Inactive Windows Defender

[Broni]

I just noticed that you have MSE installed. If that's still present leave Comodo off.

You didn't say how the computer is doing?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3640467946-2095350612-793949704-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\[USER=225518]Nexon[/USER].net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3640467946-2095350612-793949704-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3640467946-2095350612-793949704-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3640467946-2095350612-793949704-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3640467946-2095350612-793949704-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[patatepile]

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3640467946-2095350612-793949704-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Nexon.net/NxGame\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3640467946-2095350612-793949704-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3640467946-2095350612-793949704-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3640467946-2095350612-793949704-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3640467946-2095350612-793949704-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Momo
->Temp folder emptied: 33876 bytes
->Temporary Internet Files folder emptied: 6413264 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5023988 bytes
->Google Chrome cache emptied: 265295317 bytes
->Flash cache emptied: 747 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 264,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Momo
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Momo
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05112013_210157

Files\Folders moved on Reboot...
C:\Users\Momo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Momo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[patatepile]

Farbar Service Scanner Version: 14-04-2013
Ran by Momo (administrator) on 11-05-2013 at 21:07:58
Running from "C:\Users\Momo\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-13 19:54] - [2009-07-13 21:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[patatepile]

[FONT=Georgia]ESET found nothing![/FONT]

 

[Broni]

One more time...

You didn't say how the computer is doing?

I still need Security Check log.

Also, there is a problem with on of Windows Defender's files.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

:filefind
MpSvc.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[patatepile]

Computer is doing fine!
sorry about the security check, I forgot to post it...

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.169
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[patatepile]

And the log for systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 22:57 on 11/05/2013 by Momo
Administrator - Elevation successful

========== filefind ==========

Searching for "MpSvc.dll"
C:\Program Files\Microsoft Security Client\MpSvc.dll--a---- 1555920 bytes[16:36 27/01/2013][16:36 27/01/2013] (Unable to calculate MD5)
C:\Program Files\Windows Defender\MpSvc.dll--a---- 1011712 bytes[23:54 13/07/2009][01:41 14/07/2009] (Unable to calculate MD5)
C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll--a---- 1011712 bytes[23:54 13/07/2009][01:41 14/07/2009] (Unable to calculate MD5)

-= EOF =-

 

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Program Files\Microsoft Security Client\MpSvc.dll
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[patatepile]

Show hidden files, done!
Hide protected operating system files, unchecked!

uploading file fails:

[Window Title]
Open

[Content]
MpSvc.dll
You don’t have permission to open this file.

Contact the file owner or an administrator to obtain permission.

[OK]

 

[patatepile]

Hum... now the file is not there anymore! I see it in two different folders, but not this one anymore.

 

[Broni]

Re-run System Look one more time and post new log.

 

[patatepile]

SystemLook 30.07.11 by jpshortstuff
Log created at 13:05 on 12/05/2013 by Momo
Administrator - Elevation successful

========== filefind ==========

Searching for "MpSvc.dll"
C:\Program Files\Windows Defender\MpSvc.dll--a---- 1011712 bytes[23:54 13/07/2009][01:41 14/07/2009] (Unable to calculate MD5)
C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll--a---- 1011712 bytes[23:54 13/07/2009][01:41 14/07/2009] (Unable to calculate MD5)

-= EOF =-

 

[Broni]

Ok, things are getting little bit strange here.

Is your Microsoft Security Essentials (MSE) active and running?

 

[patatepile]

No, its dead.
Microsoft Security Essentials is dead
Windows defender is dead

[Window Title]
C:\Program Files\Microsoft Security Client\msseces.exe

[Content]
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

[OK]

 

[Broni]

OK, let me re-check something...

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
• Press Scan button.[/*]
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]

 

