Attach.txt & text.txt for you guys!

Jake91 · September 22, 2013

I was redirected here by a lovely poster http://forums.malwarebytes.org/index.php?showtopic=133723 named Daledoc and he linked me the steps to posting here! I have explained my troubles on that thread and believe im infected with some sort of RAT which is holding me back from opening my bank account to see if i've gotten payed, buying things off amazon/ebay and steam. I feel very unsafe and paranoid and would greatly appreciate if you could help me.

attach.rar

dds.txt

Maniac · September 22, 2013

Hello Jake91! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Before start working two things:

1) Immediately, change all of your passwords from a different clean PC. Also, contact your bank and let me them know about your situation.

2) P2P/Piracy Warning:

If you're using Peer 2 Peer software such as Vuze or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, generate a new fresh DDS log files and post them directly in your reply.

Jake91 · September 23, 2013

Thank you for your reply, i have removed Vuze but i have Visual Studios that i downloaded from cnet and other websites is that a problem??

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2
Run by Savo at 17:45:27 on 2013-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13574 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 202.76.170.228 203.123.69.7
TCP: Interfaces\{0802C297-C1B9-4221-8D89-88089E8B2F17} : DHCPNameServer = 202.76.170.228 203.123.69.7
TCP: Interfaces\{0DA94E5C-646B-4B93-B618-4392D04062E0} : DHCPNameServer = 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-12 283064]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-9-16 46792]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-8-17 852264]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-8-17 555304]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-10 701512]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-10 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-8-20 33464]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-8-21 141496]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-8-20 30904]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-13 42184]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-21 19456]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-21 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-11 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2013-09-22 15:12:08 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-09-22 15:12:08 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-09-22 15:11:56 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-09-22 15:11:34 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-09-22 15:10:05 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-09-22 15:09:45 -------- d-----w- C:\Users\Savo\AppData\Roaming\Riot Games
2013-09-21 13:07:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-21 13:07:35 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-09-21 13:07:35 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-21 13:07:35 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-21 13:07:35 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-21 13:07:35 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-21 13:07:35 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-21 13:07:33 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-09-21 13:07:33 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-09-20 15:21:25 -------- d-----w- C:\Users\Savo\AppData\Roaming\Kalypso Media
2013-09-20 06:36:48 -------- d-----w- C:\NVIDIA
2013-09-20 06:34:25 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66E87B1D-39C3-4F1A-A36A-301D4C3A7D10}\mpengine.dll
2013-09-19 08:47:11 -------- d-----w- C:\ProgramData\clone.AD
2013-09-19 08:46:40 -------- d-----w- C:\Users\Savo\AppData\Local\clone.AD
2013-09-19 08:26:43 -------- d-----w- C:\Users\Savo\AppData\Local\Apple Computer
2013-09-19 08:26:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-09-19 08:24:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 08:24:53 -------- d-----w- C:\Program Files\iPod
2013-09-19 08:24:53 -------- d-----w- C:\Program Files (x86)\iTunes
2013-09-19 08:24:52 -------- d-----w- C:\Program Files\iTunes
2013-09-19 08:24:24 -------- d-----w- C:\Users\Savo\AppData\Local\Apple
2013-09-19 08:23:26 -------- d-----w- C:\Program Files\Bonjour
2013-09-19 08:23:26 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-09-19 03:19:07 -------- d-----w- C:\Users\Savo\AppData\Local\Rockstar Games
2013-09-18 16:16:13 -------- d-----w- C:\Users\Savo\AppData\Roaming\New Technology Studio
2013-09-18 16:16:13 -------- d-----w- C:\Users\Savo\AppData\Local\New Technology Studio
2013-09-18 13:04:45 -------- d-----w- C:\Program Files (x86)\v1.2
2013-09-18 09:30:31 -------- d-sh--w- C:\ProgramData\SecuROM
2013-09-18 08:47:28 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-09-18 08:46:19 -------- d-----w- C:\Windows\SysWow64\xlive
2013-09-18 08:46:18 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-09-17 15:01:07 -------- d-----w- C:\Users\Savo\AppData\Roaming\.mono
2013-09-17 02:43:59 -------- d-----w- C:\Users\Savo\AppData\Local\Eclipse
2013-09-17 02:39:21 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2013-09-17 02:39:20 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-17 02:39:17 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-16 07:19:09 -------- d-----w- C:\ProgramData\Hotspot Shield
2013-09-16 07:18:30 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-09-16 07:18:30 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2013-09-16 07:18:29 -------- d-----w- C:\Users\Savo\AppData\Roaming\Hotspot Shield
