00 . 2012-10-02 00:00 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP 2012-10-01 23:58 . 2012-10-01 23:58 -------- d-----w- c:\users\Administrator 2012-10-01 23:53 . 2012-10-01 23:53 -------- d-----w- c:\programdata\mergeparts 2012-10-01 23:50 . 2012-10-01 23:50 -------- d-----w- c:\program files (x86)\Paragon Software 2012-10-01 23:39 . 2012-10-01 23:39 310368 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-10-01 23:38 . 2012-10-01 23:39 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-10-01 23:21 . 2012-10-01 23:21 -------- d-----w- c:\programdata\redistpart 2012-10-01 23:20 . 2012-10-01 23:20 -------- d-----w- c:\programdata\explauncher 2012-10-01 23:20 . 2012-10-01 23:20 -------- d-----w- c:\programdata\launcher 2012-10-01 23:08 . 2012-10-01 23:08 24448 ----a-w- c:\windows\SysWow64\drivers\rkhdrv40.sys 2012-10-01 22:54 . 2012-10-01 22:54 2 --shatr- c:\windows\winstart.bat 2012-10-01 22:54 . 2012-10-01 22:54 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-10-01 22:53 . 2012-10-01 22:53 -------- d-----w- c:\program files (x86)\Greatis 2012-09-26 23:31 . 2012-09-26 23:31 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes 2012-09-26 23:30 . 2012-09-26 23:30 -------- d-----w- c:\programdata\Malwarebytes 2012-09-26 23:30 . 2012-09-07 13:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-26 23:30 . 2012-09-26 23:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-26 08:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 20:42 . 2012-10-01 20:43 -------- d-----w- c:\users\asus\AppData\Roaming\SumatraPDF 2012-09-25 20:41 . 2012-09-25 20:41 -------- d-----w- c:\program files (x86)\SumatraPDF 2012-09-22 17:28 . 2012-10-03 17:05 -------- d-----w- c:\users\asus\AppData\Roaming\GlarySoft 2012-09-22 11:24 . 2012-09-22 11:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-09-21 19:24 . 2012-09-21 19:24 -------- d-----w- c:\users\asus\AppData\Local\Microsoft Help 2012-09-21 19:22 . 2012-09-22 17:23 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-09-21 19:22 . 2012-09-22 17:23 -------- d-----w- c:\programdata\Microsoft Help 2012-09-21 19:22 . 2012-09-21 19:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-09-19 19:59 . 2012-09-19 19:59 -------- d-----w- c:\users\asus\AppData\Roaming\Silverball Studios 2012-09-19 19:59 . 2012-09-19 19:59 -------- d-----w- c:\programdata\JAGUAR 2012-09-18 17:15 . 2012-09-25 18:51 -------- d-----w- c:\users\asus\AppData\Local\Dxtory Software 2012-09-17 08:44 . 2012-09-17 08:44 -------- d-----w- c:\windows\SysWow64\NV 2012-09-17 08:44 . 2012-09-17 08:44 -------- d-----w- c:\windows\system32\NV 2012-09-17 08:42 . 2012-10-02 08:57 -------- d-----w- c:\users\UpdatusUser 2012-09-17 08:40 . 2012-09-17 08:40 -------- d-----w- c:\windows\Sun 2012-09-17 08:40 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-09-17 08:40 . 2012-08-30 16:18 865640 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-09-17 08:40 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-09-17 08:40 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-09-17 08:40 . 2012-08-30 16:18 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-09-17 08:40 . 2012-08-30 16:18 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-09-17 08:40 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-09-17 08:40 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-09-17 08:40 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-09-17 08:39 . 2012-09-17 08:39 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-09-17 08:33 . 2012-09-17 08:33 -------- d-----w- C:\NVIDIA 2012-09-16 15:31 . 2012-09-20 13:06 -------- d-----w- c:\users\asus\AppData\Local\dxhr 2012-09-16 15:30 . 2012-09-16 15:30 -------- d-----w- c:\users\asus\AppData\Local\28050 2012-09-16 12:14 . 2012-09-16 12:14 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-16 12:14 . 2012-09-16 12:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-16 12:14 . 2012-09-16 12:14 -------- d-----w- c:\program files (x86)\Java 2012-09-12 17:43 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 17:43 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 17:43 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 17:43 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 17:43 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 17:43 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 17:43 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-10 20:04 . 2012-09-16 19:21 -------- d-----w- c:\program files (x86)\UltraISO 2012-09-10 19:58 . 2012-09-10 20:00 -------- d-----w- C:\USB_MultiBoot_10 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\winevt 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\wfp 2012-09-10 16:50 . 