[patatepile]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01
Ran by Momo (administrator) on 12-05-2013 13:24:22
Running from C:\Users\Momo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Wargaming.net) C:\Games\World_of_Tanks\WorldOfTanks.exe
(BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Momo\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3603152 2013-04-15] (COMODO)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
Startup: C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com?fr=fp-comodo
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1ibnn5gt.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://ca.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://ca.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://mail.google.com/mail/u/0/?hl=fr&shva=1#inbox", "hxxp://horriblesubs.info/", "https://accesd.desjardins.com/en", "hxxp://www.mangapanda.com/", "https://can.mail.altusgroup.com/exchweb/bin/auth/owalogon.asp", "https://www.google.com/finance", "hxxp://www.accuweather.com/en/ca/quebec/g1r/daily-weather-forecast/50011?day=1", "https://extranet.videotron.com/serv.../Usage.do?lang=FRENCH&compteInternet=VLFVPBJT"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.4_0
CHR Extension: (AdBlock) - C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5784472 2013-04-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158928 2013-04-15] (COMODO)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-04-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [706560 2013-04-15] (COMODO)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-11-07] (Razer USA Ltd)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-11-07] (Razer USA Ltd)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-12 13:23 - 2013-05-12 13:23 - 01875978 ____A (Farbar) C:\Users\Momo\Desktop\FRST64.exe
2013-05-12 13:23 - 2013-05-12 13:23 - 00000000 ____D C:\FRST
2013-05-12 13:14 - 2013-05-12 13:14 - 337772909 ____A C:\Users\Momo\Desktop\[HorribleSubs] Suisei no Gargantia - 06 [720p].mkv
2013-05-12 08:21 - 2013-05-12 08:21 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-12 08:21 - 2013-05-12 08:21 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-12 08:21 - 2013-05-12 08:21 - 00000000 ____D C:\Program Files\COMODO
2013-05-11 22:55 - 2013-05-11 22:55 - 00890825 ____A C:\Users\Momo\Desktop\SecurityCheck.exe
2013-05-11 22:55 - 2013-05-11 22:55 - 00165376 ____A C:\Users\Momo\Desktop\SystemLook_x64.exe
2013-05-11 21:10 - 2013-05-11 21:10 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-11 21:09 - 2013-05-11 21:10 - 02347384 ____A (ESET) C:\Users\Momo\Desktop\esetsmartinstaller_enu.exe
2013-05-11 21:07 - 2013-05-11 21:07 - 00448512 ____A (OldTimer Tools) C:\Users\Momo\Desktop\TFC.exe
2013-05-11 21:07 - 2013-05-11 21:07 - 00354299 ____A (Farbar) C:\Users\Momo\Desktop\FSS.exe
2013-05-11 21:05 - 2013-05-11 21:05 - 00448512 ____A (OldTimer Tools) C:\Users\Momo\Downloads\TFC (1).exe
2013-05-11 21:05 - 2013-05-11 21:05 - 00354299 ____A (Farbar) C:\Users\Momo\Downloads\FSS (1).exe
2013-05-11 21:01 - 2013-05-11 21:01 - 00000000 ____D C:\_OTL
2013-05-11 21:00 - 2013-05-11 21:00 - 00890825 ____A C:\Users\Momo\Downloads\SecurityCheck.exe
2013-05-11 21:00 - 2013-05-11 21:00 - 00448512 ____A (OldTimer Tools) C:\Users\Momo\Downloads\TFC.exe
2013-05-11 21:00 - 2013-05-11 21:00 - 00354299 ____A (Farbar) C:\Users\Momo\Downloads\FSS.exe
2013-05-11 20:14 - 2013-05-11 20:14 - 00000000 ____D C:\Windows\ERUNT
2013-05-11 20:14 - 2013-05-11 20:14 - 00000000 ____D C:\JRT
2013-05-11 20:09 - 2013-05-11 20:09 - 00628743 ____A C:\Users\Momo\Desktop\adwcleaner.exe
2013-05-11 20:09 - 2013-05-11 20:09 - 00602112 ____A (OldTimer Tools) C:\Users\Momo\Desktop\OTL.exe
2013-05-11 20:09 - 2013-05-11 20:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Momo\Desktop\JRT.exe
2013-05-11 19:56 - 2013-05-11 20:01 - 00000000 ____D C:\ComboFix
2013-05-11 18:43 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-11 18:43 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-11 18:43 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-11 18:43 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-11 18:43 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-11 18:43 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-11 18:43 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-11 18:43 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-11 18:41 - 2013-05-11 20:01 - 00000000 ____D C:\Qoobox