2013-09-16 07:18:16 -------- d-----w- C:\Users\Savo\AppData\Local\TNT2
2013-09-16 05:19:55 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2013-09-16 05:19:53 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup
2013-09-16 05:19:50 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2013-09-16 05:01:04 1988096 ----a-w- C:\Windows\System32\libmysql_e.dll
2013-09-16 05:01:02 -------- d-----w- C:\Program Files\PremiumSoft
2013-09-16 02:05:01 -------- d-----w- C:\Users\Savo\AppData\Roaming\HeidiSQL
2013-09-16 01:47:10 269824 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2013-09-16 01:47:10 269824 ----a-w- C:\Windows\SysWow64\libssl32.dll
2013-09-16 01:47:10 1178624 ----a-w- C:\Windows\SysWow64\libeay32.dll
2013-09-16 01:37:47 -------- d-----w- C:\Users\Savo\AppData\Local\GitExtensions
2013-09-16 01:37:36 -------- d-----w- C:\Users\Savo\AppData\Roaming\GitExtensions
2013-09-16 01:35:46 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2013-09-16 01:35:40 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2013-09-16 01:32:39 -------- d-----w- C:\Users\Savo\AppData\Local\Microsoft Help
2013-09-16 01:23:15 -------- d-----w- C:\ProgramData\HeidiSQL
2013-09-16 01:23:15 -------- d-----w- C:\Program Files (x86)\HeidiSQL
2013-09-16 01:18:51 -------- d-----w- C:\Program Files (x86)\Git
2013-09-16 01:18:16 -------- d-----w- C:\Program Files (x86)\KDiff3
2013-09-16 01:18:02 -------- d-----w- C:\Program Files (x86)\CMake 2.8
2013-09-16 01:16:57 -------- d-----w- C:\Program Files (x86)\GitExtensions
2013-09-15 23:45:13 -------- d-----r- C:\Program Files (x86)\Skype
2013-09-15 10:34:34 -------- d-----w- C:\Users\Savo\AppData\Local\PAYDAY 2
2013-09-15 03:54:41 -------- d-----w- C:\Users\Savo\AppData\Roaming\CodeBlocks
2013-09-15 03:54:13 -------- d-----w- C:\Program Files (x86)\CodeBlocks
2013-09-14 08:53:35 -------- d-----w- C:\Users\Savo\AppData\Roaming\NVIDIA
2013-09-14 08:32:36 -------- d-----w- C:\Users\Savo\AppData\Roaming\.technic
2013-09-14 08:32:03 -------- d-----w- C:\ProgramData\Oracle
2013-09-14 08:31:46 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-14 08:31:46 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-14 08:31:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-14 01:35:07 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2013-09-12 21:57:54 -------- d-----w- C:\Users\Savo\AppData\Local\.inapptracking
2013-09-12 21:56:03 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-09-12 21:56:02 -------- d-----w- C:\Program Files (x86)\Steam
2013-09-12 10:21:24 -------- d-----w- C:\Users\Savo\AppData\Local\FLT
2013-09-12 09:00:28 -------- d-----w- C:\ProgramData\Steam
2013-09-12 05:37:30 -------- d-----w- C:\Program Files\CCleaner
2013-09-12 01:12:53 -------- d-----w- C:\Windows\System32\MRT
2013-09-11 22:25:48 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-09-11 22:25:45 -------- d-----w- C:\Users\Savo\AppData\Roaming\DAEMON Tools Lite
2013-09-11 22:25:44 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-09-11 22:24:57 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-09-11 20:13:01 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 20:09:33 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-11 20:09:33 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-11 15:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-11 02:05:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2013-09-11 01:25:08 -------- d-----w- C:\Users\Savo\AppData\Roaming\PowerISO
2013-09-11 01:23:55 -------- d--h--w- C:\ProgramData\Common Files
2013-09-10 19:24:34 15901448 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2013-09-10 19:24:34 1510176 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-09-10 19:24:33 1832224 ----a-w- C:\Windows\System32\nvdispco6432049.dll
2013-09-10 19:24:33 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432049.dll
2013-09-10 19:11:47 -------- d-----w- C:\Windows\SysWow64\Wat
2013-09-10 19:11:47 -------- d-----w- C:\Windows\System32\Wat
2013-09-10 07:12:27 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-10 07:12:27 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-10 07:12:27 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-10 07:12:27 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-10 07:04:34 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 06:56:46 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-09-10 06:49:16 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-09-10 06:49:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-09-10 06:49:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-09-10 06:49:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-09-10 06:49:16 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-09-10 06:27:00 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-10 05:14:01 2489504 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-09-10 05:07:51 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-10 05:07:49 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-10 05:05:02 -------- d-----w- C:\Program Files\Application Verifier
2013-09-10 05:05:02 -------- d-----w- C:\Program Files (x86)\Application Verifier
2013-09-10 05:04:23 -------- d-----w- C:\ProgramData\Windows App Certification Kit
2013-09-10 05:00:15 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-09-10 04:56:20 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2013-09-10 04:53:17 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2013-09-10 04:53:10 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools
2013-09-10 04:52:55 -------- d-----w- C:\Program Files\Microsoft