2012-09-10 16:50 -------- d-----w- c:\windows\SysWow64\SMI 2012-09-10 16:46 . 2012-09-10 16:46 -------- d-----w- c:\programdata\FLEXnet 2012-09-08 20:57 . 2012-09-08 20:57 -------- d-----w- c:\users\asus\AppData\Local\CAPCOM 2012-09-08 20:57 . 2012-09-08 20:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2012-09-08 17:06 . 2001-05-04 20:05 505104 ----a-r- c:\windows\SysWow64\msxml.dll 2012-09-08 17:06 . 1998-06-24 09:00 115016 ----a-r- c:\windows\SysWow64\MSINET.OCX 2012-09-08 17:06 . 2002-06-17 16:25 26088 ----a-r- c:\windows\SysWow64\xmlinst.exe 2012-09-08 17:06 . 2002-04-24 21:43 35840 ----a-r- c:\windows\SysWow64\comdlg32.oca 2012-09-08 17:06 . 2002-04-10 02:23 29184 ----a-r- c:\windows\SysWow64\MSINET.oca 2012-09-08 17:06 . 2001-05-04 20:05 28432 ----a-r- c:\windows\SysWow64\msxmlr.dll 2012-09-08 17:06 . 2000-05-22 09:00 140488 ----a-r- c:\windows\SysWow64\comdlg32.ocx 2012-09-08 17:06 . 2000-03-17 17:21 36864 ----a-r- c:\windows\SysWow64\xmlparse.dll 2012-09-08 17:06 . 2000-03-17 17:21 69632 ----a-r- c:\windows\SysWow64\xmltok.dll 2012-09-08 17:06 . 2012-09-08 17:06 -------- d-----w- c:\program files (x86)\Ubi Soft 2012-09-08 17:06 . 1998-06-18 09:00 89360 ----a-r- c:\windows\SysWow64\VB5DB.DLL 2012-09-08 17:06 . 2012-09-08 17:06 57344 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{88D489A4-D954-414F-9F49-117EFB372951}\_A2A8F60BF71B_4A7D_94E7_DD1F6B6EB4A3.exe 2012-09-08 17:03 . 2012-09-08 17:03 53248 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe 2012-09-08 17:02 . 2012-09-08 17:04 53248 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll 2012-09-08 17:02 . 2012-09-08 17:04 126976 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe 2012-09-08 17:02 . 2012-09-08 17:04 114688 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll 2012-09-04 21:40 . 2012-09-04 21:40 -------- d-----w- c:\users\asus\AppData\Local\stellarium 2012-09-04 21:40 . 2012-09-04 21:40 -------- d-----w- c:\users\asus\AppData\Roaming\Stellarium . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-03 11:31 . 2012-07-04 15:05 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-10-03 11:31 . 2012-07-05 12:01 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-10-02 17:32 . 2012-07-05 12:01 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe 2012-10-02 17:32 . 2012-07-05 12:01 58288 ------w- c:\windows\SysWow64\rpcnet.exe 2012-10-02 17:30 . 2012-07-04 15:08 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll 2012-10-02 17:29 . 2012-07-04 15:05 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe 2012-10-02 00:07 . 2012-04-23 20:37 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-10-02 00:07 . 2012-04-23 20:37 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-10-02 00:00 . 2012-04-23 20:32 3058304 ----a-w- c:\windows\AsScrPro.exe 2012-09-16 12:14 . 2012-07-05 10:58 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-16 12:14 . 2012-07-05 10:58 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-13 07:41 . 2012-07-05 14:53 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-30 18:03 . 2012-08-30 18:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 18:03 . 2012-03-20 16:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 06:40 . 2012-08-30 06:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-08-20 19:44 . 2012-08-20 19:44 1700352 ------w- c:\windows\SysWow64\gdiplus.dll 2012-08-20 19:44 . 2012-08-20 19:44 1060864 ------w- c:\windows\SysWow64\mfc71.dll 2012-08-14 12:37 . 2012-08-14 12:37 70344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 12:37 . 2012-08-14 12:37 426184 ------w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-27 17:20 . 2012-07-27 16:51 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2012-07-26 15:08 . 2012-07-26 15:08 862664 ------w- c:\windows\SysWow64\msvcr110.dll 2012-07-26 15:08 . 2012-07-26 15:08 82888 ------w- c:\windows\SysWow64\mfcm110u.dll 2012-07-26 15:08 . 2012-07-26 15:08 82888 ------w- c:\windows\SysWow64\mfcm110.dll 2012-07-26 15:08 . 2012-07-26 15:08 74704 ------w- c:\windows\SysWow64\mfc110fra.dll 2012-07-26 15:08 . 2012-07-26 15:08 74704 ------w- c:\windows\SysWow64\mfc110deu.dll 2012-07-26 15:08 . 2012-07-26 15:08 73680 ------w- c:\windows\SysWow64\mfc110esn.dll 2012-07-26 15:08 . 2012-07-26 15:08 72656 ------w- c:\windows\SysWow64\mfc110ita.dll 2012-07-26 15:08 . 2012-07-26 15:08 70608 ------w- c:\windows\SysWow64\mfc110rus.dll 2012-07-26 15:08 . 2012-07-26 15:08 64976 ------w- c:\windows\SysWow64\mfc110enu.dll 2012-07-26 15:08 . 2012-07-26 15:08 53712 ------w- c:\windows\SysWow64\mfc110jpn.dll 2012-07-26 15:08 . 