Author Topic: EAccess Violation error !!  (Read 56730 times)

0 Members and 1 Guest are viewing this topic.

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
EAccess Violation error !!
« on: July 23, 2012, 10:43:12 pm »
Dont know why but suddenly I started getting this EAccess Violation error in few software !! I am posting the image. This came while I tried to open Kaspersky Password Manager !! Except KPM, few other software also giving me this error !!


Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #1 on: July 24, 2012, 05:55:30 pm »
Might be an infection, so lets check that first.

Download tdsskiller.exe and malwarebytes

If you are able to run them have them both scan your system and let me know how it goes :wink:

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #2 on: July 25, 2012, 12:49:02 am »
Might be an infection, so lets check that first.

Download tdsskiller.exe and malwarebytes

If you are able to run them have them both scan your system and let me know how it goes :wink:

Shane

Mr. Shane

I downloaded tdsskiller.exe and malwarebytes. tdsskiller couldnot find anything but malwarebytes delete 3 things.. posting malwarebytes logs:-

Code: [Select]
Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{12F02779-6D88-4958-8AD3-83C12D86ADC7} (Fake.Dropped.Malware) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windupdt\winupdate.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

but sir, problem is still there !!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #3 on: July 25, 2012, 03:33:39 pm »
Ok so looks like your system is clean.

IS KasperskyPasswordManager (stpass.exe) the only one giving you the error?

Also do you know how to check if DEP is enabled on your system?
http://windows.microsoft.com/en-us/windows-vista/change-data-execution-prevention-settings

but make sure it is set to the first option and not the 2nd.

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #4 on: July 26, 2012, 06:45:42 am »
Ok so looks like your system is clean.

IS KasperskyPasswordManager (stpass.exe) the only one giving you the error?

Also do you know how to check if DEP is enabled on your system?
http://windows.microsoft.com/en-us/windows-vista/change-data-execution-prevention-settings

but make sure it is set to the first option and not the 2nd.

Shane

sir,

I just checked...the first option is enabled !!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #5 on: July 26, 2012, 10:37:02 am »
OK so we know it isnt DEP and it isnt an infection. :cheesy:

What other programs give this error or is it only that one?

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #6 on: July 26, 2012, 10:08:39 pm »
OK so we know it isnt DEP and it isnt an infection. :cheesy:

What other programs give this error or is it only that one?

Shane

the other soft which gave me this kind of error is... SPEEDbit Video Accelerator  ..except these two...no other is giving me this error !!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #7 on: July 26, 2012, 10:40:27 pm »
If no other program is giving these errors then I think it is something more with those programs and not your system :wink:

I wonder if these two programs need a runtime file installed.

Have you check Kaspersky for this error yet?

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #8 on: July 27, 2012, 08:06:42 am »
If no other program is giving these errors then I think it is something more with those programs and not your system :wink:

I wonder if these two programs need a runtime file installed.

Have you check Kaspersky for this error yet?

Shane

I asked kaspersky for this help..but its been 5-6 months..they aint replying !!  :shocked: :shocked:

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #9 on: July 27, 2012, 03:29:50 pm »
Looks like they have seen the problem before.

http://forum.kaspersky.com/lofiversion/index.php/t231095.html

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #10 on: July 27, 2012, 11:18:39 pm »
sir,

got this problem in another software.. tuneup utilities..


While I tried to start "increase performance"..I got this error:-

  :cry: :cry:

-----------OMG-----------now ...i cant even start tuneup utilities !!


DO YOU THINK ITS VIRUS? I am running Norton 360 v6 though !!
« Last Edit: July 27, 2012, 11:24:10 pm by debkol35 »

Offline chris635

  • Sr. Member
  • ****
  • Join Date: Nov 2011
  • Posts: 442
  • Location: USA
  • Karma: 11
    • View Profile
Re: EAccess Violation error !!
« Reply #11 on: July 28, 2012, 03:53:46 pm »
I have seen this before on one of my laptops after I installed SPEEDbit. Luckily for me I uninstalled it and the problem went away. May not help, but it's worth a try.