2013-09-10 04:52:44 -------- d-----w- C:\Program Files\IIS Express
2013-09-10 04:52:44 -------- d-----w- C:\Program Files (x86)\IIS Express
2013-09-10 04:52:27 -------- d-----w- C:\Program Files (x86)\NuGet
2013-09-10 04:50:52 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services
2013-09-10 04:50:44 -------- d-----w- C:\Program Files\IIS
2013-09-10 04:50:44 -------- d-----w- C:\Program Files (x86)\IIS
2013-09-10 04:47:36 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-09-10 04:47:08 -------- d-----w- C:\Program Files (x86)\Windows Kits
2013-09-10 04:37:00 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2013-09-10 04:36:48 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2013-09-10 04:27:26 -------- d-----w- C:\Windows\SysWow64\1033
2013-09-10 04:26:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-09-10 04:26:01 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-09-10 04:20:28 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2013-09-10 04:20:03 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-09-10 04:20:01 -------- d-----w- C:\Windows\System32\1033
2013-09-10 04:19:49 -------- d-----w- C:\Program Files\Microsoft Visual Studio 11.0
2013-09-10 04:03:10 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-09-10 04:03:10 -------- d-----w- C:\ProgramData\Package Cache
2013-09-10 03:07:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-09-10 03:07:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-09-10 03:07:31 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-09-10 03:07:31 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-09-10 03:07:18 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-09-10 03:07:18 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-09-10 03:07:18 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-09-10 03:07:18 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-09-10 03:05:46 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-09-10 03:05:46 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-10 03:05:46 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-09-10 03:05:46 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-10 03:05:46 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-10 03:05:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-10 03:05:45 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-10 03:05:45 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-09-10 03:05:05 2871808 ----a-w- C:\Windows\explorer.exe
2013-09-10 03:05:05 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-09-10 03:05:00 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-09-10 03:05:00 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2013-09-10 03:03:56 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-09-10 03:03:55 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-09-10 03:03:55 111448 ----a-w- C:\Windows\System32\consent.exe
2013-09-10 03:03:53 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-09-10 03:02:31 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2013-09-10 03:02:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-09-10 03:02:31 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-09-10 03:02:21 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-09-10 03:02:18 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-09-10 03:02:18 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-09-10 03:02:11 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-09-10 03:02:10 395776 ----a-w- C:\Windows\System32\webio.dll
2013-09-10 03:01:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-09-10 03:01:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-09-10 03:01:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-09-10 03:01:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-09-10 03:00:02 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-09-10 03:00:02 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-09-10 03:00:02 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-09-10 03:00:02 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-09-10 03:00:02 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-09-10 03:00:02 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-09-10 03:00:02 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-09-10 03:00:01 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2013-09-10 03:00:01 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2013-09-10 03:00:00 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2013-09-10 03:00:00 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2013-09-10 02:58:56 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2013-09-10 02:55:43 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-09-10 02:55:43 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-09-10 02:55:40 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-09-10 02:55:40 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-09-10 02:55:38 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-10 02:55:38 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-10 02:55:18 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-09-10 02:51:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2013-09-10 02:51:35 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2013-09-10 02:51:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2013-09-10 02:51:35 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2013-09-10 02:50:45 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-09-10 02:50:39 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-10 02:50:04 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-09-10 02:50:02 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-09-10 02:50:01 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-09-10 02:49:57 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-09-10 02:49:56 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-09-10 02:46:36 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-09-10 02:46:36 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-09-10 02:46:29 642944 ----a-w- C:\Windows\System32\winload.efi