2012-07-26 15:08 534480 ------w- c:\windows\SysWow64\msvcp110.dll 2012-07-26 15:08 . 2012-07-26 15:08 53200 ------w- c:\windows\SysWow64\mfc110kor.dll 2012-07-26 15:08 . 2012-07-26 15:08 46032 ------w- c:\windows\SysWow64\mfc110cht.dll 2012-07-26 15:08 . 2012-07-26 15:08 46032 ------w- c:\windows\SysWow64\mfc110chs.dll 2012-07-26 15:08 . 2012-07-26 15:08 4446152 ------w- c:\windows\SysWow64\mfc110u.dll 2012-07-26 15:08 . 2012-07-26 15:08 4411848 ------w- c:\windows\SysWow64\mfc110.dll 2012-07-26 15:08 . 2012-07-26 15:08 320976 ------w- c:\windows\SysWow64\vcamp110.dll 2012-07-26 15:08 . 2012-07-26 15:08 251864 ------w- c:\windows\SysWow64\vccorlib110.dll 2012-07-26 15:08 . 2012-07-26 15:08 153536 ------w- c:\windows\SysWow64\atl110.dll 2012-07-26 15:08 . 2012-07-26 15:08 115656 ------w- c:\windows\SysWow64\vcomp110.dll 2012-07-18 18:15 . 2012-08-15 14:40 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 20:07 . 2012-08-15 14:48 552960 ----a-w- c:\windows\system32\drivers\bthport.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 TolbarUpdater;Toolbar Updater;c:\users\asus\AppData\Local\Temp\ToolbarUpdater.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 rkhdrv40;Rootkit Unhooker Driver; [x] R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736] R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 iusb3hcs;Драйвер хост-контроллера и коммутатора Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248] S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-16 277120] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-10-28 106144] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-28 363800] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-28 158880] S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968] S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-07 16512] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-10-28 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-28 330912] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-28 110240] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-10-28 30368] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-10-28 167584] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-10-28 68256] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-10-28 280992] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-10-28 521376] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488] S3 iusb3hub;Драйвер концентратора Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120] S3 iusb3xhc;Драйвер расширяемого хост-контроллера Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2012-10-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 09:41] . 2012-10-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 09:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-28 984224] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-28 800416] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-22 440600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="PhotoManagerDeluxe.8.alb" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-04 00:42:33 ComboFix-quarantined-files.txt 2012-10-03 20:42 . Pre-Run: 343 597 088 768 байт свободно Post-Run: 344 085 454 848 байт свободно . - - End Of File - - 4A12B6C1D3DBF146A354B22F551835DC

Hello, Maniac. I've uninstalled uTorrent; updated MBAM, and let it run a quick scan. It hasn't found anything. aswMBR, upon startup, advised that I update virus-definitions, I've complied. I ran a quick scan. Now, to the logs. Malwarebytes' Anti-Malware log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.03.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 asus :: ASUS-ПК [administrator] 03.10.2012 20:01:16 mbam-log-2012-10-03 (20-01-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231780 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-03 20:04:25 ----------------------------- 20:04:25.669 OS Version: Windows x64 6.1.7601 Service Pack 1 20:04:25.670 Number of processors: 8 586 0x3A09 20:04:25.670 ComputerName: ASUS-ПК UserName: asus 20:04:25.806 Initialze error 1 20:06:58.724 AVAST engine defs: 12100301 20:07:04.