Chris
Physical Science Technician
Avid Motorcyclist

Have a nice day - Chris

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #12 on: July 29, 2012, 01:09:34 am »
I have seen this before on one of my laptops after I installed SPEEDbit. Luckily for me I uninstalled it and the problem went away. May not help, but it's worth a try.



Chris

Have removed SPEEDbit long time ago !! still same !!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #13 on: July 30, 2012, 12:43:58 pm »
Quote
What Is an eAccess Violation?

Function

    The EAccess violation keeps a program on your computer from accessing invalid memory. There may have been some loophole that allowed malicious software to harm your computer that was patched up in a Windows update. While it is a good thing that they are patching these loopholes, it can be confusing to the user as all they will see on their end is the EAccess violation.

Prevention/Solution

    You can help prevent these kind of errors from occurring by updating your device drivers after formatting and reinstalling your operating system or installing a Windows service pack. Always install the latest service pack BEFORE going through and updating your device drivers. Be conscious of when and what you are doing when you first receive an error like this. You may need this information to tell a service representative if you cannot solve the problem.

Speculation

    It seems as this is most frequently caused by the Realtek on-board audio drivers that come with motherboards. Most people have found a fix by double-checking that they had installed the latest Realtek audio device drivers.

    Other people have been receiving problems with their network cards. Make sure your drivers are updated. if this does not work, try contacting the manufacturer of your network card.

Warning

    Make sure you have tried to uninstall then reinstall the latest drivers before you get too hasty and try to reinstall Windows or format your hard drive.

    Make sure you are installing the correct drivers. Sometimes people just keep reinstalling their motherboard drivers when they need to download their audio drivers separately. Also, make sure you are downloading the correct audio drivers for your specific motherboard. If you have a KD1100 motherboard, make sure you are downloading for the KD1100 motherboard and not, for instance, the KD1000KS motherboard.

Next thing to check is your device drivers. Sound and video to start with :wink:

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #14 on: August 02, 2012, 09:36:51 am »
Quote
What Is an eAccess Violation?

Function

    The EAccess violation keeps a program on your computer from accessing invalid memory. There may have been some loophole that allowed malicious software to harm your computer that was patched up in a Windows update. While it is a good thing that they are patching these loopholes, it can be confusing to the user as all they will see on their end is the EAccess violation.

Prevention/Solution

    You can help prevent these kind of errors from occurring by updating your device drivers after formatting and reinstalling your operating system or installing a Windows service pack. Always install the latest service pack BEFORE going through and updating your device drivers. Be conscious of when and what you are doing when you first receive an error like this. You may need this information to tell a service representative if you cannot solve the problem.

Speculation

    It seems as this is most frequently caused by the Realtek on-board audio drivers that come with motherboards. Most people have found a fix by double-checking that they had installed the latest Realtek audio device drivers.

    Other people have been receiving problems with their network cards. Make sure your drivers are updated. if this does not work, try contacting the manufacturer of your network card.

Warning

    Make sure you have tried to uninstall then reinstall the latest drivers before you get too hasty and try to reinstall Windows or format your hard drive.

    Make sure you are installing the correct drivers. Sometimes people just keep reinstalling their motherboard drivers when they need to download their audio drivers separately. Also, make sure you are downloading the correct audio drivers for your specific motherboard. If you have a KD1100 motherboard, make sure you are downloading for the KD1100 motherboard and not, for instance, the KD1000KS motherboard.

Next thing to check is your device drivers. Sound and video to start with :wink:

Shane

every device drivers. Sound and video all are updated to latest drivers !!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #15 on: August 02, 2012, 10:46:53 am »
If you go into Windows safe mode and try to run any of the programs that gives the error, do they also give the error in safe mode?

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #16 on: August 02, 2012, 11:22:22 pm »
If you go into Windows safe mode and try to run any of the programs that gives the error, do they also give the error in safe mode?