2013-09-10 02:46:29 605552 ----a-w- C:\Windows\System32\winload.exe
2013-09-10 02:46:29 566208 ----a-w- C:\Windows\System32\winresume.efi
2013-09-10 02:46:29 518672 ----a-w- C:\Windows\System32\winresume.exe
2013-09-10 02:46:29 20352 ----a-w- C:\Windows\System32\kdusb.dll
2013-09-10 02:46:29 19328 ----a-w- C:\Windows\System32\kd1394.dll
2013-09-10 02:46:29 17792 ----a-w- C:\Windows\System32\kdcom.dll
2013-09-10 02:46:23 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-09-10 02:46:23 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-09-10 02:46:04 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-09-10 02:45:55 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-09-10 02:45:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-09-10 02:45:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2013-09-10 02:45:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2013-09-10 02:45:05 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2013-09-10 02:45:05 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2013-09-10 02:45:05 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2013-09-10 02:43:23 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-09-10 02:43:19 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-09-10 02:43:15 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-10 02:43:15 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-10 02:43:15 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-09-10 02:43:15 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-09-10 02:43:11 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-09-10 02:43:11 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-09-10 02:41:45 77312 ----a-w- C:\Windows\System32\packager.dll
2013-09-10 02:41:45 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-09-10 02:13:38 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-10 00:59:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-09-10 00:59:23 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-09-10 00:59:23 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-09-10 00:49:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-10 00:49:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-10 00:48:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-10 00:48:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-09 21:46:20 -------- d-----w- C:\Users\Savo\.swt
2013-09-09 21:45:37 -------- d-----w- C:\Users\Savo\AppData\Roaming\Azureus
2013-09-09 21:26:54 -------- d-----w- C:\Windows\Panther
2013-09-09 20:11:06 -------- d-----w- C:\Users\Savo\AppData\Local\Razer
2013-09-09 19:59:00 -------- d-----w- C:\Users\Savo\AppData\Roaming\Malwarebytes
2013-09-09 19:58:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-09 19:58:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-09 19:58:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 19:57:46 -------- d-----w- C:\Users\Savo\AppData\Local\Programs
2013-09-09 19:47:58 -------- d-----w- C:\Users\Savo\AppData\Local\Google
2013-09-09 19:47:43 -------- d-----w- C:\Users\Savo\AppData\Local\Apps
2013-09-09 19:47:42 -------- d-----w- C:\Users\Savo\AppData\Local\Deployment
2013-09-09 19:45:28 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-09-09 19:45:25 -------- d-----w- C:\Program Files (x86)\Realtek
2013-09-09 19:29:46 -------- d-----w- C:\Program Files (x86)\ASUS
2013-09-09 19:29:14 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-09-09 19:29:07 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll
2013-09-09 19:28:17 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-09-09 19:28:12 1614440 ----a-w- C:\Windows\System32\nvdispco642090.dll
2013-09-09 19:28:12 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll
2013-09-09 19:27:52 67176 ----a-w- C:\Windows\System32\OpenCL.dll
2013-09-09 19:27:52 57960 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-09-09 19:27:07 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2013-09-09 19:26:47 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-09-09 19:26:16 -------- d-sh--w- C:\Windows\Installer
2013-08-29 04:29:54 796672 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2013-08-25 12:01:00 -------- d-----w- C:\Games
.
==================== Find3M ====================
.
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-10 07:04:34 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-21 07:34:32 141496 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2013-08-20 08:41:58 33464 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys
2013-08-20 08:41:56 30904 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys
2013-08-20 08:35:02 57344 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2013-08-20 08:35:02 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2013-08-20 08:34:58 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2013-08-20 08:34:56 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2013-08-12 23:10:26 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-08-12 03:34:36 268435456 --sha-w- C:\swapfile.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-06 18:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 12:44:23 154424 ----a-w- C:\Volumeid.exe
.
============= FINISH: 17:45:34.10 ===============

And Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2013 1:42:25 PM
System Uptime: 9/23/2013 5:33:51 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 1683/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1719.429 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Service:
.
Class GUID:
Description:
Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Manufacturer:
Name:
PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Service:
.
==== System Restore Points ===================
.
RP43: 9/19/2013 6:24:25 PM - Installed iTunes
RP44: 9/21/2013 1:17:17 AM - Installed DirectX
RP45: 9/21/2013 11:07:37 PM - Windows Update
RP46: 9/22/2013 6:09:48 PM - Installed DirectX
RP47: 9/23/2013 1:10:13 AM - Installed Microsoft Visual C++ 2005 Redistributable (x64)
RP48: 9/23/2013 1:11:09 AM - Installed League of Legends
RP49: 9/23/2013 1:11:41 AM - Installed DirectX
.
==== Installed Programs ======================
.
Tools for .Net 3.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS nVidia Driver
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Bonjour
CCleaner
Cheat Engine 6.3
CMake 2.8, a cross-platform, open-source build system
CodeBlocks
DAEMON Tools Lite
Dotfuscator and Analytics Community Edition
Entity Framework Designer for Visual Studio 2012 - enu
Git Extensions 2.33
Git version 1.7.10-preview20120409
Google Chrome
Google Update Helper
Grand Theft Auto IV
GTA IV Vehicle Mod Installer v1.2
HeidiSQL 8.0.0.4396
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
Hotspot Shield 3.13
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
iTunes
Java 7 Update 40
Java 7 Update 40 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 40 (64-bit)
KDiff3 (remove only)
League of Legends
LocalESPC
LocalESPCui for en-us
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft NuGet - Visual Studio 2012
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 326.01
NVIDIA 3D Vision Driver 327.23
NVIDIA Control Panel 327.23
NVIDIA Graphics Driver 327.23
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenSSL 1.0.1e (32-bit)
PreEmptive Analytics Visual Studio Components
PremiumSoft Navicat Premium 11.0
Prerequisites for SSDT
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Recuva
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Skype Click to Call
Skype™ 6.7
Sql Server Customer Experience Improvement Program
Steam
Update for (KB2504637)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 5.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/22/2013 8:33:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/22/2013 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/22/2013 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/22/2013 8:33:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/22/2013 8:33:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/22/2013 8:33:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/22/2013 8:29:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache HssDRV6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2013 8:29:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2013 8:09:49 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
9/22/2013 8:02:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:02:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2013 8:01:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
9/22/2013 7:41:15 PM, Error: mbamchameleon [61703] -
9/19/2013 9:28:15 PM, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================