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:07:04.502 Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3 20:07:04.504 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 20:07:04.505 Disk 1 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3 20:07:04.513 Disk 0 MBR read successfully 20:07:04.515 Disk 0 MBR scan 20:07:04.519 Disk 0 unknown MBR code 20:07:04.521 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 20:07:04.556 Disk 0 scanning C:\Windows\system32\drivers 20:07:04.559 Service scanning 20:07:05.088 Modules scanning 20:07:05.091 Disk 0 trace - called modules: 20:07:05.179 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 20:07:05.182 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bd5060] 20:07:05.187 3 CLASSPNP.SYS[fffff88001d2043f] -> nt!IofCallDriver -> [0xfffffa800752db10] 20:07:05.191 5 ACPI.sys[fffff88000f8d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800758c050] 20:07:05.194 AVAST engine scan C:\Windows 20:07:05.198 AVAST engine scan C:\Windows\system32 20:07:05.203 AVAST engine scan C:\Windows\system32\drivers 20:07:05.207 AVAST engine scan C:\Users\asus 20:07:05.211 AVAST engine scan C:\ProgramData 20:07:05.215 Scan finished successfully 20:07:23.571 Disk 0 MBR has been saved successfully to "C:\Users\asus\Desktop\MBR.dat" 20:07:23.575 The log file has been saved successfully to "C:\Users\asus\Desktop\aswMBR.txt" DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by asus at 20:09:48 on 2012-10-03 Microsoft Windows 7 Домашняя расширенная 6.1.7601.1.1251.7.1049.18.8078.5465 [GMT 4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\FBAgent.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\SysWOW64\rpcnet.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Users\asus\AppData\Local\Temp\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Elantech\ETDGesture.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\AsScrPro.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\CPUID\HWMonitor\HWMonitor.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Sandboxie\SandboxieRpcSs.exe C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files\Sandboxie\SandboxieCrypto.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Windows\SysWOW64\WinMonitor.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Помощник по входу с помощью идентификатора Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2}\4435C4D22363430355 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2}\449627D24313230244 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2}\94E44554253425F43535 : DhcpNameServer = 10.0.0.11 10.0.1.11 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} {9030D464-4C02-4ABF-8ECC-5164760863C6} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll SEH-X64: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Драйвер хост-контроллера и коммутатора Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-28 106144] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-4-24 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-24 161560] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-17 1258856] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TolbarUpdater;Toolbar Updater;C:\Users\asus\AppData\Local\Temp\ToolbarUpdater.exe [2012-7-20 508416] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-24 363800] R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-28 158880] R3 AsusVBus;AsusVBus;C:\Windows\system32\DRIVERS\AsusVBus.sys --> C:\Windows\system32\DRIVERS\AsusVBus.sys [?] R3 AsusVTouch;AsusVTouch;C:\Windows\system32\DRIVERS\AsusVTouch.sys --> C:\Windows\system32\DRIVERS\AsusVTouch.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 iusb3hub;Драйвер концентратора Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Драйвер расширяемого хост-контроллера Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-13 276248] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Служба технологий активации Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-03 13:09:06 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4024FAFC-AA66-4F0D-BA73-9C293A82A4E7}\mpengine.dll 2012-10-03 09:02:13 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F10CB5C-15DD-4B8B-B78B-807BA22B69F9}\gapaengine.dll 2012-10-03 09:02:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-03 09:02:04 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-02 21:25:57 -------- d-----r- C:\Sandbox 2012-10-02 21:24:09 -------- d-----w- C:\Program Files\Sandboxie 2012-10-02 08:46:24 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-02 00:15:34 98816 ----a-w- C:\Windows\sed.exe 2012-10-02 00:15:34 518144 ----a-w- C:\Windows\SWREG.exe 2012-10-02 00:15:34 256000 ----a-w- C:\Windows\PEV.exe 2012-10-02 00:15:34 208896 ----a-w- C:\Windows\MBR.exe 2012-10-02 00:00:52 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP 2012-10-01 23:53:42 -------- d-----w- C:\ProgramData\mergeparts 2012-10-01 23:50:59 -------- d-----w- C:\Program Files (x86)\Paragon Software 2012-10-01 23:39:58 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-10-01 23:38:22 132704 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2012-10-01 23:21:31 -------- d-----w- C:\ProgramData\redistpart 2012-10-01 23:20:53 -------- d-----w- C:\ProgramData\explauncher 