Shane

I just try it. but same error in the safe mode also.  :cry: :cry: :cry: :cry:

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #17 on: August 03, 2012, 11:19:24 am »
I forgot to have you run combofix.exe

http://www.bleepingcomputer.com/download/combofix/

Run it and reboot and see how things go :wink:

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #18 on: August 03, 2012, 11:23:20 pm »
I forgot to have you run combofix.exe

http://www.bleepingcomputer.com/download/combofix/

Run it and reboot and see how things go :wink:

Shane

still same....here is the log:-

Code: [Select]
ComboFix 12-08-04.02 - Debojit 08/04/2012  111401.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3062.1744 [GMT 5.5:30]
Running from: F:\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Debojit\AppData\Roaming\chrtmp
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\tmp2BF0.tmp
c:\windows\system32\tmp394A.tmp
c:\windows\system32\tmp3989.tmp
c:\windows\system32\uninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-04 to 2012-08-04  )))))))))))))))))))))))))))))))
.
.
2012-08-04 05:51 . 2012-08-04 05:54 -------- d-----w- c:\users\Debojit\AppData\Local\temp
2012-08-04 05:51 . 2012-08-04 05:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-04 05:51 . 2012-08-04 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 05:50 . 2012-08-04 05:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FBE6022-55E2-41F5-B74E-36F4C54F34E2}\offreg.dll
2012-08-03 15:04 . 2012-08-03 15:04 -------- d-----w- c:\users\Debojit\AppData\Roaming\Thinstall
2012-08-03 14:46 . 2012-08-03 14:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-03 06:18 . 2012-08-03 06:18 -------- d-----w- c:\program files\Kaspersky Lab
2012-08-02 14:02 . 2012-08-02 14:49 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2012-08-02 09:16 . 2012-08-02 19:40 -------- d-----w- c:\program files\Unlocker
2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\Debojit\AppData\Local\VS Revo Group
2012-08-02 06:43 . 2012-08-02 06:43 -------- d-----w- c:\users\Debojit\AppData\Roaming\PC Tools Performance Toolkit
2012-08-02 06:40 . 2011-10-25 13:17 128120 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2012-08-02 06:40 . 2011-10-25 13:17 108864 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2012-08-02 06:40 . 2011-10-25 13:16 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-08-02 06:40 . 2011-07-26 11:45 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-08-02 06:40 . 2008-04-02 11:24 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-08-02 06:40 . 2008-04-02 11:23 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-08-02 06:40 . 2008-04-02 11:23 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-08-02 06:40 . 2012-08-02 06:40 -------- d-----w- c:\program files\Common Files\PC Tools
2012-08-02 06:40 . 2011-10-25 13:17 512480 ----a-w- c:\windows\system32\msxml.dll
2012-08-02 06:40 . 2008-09-17 16:47 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-08-02 06:40 . 2012-08-03 17:48 -------- d-----w- c:\program files\PC Tools Utilities
2012-08-02 06:40 . 2012-08-02 06:40 -------- d-----w- c:\programdata\PC Tools
2012-08-02 06:20 . 2012-08-02 06:20 -------- d-----w- c:\windows\system32\Adobe
2012-08-01 16:15 . 2012-08-04 05:51 -------- d-----w- c:\users\Debojit\AppData\Roaming\DMCache
2012-08-01 05:25 . 2012-08-01 05:25 -------- d-----w- c:\users\Debojit\MW3Download
2012-07-31 17:52 . 2012-07-31 17:52 -------- d-----w- c:\program files\CBS Software
2012-07-31 16:30 . 2012-07-15 21:11 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FBE6022-55E2-41F5-B74E-36F4C54F34E2}\mpengine.dll
2012-07-30 20:20 . 2012-05-04 14:02 639088 ----a-w- c:\windows\system32\VIASysFx.dll
2012-07-30 20:20 . 2012-05-04 14:02 86128 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2012-07-30 20:20 . 2012-05-04 14:02 191600 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2012-07-30 20:20 . 2012-05-04 14:02 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2012-07-30 20:20 . 2012-05-04 14:02 106608 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2012-07-30 20:20 . 2012-05-04 14:02 1021552 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2012-07-30 20:20 . 2012-05-04 14:02 82544 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2012-07-30 20:20 . 2012-05-04 14:02 218224 ----a-w- c:\windows\system32\Dts2APO.dll
2012-07-30 19:54 . 2012-07-30 20:20 -------- d-----w- c:\windows\LastGood.Tmp