Maniac · September 23, 2013

No, it is okay.

Step 1

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

Note: Don't fix anything without my instructions

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
RogueKiller log

Jake91 · September 23, 2013

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Savo :: SAVO-PC [administrator]

Protection: Enabled

9/23/2013 9:46:06 PM
mbam-log-2013-09-23 (21-46-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246934
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RogueKiller V8.6.12 [sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Savo [Admin rights]
Mode : Scan -- Date : 09/23/2013 21:52:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] e131ddafdd496b4c9d9d80e824760d4e
[bSP] 49627ef12547e524ce72a19773e021d0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09232013_215244.txt >>
RKreport[0]_S_09232013_215136.txt

I've also encounted two more svchost.exe blocks by mb

Maniac · September 23, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Jake91 · September 23, 2013

I got instant errors apon starting it up and this was one of them, i didnt want to ignore it because i don't know what it would do.

Maniac · September 23, 2013

Okay, cancel it, download a new fresh copy and run it as administrator.

Jake91 · September 24, 2013

If i click ok it tells me it cant create that file.

Maniac · September 24, 2013

But do you have option to proceed?

Jake91 · September 24, 2013

I've completed the scan but got this half way through it which looks quite ODD

And error saving C;/Combofix/System and a couple of others like Software, Default, Security, SAM, NTUSER.DAT, USRCLASS.dat