2012-10-01 23:20:52 -------- d-----w- C:\ProgramData\launcher 2012-10-01 23:08:27 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys 2012-10-01 22:54:08 2 --shatr- C:\Windows\winstart.bat 2012-10-01 22:54:07 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-10-01 22:53:11 -------- d-----w- C:\Program Files (x86)\Greatis 2012-09-26 23:31:30 -------- d-----w- C:\Users\asus\AppData\Roaming\Malwarebytes 2012-09-26 23:30:14 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-26 23:30:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-26 23:30:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-26 08:28:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-25 20:42:01 -------- d-----w- C:\Users\asus\AppData\Roaming\SumatraPDF 2012-09-25 20:41:57 -------- d-----w- C:\Program Files (x86)\SumatraPDF 2012-09-22 17:28:34 -------- d-----w- C:\Users\asus\AppData\Roaming\GlarySoft 2012-09-22 17:28:33 -------- d-----w- C:\Program Files (x86)\Glary Utilities 2012-09-21 19:24:17 -------- d-----w- C:\Users\asus\AppData\Local\Microsoft Help 2012-09-21 19:22:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-09-21 19:22:34 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2012-09-19 19:59:06 -------- d-----w- C:\Users\asus\AppData\Roaming\Silverball Studios 2012-09-19 19:59:06 -------- d-----w- C:\ProgramData\JAGUAR 2012-09-18 17:15:49 -------- d-----w- C:\Users\asus\AppData\Local\Dxtory Software 2012-09-17 08:44:43 -------- d-----w- C:\Windows\SysWow64\NV 2012-09-17 08:44:43 -------- d-----w- C:\Windows\System32\NV 2012-09-17 08:40:45 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-09-17 08:40:45 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll 2012-09-17 08:40:45 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-09-17 08:40:45 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2012-09-17 08:40:45 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-09-17 08:40:45 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-09-17 08:40:45 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-09-17 08:40:44 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-09-17 08:40:44 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-09-17 08:39:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-09-17 08:33:53 -------- d-----w- C:\NVIDIA 2012-09-16 15:31:54 -------- d-----w- C:\Users\asus\AppData\Local\dxhr 2012-09-16 15:30:50 -------- d-----w- C:\Users\asus\AppData\Local\28050 2012-09-16 12:14:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-12 17:43:37 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 17:43:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 17:43:36 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 17:43:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 17:43:36 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 17:43:36 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 17:43:36 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-10 20:04:53 -------- d-----w- C:\Program Files (x86)\UltraISO 2012-09-10 19:58:03 -------- d-----w- C:\USB_MultiBoot_10 2012-09-10 16:50:11 -------- d-----w- C:\Windows\SysWow64\wbem\Performance 2012-09-10 16:50:05 -------- d-----w- C:\Windows\SysWow64\winevt 2012-09-10 16:50:05 -------- d-----w- C:\Windows\SysWow64\wfp 2012-09-10 16:50:05 -------- d-----w- C:\Windows\SysWow64\SMI 2012-09-09 23:59:34 15112 ----a-w- C:\Users\asus\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll 2012-09-08 20:57:35 -------- d-----w- C:\Users\asus\AppData\Local\CAPCOM 2012-09-08 20:57:00 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2012-09-08 17:06:37 505104 ----a-r- C:\Windows\SysWow64\msxml.dll 2012-09-08 17:06:36 115016 ----a-r- C:\Windows\SysWow64\MSINET.OCX 2012-09-08 17:06:34 69632 ----a-r- C:\Windows\SysWow64\xmltok.dll 2012-09-08 17:06:34 36864 ----a-r- C:\Windows\SysWow64\xmlparse.dll 2012-09-08 17:06:34 35840 ----a-r- C:\Windows\SysWow64\comdlg32.oca 2012-09-08 17:06:34 29184 ----a-r- C:\Windows\SysWow64\MSINET.oca 2012-09-08 17:06:34 28432 ----a-r- C:\Windows\SysWow64\msxmlr.dll 2012-09-08 17:06:34 26088 ----a-r- C:\Windows\SysWow64\xmlinst.exe 2012-09-08 17:06:34 140488 ----a-r- C:\Windows\SysWow64\comdlg32.ocx 2012-09-08 17:06:33 89360 ----a-r- C:\Windows\SysWow64\VB5DB.DLL 2012-09-08 17:06:33 -------- d-----w- C:\Program Files (x86)\Ubi Soft 2012-09-08 17:06:11 57344 ----a-r- C:\Users\asus\AppData\Roaming\Microsoft\Installer\{88D489A4-D954-414F-9F49-117EFB372951}\_A2A8F60BF71B_4A7D_94E7_DD1F6B6EB4A3.exe 2012-09-08 17:03:10 53248 ----a-r- C:\Users\asus\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe 2012-09-08 17:02:03 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll 2012-09-08 17:02:03 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe 2012-09-08 17:02:02 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll 2012-09-04 21:40:02 -------- d-----w- C:\Users\asus\AppData\Local\stellarium 2012-09-04 21:40:00 -------- d-----w- C:\Users\asus\AppData\Roaming\Stellarium . ==================== Find3M ==================== . 