2012-07-30 19:53 . 2012-04-11 19:00 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-07-30 19:53 . 2012-04-11 19:00 543336 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-07-28 05:13 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-28 05:13 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-28 05:13 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-28 05:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-28 05:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-28 04:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-28 04:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-07-28 04:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-28 04:38 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-07-28 04:38 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-28 04:38 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-28 04:38 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-28 04:38 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-28 04:38 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-28 04:38 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-28 04:38 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-28 04:38 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-07-27 16:14 . 2012-07-27 16:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-07-27 14:20 . 2012-07-27 14:20 123904 ----a-w- c:\windows\system32\dfrgui.dll
2012-07-27 14:04 . 2012-07-27 14:04 38912 ----a-w- c:\windows\system32\dfrgsnap.dll
2012-07-26 13:33 . 2012-07-26 13:33 -------- d-----w- c:\program files\Oracle
2012-07-26 13:32 . 2012-07-05 16:36 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-24 05:32 . 2012-07-24 05:32 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-07-19 16:24 . 2012-07-19 16:24 -------- d-----w- c:\programdata\ZoomBrowser
2012-07-19 16:23 . 2012-07-19 16:28 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-07-19 15:30 . 2012-07-19 15:30 -------- d-----w- c:\users\Debojit\AppData\Roaming\Canon
2012-07-19 15:30 . 2012-07-27 03:12 -------- d-----w- c:\programdata\PhotoStitch
2012-07-19 13:17 . 2012-07-19 13:17 -------- d-----w- c:\users\Debojit\AppData\Roaming\CANON INC
2012-07-19 13:13 . 2012-07-28 13:24 -------- d-----w- c:\users\Debojit\AppData\Roaming\ZoomBrowser EX
2012-07-19 13:08 . 2012-07-19 16:28 -------- d-----w- c:\program files\Canon
2012-07-19 13:06 . 2012-07-19 16:23 -------- d-----w- c:\program files\Common Files\Canon
2012-07-17 08:24 . 2012-07-17 08:24 -------- d-----w- c:\programdata\Babylon
2012-07-15 18:43 . 2012-07-15 18:43 1199504 ----a-w- c:\windows\PE_File.dll
2012-07-14 08:05 . 2012-08-02 08:38 -------- d-----w- c:\users\Administrator
2012-07-13 07:19 . 2012-07-13 07:19 -------- d-----w- c:\programdata\ATI
2012-07-13 07:19 . 2012-07-13 07:19 -------- d-----w- c:\programdata\AMD
2012-07-13 07:19 . 2012-07-13 07:19 -------- d-----w- c:\program files\AMD AVT
2012-07-13 07:19 . 2012-07-13 07:19 -------- d-----w- c:\program files\AMD APP
2012-07-13 06:36 . 2012-07-19 19:50 1133968 ----a-w- c:\windows\PE_Rom.dll
2012-07-12 18:18 . 2012-07-12 18:18 -------- d-----w- c:\users\Debojit\AppData\Roaming\ATI
2012-07-12 18:18 . 2012-07-12 18:18 -------- d-----w- c:\users\Debojit\AppData\Local\ATI
2012-07-12 18:17 . 2012-07-12 18:17 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-12 18:15 . 2012-07-12 18:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-12 18:14 . 2012-07-12 18:14 -------- d-----w- c:\program files\ATI
2012-07-12 18:14 . 2012-07-13 07:19 -------- d-----w- c:\program files\ATI Technologies
2012-07-12 18:09 . 2010-12-20 12:38 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-07-12 18:09 . 2012-07-12 18:09 -------- d-----w- c:\program files\Common Files\postureAgent
2012-07-12 18:08 . 2010-10-19 11:03 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2012-07-12 18:07 . 2012-04-11 19:00 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-07-12 18:06 . 2012-05-04 14:02 2330224 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2012-07-12 18:06 . 2012-05-04 14:02 1832560 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2012-07-12 18:06 . 2011-06-08 10:19 76288 ----a-w- c:\windows\system32\nQPropPageExt.dll
2012-07-12 18:06 . 2011-06-08 10:19 73728 ----a-w- c:\windows\system32\nQAPO.dll
2012-07-12 18:06 . 2012-07-12 18:06 -------- d-----w- c:\program files\VIA
2012-07-12 16:34 . 2012-07-12 16:35 -------- d-----w- c:\program files\ASUS E-Green