2013-05-11 18:41 - 2013-05-11 19:46 - 00000000 ____D C:\Windows\erdnt
2013-05-11 18:41 - 2013-05-11 18:41 - 05068868 ____R (Swearware) C:\Users\Momo\Desktop\ComboFix.exe
2013-05-11 16:52 - 2013-05-11 16:52 - 00000000 ____D C:\Users\Momo\AppData\Roaming\WinRAR
2013-05-11 16:52 - 2013-05-11 16:52 - 00000000 ____D C:\Program Files\WinRAR
2013-05-11 16:17 - 2013-05-11 20:11 - 00006534 ____A C:\Windows\PFRO.log
2013-05-11 16:09 - 2013-05-12 13:17 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-11 16:09 - 2013-05-12 08:21 - 00000000 ____D C:\ProgramData\COMODO
2013-05-11 16:09 - 2013-05-11 16:09 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2013-05-11 16:09 - 2013-05-11 16:09 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-05-11 16:09 - 2013-05-11 16:09 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-05-11 16:08 - 2013-05-11 16:14 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-11 14:38 - 2013-05-12 08:27 - 00000616 ____A C:\Windows\setupact.log
2013-05-11 14:38 - 2013-05-11 14:38 - 00000000 ____A C:\Windows\setuperr.log
2013-05-11 14:31 - 2013-05-11 14:31 - 00000017 ____A C:\Users\Momo\AppData\Local\resmon.resmoncfg
2013-05-11 14:06 - 2013-05-11 14:06 - 00688992 ____R (Swearware) C:\Users\Momo\Desktop\dds.com
2013-05-10 16:41 - 2013-05-10 16:47 - 351481850 ____A C:\Users\Momo\Desktop\[HorribleSubs] Valvrave the Liberator - 05 [720p].mkv
2013-05-09 20:45 - 2013-05-09 20:57 - 342350861 ____A C:\Users\Momo\Desktop\[HorribleSubs] Majestic Prince - 06 [720p].mkv
2013-05-06 22:52 - 2013-05-06 22:55 - 344514055 ____A C:\Users\Momo\Desktop\[HorribleSubs] Shingeki no Kyojin - 05 [720p].mkv
2013-05-02 21:02 - 2013-05-02 21:02 - 00000000 ____D C:\CrashReport
2013-05-02 20:54 - 2013-05-02 22:28 - 00000000 ____D C:\Users\Momo\Documents\dragoon
2013-05-02 18:45 - 2013-05-03 19:59 - 00000000 ____D C:\Dragons Prophet Beta
2013-05-01 23:09 - 2013-05-01 23:09 - 00000000 ____D C:\Users\Momo\AppData\Local\Sony Online Entertainment
2013-05-01 22:38 - 2013-05-01 22:38 - 00000000 ____D C:\Users\Momo\AppData\Local\Aeria Games
2013-05-01 22:38 - 2013-05-01 22:38 - 00000000 ____D C:\ProgramData\Aeria Games
2013-05-01 21:17 - 2013-05-01 23:35 - 00000000 ____D C:\AeriaGames
2013-04-25 11:05 - 2013-04-25 11:05 - 00096800 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2013-04-23 17:10 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 15:04 - 2013-04-23 15:04 - 00437176 ____A (COMODO) C:\Windows\System32\guard64.dll
2013-04-23 15:04 - 2013-04-23 15:04 - 00348048 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2013-04-22 22:33 - 2013-04-22 22:33 - 00000000 ____D C:\Users\Momo\AppData\Roaming\Unity
2013-04-22 22:28 - 2013-05-03 22:05 - 00000000 ____D C:\Users\Momo\AppData\Local\Unity
2013-04-16 22:11 - 2013-04-16 22:53 - 00001284 ____A C:\Users\Momo\Documents\AutoHotkey.ahk
2013-04-15 18:38 - 2013-04-15 18:38 - 00706560 ____A (COMODO) C:\Windows\System32\Drivers\cmdguard.sys
2013-04-15 18:38 - 2013-04-15 18:38 - 00343760 ____A (COMODO) C:\Windows\System32\cmdvrt64.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00276688 ____A (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00048360 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2013-04-15 18:38 - 2013-04-15 18:38 - 00045776 ____A (COMODO) C:\Windows\System32\cmdkbd64.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00043216 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00040656 ____A (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00023168 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2013-04-14 20:20 - 2013-04-17 23:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-05-12 13:24 - 2013-01-04 15:41 - 00000000 ____D C:\Users\Momo\AppData\Roaming\uTorrent
2013-05-12 13:23 - 2013-05-12 13:23 - 01875978 ____A (Farbar) C:\Users\Momo\Desktop\FRST64.exe
2013-05-12 13:23 - 2013-05-12 13:23 - 00000000 ____D C:\FRST
2013-05-12 13:23 - 2013-01-01 14:51 - 00000000 ____D C:\Users\Momo\AppData\Roaming\.purple
2013-05-12 13:17 - 2013-05-11 16:09 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-12 13:14 - 2013-05-12 13:14 - 337772909 ____A C:\Users\Momo\Desktop\[HorribleSubs] Suisei no Gargantia - 06 [720p].mkv
2013-05-12 13:10 - 2013-01-01 14:53 - 00000000 ____D C:\Users\Momo\AppData\Roaming\Skype
2013-05-12 13:06 - 2013-03-22 19:39 - 00000000 ____D C:\Users\Momo\AppData\Roaming\Dropbox