2012-10-03 11:31:10 17920 ----a-w- C:\Windows\System32\rpcnetp.exe 2012-10-03 11:31:06 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll 2012-10-02 17:32:51 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe 2012-10-02 17:32:42 58288 ------w- C:\Windows\SysWow64\rpcnet.exe 2012-10-02 17:30:03 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll 2012-10-02 17:29:22 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe 2012-10-02 00:07:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-10-02 00:07:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-10-02 00:00:39 3058304 ----a-w- C:\Windows\AsScrPro.exe 2012-09-19 20:33:22 128512 ----a-w- C:\Windows\SysWow64\WinMonitor.exe 2012-09-19 20:33:20 17864381 ----a-w- C:\Windows\SysWow64\libs.exe 2012-09-16 12:14:30 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-16 12:14:30 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-30 18:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-30 18:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-30 06:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-20 19:44:57 1700352 ------w- C:\Windows\SysWow64\gdiplus.dll 2012-08-20 19:44:57 1060864 ------w- C:\Windows\SysWow64\mfc71.dll 2012-08-14 12:37:08 70344 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 12:37:08 426184 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-27 17:20:52 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys . ============= FINISH: 20:10:14,94 =============== I assume that you do not require attach.txt log this time around, correct?

First off, hello and thank you for any future input. Now, to the issue at hand; I've been infected with a strange virus - it plays random sounds (songs, ICQ's incoming message sound ["Oh-oh!"], etc) - for the last five days. Songs/sounds (the files themselves) played are very-well hidden; in fact, I can't have downloaded them on my own, as the genre of music isn't in my taste at all; plus, I don't have ICQ installed on this machine. The playback of said files is carried out in sporadic fashion. Also, it mostly happens at later hours. I've checked scheduled tasks, there's nothing suspicious there. Also, I ran MalwareBytes Anti-Malware software (unpaid, free version) and it finds nothing. Security Essentials finds nothing, either. Now, to my setup. I'm running SRWare Iron web-browser under sand-boxing software (the Sandboxie, namely). The system should be secure; alas, this isn't the case. I've only been infected once before - the virus was trivial, and easy to remove. While quite confident with computers, I haven't been able to pinpoint the underlying cause for aforementioned behavior, so I figured I should seek help here as MalwareBytes' software is darn good. I'm attaching DDS logs, just as guidelines want us to. The files have some Cyrillic text within them - but that is just trivial Microsoft stuff. Need be, I can easily translate them. For anyone that has read my blabbering up until now, you have my gratitude. Now, let us begin the virus-hunt. ~~ Sorry for the double post, but I've missed perhaps the most important point - when the virus does its handiwork, a new sound source appears in the volume mixer. Its name roughly translates as, "name-data missing". I can actually MUTE those sounds. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by asus at 1:03:01 on 2012-10-03 Microsoft Windows 7 Äîìàøíÿÿ ðàñøèðåííàÿ 6.1.7601.1.1251.7.1049.18.8078.4989 [GMT 4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\FBAgent.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\igfxpers.exe C:\Windows\AsScrPro.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe D:\Steam\Steam.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Users\asus\AppData\Local\Temp\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Elantech\ETDGesture.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\DllHost.exe C:\Program Files\CPUID\HWMonitor\HWMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Pidgin\pidgin.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\Upgrd.exe C:\Windows\SysWOW64\rpcnet.exe C:\Windows\SysWOW64\WinMonitor.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Program Files (x86)\SRWare Iron\iron.