2012-07-12 16:16 . 2008-12-02 14:35 184320 ----a-w- c:\windows\system32\drivers\UpdateHelper.dll
2012-07-12 16:15 . 2012-07-12 16:15 -------- d-----w- c:\programdata\ASUS
2012-07-12 16:15 . 2008-01-04 05:34 11832 ------w- c:\windows\system32\drivers\AsInsHelp64.sys
2012-07-12 16:14 . 2011-06-15 13:11 33056 ----a-r- c:\windows\system32\drivers\RtNdPt60.sys
2012-07-11 06:03 . 2012-07-11 06:05 -------- d-----w- c:\windows\vbSkinner
2012-07-11 05:46 . 2012-07-11 05:46 -------- d-----w- c:\users\Debojit\AppData\Local\APN
2012-07-10 20:37 . 2012-07-18 14:18 -------- d-----w- c:\users\Debojit\AppData\Roaming\Foxit Software
2012-07-10 20:35 . 2012-07-10 20:35 -------- d-----w- c:\program files\Foxit Software
2012-07-06 18:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-06 18:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-06 18:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-06 18:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-06 18:17 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-06 18:17 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-06 18:17 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-06 18:17 . 2012-06-02 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-06 18:17 . 2012-06-02 09:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-06 13:46 . 2009-07-04 08:17 11776 ----a-w- c:\windows\system32\rtl120.bpl
2012-07-06 13:38 . 2012-07-06 13:38 -------- d--h--w- c:\programdata\Common Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 06:25 . 2012-03-31 04:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 06:25 . 2011-06-03 06:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 16:36 . 2010-07-23 19:43 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-04-06 02:03 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-04-06 01:53 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2011-04-06 01:22 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-04-06 01:20 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-04-06 01:20 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-11 08:20 . 2012-06-11 08:20 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 08:20 . 2012-06-11 08:20 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 08:20 . 2012-06-11 08:20 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 08:19 . 2012-06-11 08:19 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 08:18 . 2012-06-11 08:18 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-14 20:51 . 2012-05-14 20:51 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-10 11:05 . 2012-05-10 11:05 29184 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-01-24 08:20 . 2012-03-09 13:03 265120 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
2012-07-14 00:17 . 2012-08-03 14:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-03 05:41 819200 --sha-w- c:\windows\System32\xvidcore.dll
2010-08-03 05:41 180224 --sha-w- c:\windows\System32\xvidvfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedConnectStartUp"="c:\program files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe" [2010-10-17 602112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-09 3491264]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-08-02 1517296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnugTV Quick Start.lnk]
backup=c:\windows\pss\SnugTV Quick Start.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bywifi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Download Manager{NBRT35-B23-4abb-B07C-C084B04B4F12}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PretonClient
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRSHDAudioLab
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX121 Series]
2009-09-14 08:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGGI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2012-06-09 20:17 3491264 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2011-10-25 13:16 103904 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
R1 MpKsl2f0aeb17;MpKsl2f0aeb17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08A24BA3-E7B3-45F5-BE66-731F389D7CA5}\MpKsl2f0aeb17.sys [x]
R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [x]
R3 CEDRIVER55;CEDRIVER55;c:\program files\Cheat Engine\dbk32.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver; [x]
R3 cpuz130;cpuz130; [x]
R3 cpuz134;cpuz134;c:\users\Debojit\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 CSTDIDRV;CSTDIDRV; [x]