here's the log

ComboFix 13-09-23.02 - Savo 09/25/2013 5:44.1.4 - x64
Running from: c:\users\Savo\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Savo\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-08-24 to 2013-09-24 )))))))))))))))))))))))))))))))
.
.
2013-09-24 19:51 . 2013-09-24 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 05:48 . 2013-09-24 05:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66E87B1D-39C3-4F1A-A36A-301D4C3A7D10}\offreg.dll
2013-09-23 16:45 . 2013-09-23 16:45 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-09-23 15:06 . 2013-09-23 15:06 -------- d-s---w- c:\programdata\Shared Space
2013-09-23 15:05 . 2013-09-23 15:05 -------- d-----w- c:\program files\COMODO
2013-09-23 15:05 . 2013-09-23 15:17 -------- d-----w- c:\programdata\COMODO
2013-09-23 15:05 . 2013-09-23 15:05 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-09-23 15:05 . 2013-09-23 15:05 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-09-23 15:05 . 2013-09-23 15:05 -------- d-----w- c:\program files (x86)\Comodo
2013-09-23 15:05 . 2013-09-23 15:05 -------- d-----w- c:\programdata\Comodo Downloader
2013-09-23 14:56 . 2013-09-23 14:56 -------- d-----w- c:\programdata\Hi-Rez Studios
2013-09-23 14:56 . 2013-09-23 15:06 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2013-09-22 15:12 . 2008-07-11 22:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-09-22 15:12 . 2008-07-11 22:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-09-22 15:11 . 2008-07-11 22:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-09-22 15:11 . 2013-09-22 15:11 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-09-22 15:10 . 2013-09-22 15:10 -------- d-----w- c:\program files (x86)\Pando Networks
2013-09-21 13:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-21 13:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-09-21 13:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-21 13:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-21 13:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-21 13:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-21 13:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-21 13:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-21 13:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-20 06:42 . 2013-09-20 06:42 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-20 06:36 . 2013-09-20 06:36 -------- d-----w- C:\NVIDIA
2013-09-20 06:34 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66E87B1D-39C3-4F1A-A36A-301D4C3A7D10}\mpengine.dll
2013-09-19 08:47 . 2013-09-19 08:47 -------- d-----w- c:\programdata\clone.AD
2013-09-19 08:26 . 2012-08-21 03:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-09-19 08:26 . 2013-09-19 08:26 -------- dc----w- c:\windows\system32\DRVSTORE
2013-09-19 08:24 . 2013-09-19 08:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 08:24 . 2013-09-19 08:26 -------- d-----w- c:\program files (x86)\iTunes
2013-09-19 08:24 . 2013-09-19 08:24 -------- d-----w- c:\program files\iPod
2013-09-19 08:24 . 2013-09-19 08:26 -------- d-----w- c:\program files\iTunes
2013-09-19 08:24 . 2013-09-19 08:24 -------- d-----w- c:\programdata\Apple Computer
2013-09-19 08:24 . 2013-09-19 08:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-09-19 08:23 . 2013-09-19 08:23 -------- d-----w- c:\program files\Common Files\Apple
2013-09-19 08:23 . 2013-09-19 08:23 -------- d-----w- c:\program files\Bonjour
2013-09-19 08:23 . 2013-09-19 08:23 -------- d-----w- c:\program files (x86)\Bonjour
2013-09-19 08:23 . 2013-09-19 08:24 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-09-19 08:23 . 2013-09-19 08:24 -------- d-----w- c:\programdata\Apple
2013-09-18 13:04 . 2013-09-18 15:16 -------- d-----w- c:\program files (x86)\v1.2
2013-09-18 09:30 . 2013-09-18 09:30 -------- d-sh--w- c:\programdata\SecuROM
2013-09-18 08:47 . 2013-09-18 08:47 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-18 08:46 . 2013-09-18 08:46 -------- d-----w- c:\windows\SysWow64\xlive
2013-09-18 08:46 . 2013-09-18 08:46 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-09-17 02:39 . 2013-09-17 02:39 973736 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-17 02:39 . 2013-09-17 02:39 312744 ----a-w- c:\windows\system32\javaws.exe
2013-09-17 02:39 . 2013-09-17 02:39 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-17 02:39 . 2013-09-17 02:39 189352 ----a-w- c:\windows\system32\javaw.exe
2013-09-17 02:39 . 2013-09-17 02:39 189352 ----a-w- c:\windows\system32\java.exe
2013-09-17 02:39 . 2013-09-17 02:39 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-17 02:37 . 2013-09-17 02:39 -------- d-----w- c:\program files\Java
2013-09-16 07:19 . 2013-09-16 11:40 -------- d-----w- c:\programdata\Hotspot Shield
2013-09-16 07:19 . 2013-09-16 07:19 -------- d-----w- c:\users\fbwuser
2013-09-16 07:18 . 2013-09-16 07:20 -------- d-----w- c:\program files (x86)\Hotspot Shield
2013-09-16 07:18 . 2013-08-12 23:07 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-09-16 05:19 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2013-09-16 05:19 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2013-09-16 05:19 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2013-09-16 05:01 . 2013-03-06 04:39 1988096 ----a-w- c:\windows\system32\libmysql_e.dll
2013-09-16 05:01 . 2013-09-16 05:01 -------- d-----w- c:\program files\PremiumSoft
2013-09-16 01:47 . 2013-02-10 23:35 269824 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-09-16 01:47 . 2013-02-10 23:35 269824 ----a-w- c:\windows\SysWow64\libssl32.dll
2013-09-16 01:47 . 2013-02-10 23:35 1178624 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-09-16 01:35 . 2008-07-10 06:33 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2013-09-16 01:35 . 2008-07-10 06:33 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2013-09-16 01:31 . 2013-09-16 01:33 -------- d-----w- c:\programdata\Microsoft Help
2013-09-16 01:31 . 2013-09-16 01:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-09-16 01:31 . 2013-09-16 01:31 -------- d-----w- c:\program files\Microsoft SDKs
2013-09-16 01:31 . 2013-09-16 01:31 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-09-16 01:23 . 2013-09-16 01:23 -------- d-----w- c:\programdata\HeidiSQL
2013-09-16 01:23 . 2013-09-16 01:23 -------- d-----w- c:\program files (x86)\HeidiSQL
2013-09-16 01:18 . 2013-09-16 01:18 -------- d-----w- c:\program files (x86)\Git
2013-09-16 01:18 . 2013-09-16 01:18 -------- d-----w- c:\program files (x86)\KDiff3
2013-09-16 01:18 . 2013-09-16 01:18 -------- d-----w- c:\program files (x86)\CMake 2.8