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Ïîìîùíèê ïî âõîäó ñ ïîìîùüþ èäåíòèôèêàòîðà Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [steam] "D:\Steam\Steam.exe" -silent mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2}\4435C4D22363430355 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2}\449627D24313230244 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{204CA800-381E-4981-881F-FAB96B61FDD2}\94E44554253425F43535 : DhcpNameServer = 10.0.0.11 10.0.1.11 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} {9030D464-4C02-4ABF-8ECC-5164760863C6} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll SEH-X64: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Äðàéâåð õîñò-êîíòðîëëåðà è êîììóòàòîðà Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-28 106144] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-4-24 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-24 161560] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-17 1258856] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TolbarUpdater;Toolbar Updater;C:\Users\asus\AppData\Local\Temp\ToolbarUpdater.exe [2012-7-20 508416] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-24 363800] R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-28 158880] R3 AsusVBus;AsusVBus;C:\Windows\system32\DRIVERS\AsusVBus.sys --> C:\Windows\system32\DRIVERS\AsusVBus.sys [?] R3 AsusVTouch;AsusVTouch;C:\Windows\system32\DRIVERS\AsusVTouch.sys --> C:\Windows\system32\DRIVERS\AsusVTouch.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 iusb3hub;Äðàéâåð êîíöåíòðàòîðà Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Äðàéâåð ðàñøèðÿåìîãî õîñò-êîíòðîëëåðà Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-13 276248] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Ñëóæáà òåõíîëîãèé àêòèâàöèè Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-30 19:54:30 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-02 20:54:39 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C14901AD-1ECA-4C32-A912-8D4869D9C63D}\mpengine.dll 2012-10-02 08:46:24 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-02 00:15:34 98816 ----a-w- C:\Windows\sed.exe 2012-10-02 00:15:34 518144 ----a-w- C:\Windows\SWREG.exe 2012-10-02 00:15:34 256000 ----a-w- C:\Windows\PEV.exe 2012-10-02 00:15:34 208896 ----a-w- C:\Windows\MBR.exe 2012-10-02 00:00:52 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP 2012-10-01 23:53:42 -------- d-----w- C:\ProgramData\mergeparts 2012-10-01 23:50:59 -------- d-----w- C:\Program Files (x86)\Paragon Software 2012-10-01 23:39:58 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-10-01 23:38:22 132704 ----a-w- C:\Windows\System32\drivers\fltsrv.sys 2012-10-01 23:21:31 -------- d-----w- C:\ProgramData\redistpart 2012-10-01 23:20:53 -------- d-----w- C:\ProgramData\explauncher 2012-10-01 23:20:52 -------- d-----w- C:\ProgramData\launcher 2012-10-01 23:08:27 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys 2012-10-01 22:54:08 2 --shatr- C:\Windows\winstart.bat 2012-10-01 22:54:07 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-10-01 22:53:11 -------- d-----w- C:\Program Files (x86)\Greatis 2012-09-26 23:31:30 -------- d-----w- C:\Users\asus\AppData\Roaming\Malwarebytes 2012-09-26 23:30:14 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-26 23:30:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-26 23:30:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-26 08:28:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-25 20:42:01 -------- d-----w- C:\Users\asus\AppData\Roaming\SumatraPDF 2012-09-25 20:41:57 -------- d-----w- C:\Program Files (x86)\SumatraPDF 2012-09-22 17:28:34 -------- d-----w- C:\Users\asus\AppData\Roaming\GlarySoft 2012-09-22 17:28:33 -------- d-----w- C:\Program Files (x86)\Glary Utilities 2012-09-21 19:24:17 -------- d-----w- C:\Users\asus\AppData\Local\Microsoft Help 2012-09-21 19:22:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-09-21 19:22:34 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2012-09-19 19:59:06 -------- d-----w- C:\Users\asus\AppData\Roaming\Silverball Studios 2012-09-19 19:59:06 -------- d-----w- C:\ProgramData\JAGUAR 2012-09-18 17:15:49 -------- d-----w- C:\Users\asus\AppData\Local\Dxtory Software 2012-09-17 08:44:43 -------- d-----w- C:\Windows\SysWow64\NV 2012-09-17 08:44:43 -------- d-----w- C:\Windows\System32\NV 2012-09-17 08:40:45 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-09-17 08:40:45 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll 2012-09-17 08:40:45 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-09-17 08:40:45 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2012-09-17 08:40:45 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-09-17 