R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [x]
R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [x]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [x]
R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
R3 VGPU;VGPU; [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 MyEpson Portal Service;MyEpson Portal Service;c:\program files\EPSON\MyEpson Portal\mepService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SYMEFA.SYS [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120803.002\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
ipripsvc REG_MULTI_SZ    iprip
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 06:25]
.
2012-08-04 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-25 08:44]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-646914889-3400711377-546484241-1001Core.job
- c:\users\Debojit\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 09:25]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-646914889-3400711377-546484241-1001UA.job
- c:\users\Debojit\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 09:25]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-646914889-3400711377-546484241-1001Core.job
- c:\users\Debojit\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 11:31]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-646914889-3400711377-546484241-1001UA.job
- c:\users\Debojit\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-23 11:31]
.
2012-08-02 c:\windows\Tasks\Launch 1249.job
- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe [2012-08-02 14:49]
.
2012-08-03 c:\windows\Tasks\PTSchedule.job
- c:\program files\PC Tools Utilities\pt.exe [2012-08-02 13:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Debojit\AppData\Roaming\Mozilla\Firefox\Profiles\k5ffs16e.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-19295102.sys
SafeBoot-US30Sys.sys
MSConfigStartUp-pamela - (no file)
AddRemove-3D970B9F930E7AAE23C06D39A1AC98548C90B442 - c:\progra~1\DIFX\37C35FE1F6CAE763\Dpinst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-646914889-3400711377-546484241-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{073DEEDC-6736-E994-8E07-3AC21F92118B}*]
"abbhmcpnpkjhopkffpidkbpmhfnocjbinh"=hex:61,62,70,6a,6b,6d,65,6e,6f,61,6c,66,
   70,6c,6b,62,63,68,62,70,6a,66,64,6d,63,66,6c,6a,70,6e,6e,61,65,65,00,75
"bbbhmcpnpkjhopkffpddlbhihgbkjbpiodog"=hex:61,62,6b,6a,69,63,69,70,6e,6d,6b,65,
   6e,6c,70,68,61,6d,6a,63,67,64,65,62,69,6f,6f,69,67,69,69,6f,6a,6a,00,75
.
[HKEY_USERS\S-1-5-21-646914889-3400711377-546484241-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87EA8E4B-40A1-99A5-FE8C-F0E5B43AC4A9}*]
"hamdkgbfhfhaigcf"=hex:66,61,70,68,6a,6c,6f,6d,6a,6b,67,65,00,00
"iangedmhkkcjfecnnc"=hex:6a,61,62,69,62,6c,62,6d,70,6b,70,63,63,6d,66,69,62,68,
   67,66,00,00
"hahfkgmkkeldhodi"=hex:6a,61,62,69,62,6c,62,6d,70,6b,70,63,63,6d,66,69,62,68,
   67,66,00,00
.
[HKEY_USERS\S-1-5-21-646914889-3400711377-546484241-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAD082D2-75B1-FE90-E3DC-4B62588EDC91}*]
"maomihlhcjoiieilbgdegpaaej"=hex:6f,61,62,6a,6f,6f,6d,61,68,6c,68,66,61,64,63,
   6f,66,70,66,6f,6e,68,6d,68,61,65,62,62,69,6d,00,6c
"abblfhbmhgbnhpgfookcghjjnbihjakkoc"=hex:70,61,70,6d,64,69,63,61,69,67,66,67,
   6a,64,6f,66,66,67,68,6b,61,6a,66,6c,6c,6e,61,65,6d,62,61,6c,00,00
.
[HKEY_USERS\S-1-5-21-646914889-3400711377-546484241-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):32,eb,e5,7a,d1,6c,ce,59,81,40,07,8b,c0,10,9f,ca,c8,f0,ad,fc,ea,
   08,9d,b2,02,73,8b,03,dd,9d,c4,51,0c,eb,05,6c,51,eb,e9,56,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-646914889-3400711377-546484241-1001_Classes\CLSID\{e3edf1ae-0c4c-4c04-9faa-c5b28939740a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000142
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\psxss.exe
c:\windows\system32\taskhost.exe
c:\program files\Kodak\KODAK Share Button App\Listener.exe
c:\program files\ASUS\AI Suite II\AsRoutineController.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\AI Suite II\AI Suite II.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\sppsvc.exe
c:\program files\CBS Software\SpeedConnect Internet Accelerator\ShowNetworkActivity.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-04  11:28:03 - machine was rebooted
ComboFix-quarantined-files.txt  2012-08-04 05:58
.
Pre-Run: 6,446,448,640 bytes free
Post-Run: 6,957,703,168 bytes free
.
- - End Of File - - 470DEDE19A8B78D3BE72AD24C38E85A5