2013-09-15 23:45 . 2013-09-15 23:45 -------- d-----r- c:\program files (x86)\Skype
2013-09-15 23:45 . 2013-09-15 23:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-15 23:45 . 2013-09-15 23:45 -------- d-----w- c:\programdata\Skype
2013-09-15 03:54 . 2013-09-15 03:54 -------- d-----w- c:\program files (x86)\CodeBlocks
2013-09-14 08:32 . 2013-09-14 08:32 -------- d-----w- c:\programdata\Oracle
2013-09-14 08:32 . 2013-09-14 08:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-14 08:31 . 2013-09-14 08:31 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-14 08:31 . 2013-09-14 08:31 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-14 08:31 . 2013-09-14 08:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-14 08:31 . 2013-09-14 08:31 -------- d-----w- c:\program files (x86)\Java
2013-09-14 08:31 . 2013-09-14 08:31 -------- d-----w- c:\programdata\McAfee
2013-09-14 01:35 . 2013-09-14 01:35 -------- d-----w- c:\program files (x86)\Cheat Engine 6.3
2013-09-12 21:56 . 2013-09-12 22:06 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-09-12 21:56 . 2013-09-22 15:10 -------- d-----w- c:\program files (x86)\Steam
2013-09-12 09:00 . 2013-09-12 09:00 -------- d-----w- c:\programdata\Steam
2013-09-12 05:37 . 2013-09-12 05:37 -------- d-----w- c:\program files\CCleaner
2013-09-11 22:25 . 2013-09-11 22:25 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-11 22:25 . 2013-09-11 22:25 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-09-11 22:24 . 2013-09-11 22:39 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-09-11 20:13 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 20:09 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-11 20:09 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-11 15:17 . 2013-09-11 15:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-11 02:15 . 2013-09-12 21:56 -------- d-----w- c:\program files\Recuva
2013-09-11 02:05 . 2009-09-04 07:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-09-11 01:23 . 2013-09-22 09:35 -------- d--h--w- c:\programdata\Common Files
2013-09-10 19:24 . 2013-09-12 08:58 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-10 19:24 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-09-10 19:24 . 2013-06-21 12:06 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-09-10 19:24 . 2013-06-21 12:06 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-09-10 19:11 . 2013-09-10 19:11 -------- d-----w- c:\windows\SysWow64\Wat
2013-09-10 19:11 . 2013-09-10 19:11 -------- d-----w- c:\windows\system32\Wat
2013-09-10 07:12 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-10 07:12 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-10 07:12 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-09-10 07:12 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-10 07:04 . 2013-09-10 07:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-10 06:57 . 2013-09-22 10:06 -------- d-----w- c:\users\UpdatusUser
2013-09-10 06:56 . 2013-09-11 22:06 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-10 06:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-09-10 06:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-09-10 06:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-09-10 06:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-09-10 06:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-09-10 06:27 . 2013-09-22 09:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-10 05:14 . 2013-09-10 05:31 2489504 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-09-10 05:11 . 2013-09-10 05:11 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 08:58 . 2013-02-25 14:32 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2013-02-25 14:32 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-02-25 14:32 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-02-25 14:32 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 07:25 . 2011-03-23 14:53 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2011-03-23 14:52 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2011-03-23 14:53 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2011-03-23 14:53 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2011-03-23 14:53 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-08-21 07:34 . 2013-08-21 07:34 141496 ----a-w- c:\windows\system32\drivers\rzudd.sys
2013-08-20 08:41 . 2013-08-20 08:41 33464 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys
2013-08-20 08:41 . 2013-08-20 08:41 30904 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys
2013-08-20 08:35 . 2013-08-20 08:35 57344 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2013-08-20 08:35 . 2013-08-20 08:35 154112 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2013-08-20 08:34 . 2013-08-20 08:34 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2013-08-20 08:34 . 2013-08-20 08:34 296448 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2013-08-12 23:10 . 2013-08-12 23:10 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-08-06 18:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-11 20:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 20:59 . 2013-06-18 06:16 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-08-15 606040]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-09-17 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-9-19 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 00:53 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 19:48]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 19:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{0802C297-C1B9-4221-8D89-88089E8B2F17}: NameServer = 156.154.70.22,156.154.71.22
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
Completion time: 2013-09-25 05:54:24
ComboFix-quarantined-files.txt 2013-09-24 19:54
.
Pre-Run: 1,847,679,901,696 bytes free
Post-Run: 1,847,803,490,304 bytes free
.
- - End Of File - - 2765A283487F312EEEF429069B2296C0
A36C5E4F47E84449FF07ED3517B43A31

and then something about ncvire or something hasnt got enough memory to run.

Maniac · September 25, 2013

Please manually delete ComboFix, download a new fresh one and re-run it into Safe mode with Networking.

http://windows.microsoft.com/en-US/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7

Jake91 · September 27, 2013

I started it with "Safe mode and networking options" and i couldnt find the ComboFix or any of my programs.

AdvancedSetup · October 3, 2013

Sorry for the delay, did you still need help?

AdvancedSetup · October 7, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Attach.txt & text.txt for you guys!

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information