08:40:45 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-09-17 08:40:45 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-09-17 08:40:44 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-09-17 08:40:44 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-09-17 08:39:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-09-17 08:33:53 -------- d-----w- C:\NVIDIA 2012-09-16 15:31:54 -------- d-----w- C:\Users\asus\AppData\Local\dxhr 2012-09-16 15:30:50 -------- d-----w- C:\Users\asus\AppData\Local\28050 2012-09-16 12:14:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-12 17:43:37 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 17:43:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 17:43:36 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 17:43:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 17:43:36 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 17:43:36 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 17:43:36 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-10 20:04:53 -------- d-----w- C:\Program Files (x86)\UltraISO 2012-09-10 19:58:03 -------- d-----w- C:\USB_MultiBoot_10 2012-09-10 16:50:11 -------- d-----w- C:\Windows\SysWow64\wbem\Performance 2012-09-10 16:50:05 -------- d-----w- C:\Windows\SysWow64\winevt 2012-09-10 16:50:05 -------- d-----w- C:\Windows\SysWow64\wfp 2012-09-10 16:50:05 -------- d-----w- C:\Windows\SysWow64\SMI 2012-09-09 23:59:34 15112 ----a-w- C:\Users\asus\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll 2012-09-08 20:57:35 -------- d-----w- C:\Users\asus\AppData\Local\CAPCOM 2012-09-08 20:57:00 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2012-09-08 17:06:37 505104 ----a-r- C:\Windows\SysWow64\msxml.dll 2012-09-08 17:06:36 115016 ----a-r- C:\Windows\SysWow64\MSINET.OCX 2012-09-08 17:06:34 69632 ----a-r- C:\Windows\SysWow64\xmltok.dll 2012-09-08 17:06:34 36864 ----a-r- C:\Windows\SysWow64\xmlparse.dll 2012-09-08 17:06:34 35840 ----a-r- C:\Windows\SysWow64\comdlg32.oca 2012-09-08 17:06:34 29184 ----a-r- C:\Windows\SysWow64\MSINET.oca 2012-09-08 17:06:34 28432 ----a-r- C:\Windows\SysWow64\msxmlr.dll 2012-09-08 17:06:34 26088 ----a-r- C:\Windows\SysWow64\xmlinst.exe 2012-09-08 17:06:34 140488 ----a-r- C:\Windows\SysWow64\comdlg32.ocx 2012-09-08 17:06:33 89360 ----a-r- C:\Windows\SysWow64\VB5DB.DLL 2012-09-08 17:06:33 -------- d-----w- C:\Program Files (x86)\Ubi Soft 2012-09-08 17:06:11 57344 ----a-r- C:\Users\asus\AppData\Roaming\Microsoft\Installer\{88D489A4-D954-414F-9F49-117EFB372951}\_A2A8F60BF71B_4A7D_94E7_DD1F6B6EB4A3.exe 2012-09-08 17:03:10 53248 ----a-r- C:\Users\asus\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F522ED7EA612_4117_B86D_78467DE01E30.exe 2012-09-08 17:02:03 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll 2012-09-08 17:02:03 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe 2012-09-08 17:02:02 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll 2012-09-04 21:40:02 -------- d-----w- C:\Users\asus\AppData\Local\stellarium 2012-09-04 21:40:00 -------- d-----w- C:\Users\asus\AppData\Roaming\Stellarium . ==================== Find3M ==================== . 2012-10-02 17:33:19 17920 ----a-w- C:\Windows\System32\rpcnetp.exe 2012-10-02 17:33:13 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll 2012-10-02 17:32:51 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe 2012-10-02 17:32:42 58288 ------w- C:\Windows\SysWow64\rpcnet.exe 2012-10-02 17:30:03 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll 2012-10-02 17:29:22 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe 2012-10-02 00:07:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-10-02 00:07:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-10-02 00:00:39 3058304 ----a-w- C:\Windows\AsScrPro.exe 2012-09-19 20:33:22 128512 ----a-w- C:\Windows\SysWow64\WinMonitor.exe 2012-09-19 20:33:20 17864381 ----a-w- C:\Windows\SysWow64\libs.exe 2012-09-16 12:14:30 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-16 12:14:30 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-30 18:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-30 18:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-30 06:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-20 19:44:57 1700352 ------w- C:\Windows\SysWow64\gdiplus.dll 2012-08-20 19:44:57 1060864 ------w- C:\Windows\SysWow64\mfc71.dll 2012-08-14 12:37:08 70344 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 12:37:08 426184 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-27 17:20:52 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 1:03:16,09 =============== DDS.txt Attach.txt