ComboFix-quarantined-files

Code: [Select]
2012-08-04 05:57:26 . 2012-08-04 05:57:26              998 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-3D970B9F930E7AAE23C06D39A1AC98548C90B442.reg.dat
2012-08-04 05:57:15 . 2012-08-04 05:57:15              766 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-pamela.reg.dat
2012-08-04 05:57:15 . 2012-08-04 05:57:15              278 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-US30Sys.sys.reg.dat
2012-08-04 05:57:15 . 2012-08-04 05:57:15              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-19295102.sys.reg.dat
2012-08-04 05:57:08 . 2012-08-04 05:57:08              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-08-04 05:49:15 . 2012-08-04 05:49:15              512 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2012-08-04 05:49:05 . 2012-08-04 05:49:05            9,889 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-04 05:42:16 . 2012-08-04 05:44:01               82 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-08-02 08:38:11 . 2012-08-02 08:38:11          262,144 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat.vir
2012-05-18 19:09:13 . 2012-05-18 19:09:13                0 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\DEBUG.log.vir
2011-12-26 07:26:37 . 2011-12-26 07:26:37               20 ----a-w-  C:\Qoobox\Quarantine\C\Windows\akebook.ini.vir
2011-12-26 07:26:37 . 2011-12-26 07:26:37                4 ----a-w-  C:\Qoobox\Quarantine\C\Windows\a3kebook.ini.vir
2011-12-26 07:26:37 . 2011-12-30 05:09:17               95 ----a-w-  C:\Qoobox\Quarantine\C\Windows\ANS2000.INI.vir
2011-12-11 11:25:25 . 2011-12-11 11:25:25           98,103 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\uninstall.exe.vir
2011-08-04 10:57:09 . 2011-04-15 23:40:18          809,496 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\tmp2BF0.tmp.vir
2011-08-04 10:57:08 . 2011-04-15 23:40:18          809,496 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\tmp3989.tmp.vir
2011-04-15 23:40:18 . 2011-04-15 23:40:18          809,496 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\tmp394A.tmp.vir
2011-03-29 19:05:31 . 2011-08-16 16:54:17           71,680 ----a-w-  C:\Qoobox\Quarantine\C\Users\Debojit\AppData\Roaming\chrtmp.vir
2011-02-17 10:19:06 . 2011-02-17 10:40:05              439 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.ics.vir
« Last Edit: August 03, 2012, 11:31:51 pm by debkol35 »

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #19 on: August 04, 2012, 01:53:11 pm »
I am running out of ideas on this one lol

Are you able to do Windows updates without any trouble? And if so do you have all the current updates?

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #20 on: August 04, 2012, 10:16:06 pm »
I am running out of ideas on this one lol

Are you able to do Windows updates without any trouble? And if so do you have all the current updates?

Shane

hahahhahaa....  :cheesy: :cheesy:yea...its kind of odd error !! My last windows update was done on 2th Aug, 2012 !! Having no problem with windows update  :tongue: :tongue:

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #21 on: August 04, 2012, 10:31:48 pm »
Well since Windows and its components seem to working fine then I have to say it is more with the programs that are having trouble.

Everything I have found point to it being sound drivers. You could try uninstalling the sound drivers as a test. But I am not sure it will do the trick :wink:

Shane

Offline debkol35

  • Newbie
  • *
  • Join Date: Jul 2012
  • Posts: 34
  • Karma: 0
    • View Profile
Re: EAccess Violation error !!
« Reply #22 on: August 06, 2012, 12:25:39 am »
Well since Windows and its components seem to working fine then I have to say it is more with the programs that are having trouble.

Everything I have found point to it being sound drivers. You could try uninstalling the sound drivers as a test. But I am not sure it will do the trick :wink:

Shane

nop..no luck !! screw kaspersky !! I am done :P

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: EAccess Violation error !!
« Reply #23 on: August 06, 2012, 11:54:37 am »
LOL

I use the free version of Avast myself. (With auto sandbox mode off and the web shield not installed) :wink:

Shane