2013-05-12 13:03 - 2013-01-02 11:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 12:45 - 2013-01-01 14:30 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-12 08:34 - 2009-07-14 00:45 - 00020496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-12 08:34 - 2009-07-14 00:45 - 00020496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-12 08:32 - 2009-07-14 01:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-12 08:30 - 2013-01-01 13:35 - 01781213 ____A C:\Windows\WindowsUpdate.log
2013-05-12 08:27 - 2013-05-11 14:38 - 00000616 ____A C:\Windows\setupact.log
2013-05-12 08:27 - 2013-03-22 19:41 - 00000000 ___RD C:\Users\Momo\Dropbox
2013-05-12 08:27 - 2013-01-01 14:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-12 08:27 - 2013-01-01 14:30 - 00001060 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-12 08:27 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-12 08:21 - 2013-05-12 08:21 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-12 08:21 - 2013-05-12 08:21 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-12 08:21 - 2013-05-12 08:21 - 00000000 ____D C:\Program Files\COMODO
2013-05-12 08:21 - 2013-05-11 16:09 - 00000000 ____D C:\ProgramData\COMODO
2013-05-12 08:07 - 2013-01-01 14:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-11 22:55 - 2013-05-11 22:55 - 00890825 ____A C:\Users\Momo\Desktop\SecurityCheck.exe
2013-05-11 22:55 - 2013-05-11 22:55 - 00165376 ____A C:\Users\Momo\Desktop\SystemLook_x64.exe
2013-05-11 21:10 - 2013-05-11 21:10 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-11 21:10 - 2013-05-11 21:09 - 02347384 ____A (ESET) C:\Users\Momo\Desktop\esetsmartinstaller_enu.exe
2013-05-11 21:07 - 2013-05-11 21:07 - 00448512 ____A (OldTimer Tools) C:\Users\Momo\Desktop\TFC.exe
2013-05-11 21:07 - 2013-05-11 21:07 - 00354299 ____A (Farbar) C:\Users\Momo\Desktop\FSS.exe
2013-05-11 21:05 - 2013-05-11 21:05 - 00448512 ____A (OldTimer Tools) C:\Users\Momo\Downloads\TFC (1).exe
2013-05-11 21:05 - 2013-05-11 21:05 - 00354299 ____A (Farbar) C:\Users\Momo\Downloads\FSS (1).exe
2013-05-11 21:01 - 2013-05-11 21:01 - 00000000 ____D C:\_OTL
2013-05-11 21:00 - 2013-05-11 21:00 - 00890825 ____A C:\Users\Momo\Downloads\SecurityCheck.exe
2013-05-11 21:00 - 2013-05-11 21:00 - 00448512 ____A (OldTimer Tools) C:\Users\Momo\Downloads\TFC.exe
2013-05-11 21:00 - 2013-05-11 21:00 - 00354299 ____A (Farbar) C:\Users\Momo\Downloads\FSS.exe
2013-05-11 20:14 - 2013-05-11 20:14 - 00000000 ____D C:\Windows\ERUNT
2013-05-11 20:14 - 2013-05-11 20:14 - 00000000 ____D C:\JRT
2013-05-11 20:11 - 2013-05-11 16:17 - 00006534 ____A C:\Windows\PFRO.log
2013-05-11 20:09 - 2013-05-11 20:09 - 00628743 ____A C:\Users\Momo\Desktop\adwcleaner.exe
2013-05-11 20:09 - 2013-05-11 20:09 - 00602112 ____A (OldTimer Tools) C:\Users\Momo\Desktop\OTL.exe
2013-05-11 20:09 - 2013-05-11 20:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Momo\Desktop\JRT.exe
2013-05-11 20:01 - 2013-05-11 19:56 - 00000000 ____D C:\ComboFix
2013-05-11 20:01 - 2013-05-11 18:41 - 00000000 ____D C:\Qoobox
2013-05-11 20:00 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-05-11 19:47 - 2009-07-13 22:34 - 53477376 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-05-11 19:47 - 2009-07-13 22:34 - 19398656 ____A C:\Windows\System32\config\SYSTEM.bak
2013-05-11 19:47 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-05-11 19:47 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-05-11 19:47 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2013-05-11 19:46 - 2013-05-11 18:41 - 00000000 ____D C:\Windows\erdnt
2013-05-11 19:46 - 2009-07-13 22:34 - 44040192 ____A C:\Windows\System32\config\COMPONENTS.bak
2013-05-11 18:41 - 2013-05-11 18:41 - 05068868 ____R (Swearware) C:\Users\Momo\Desktop\ComboFix.exe
2013-05-11 16:52 - 2013-05-11 16:52 - 00000000 ____D C:\Users\Momo\AppData\Roaming\WinRAR
2013-05-11 16:52 - 2013-05-11 16:52 - 00000000 ____D C:\Program Files\WinRAR
2013-05-11 16:14 - 2013-05-11 16:08 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-11 16:09 - 2013-05-11 16:09 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2013-05-11 16:09 - 2013-05-11 16:09 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-05-11 16:09 - 2013-05-11 16:09 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-05-11 14:38 - 2013-05-11 14:38 - 00000000 ____A C:\Windows\setuperr.log
2013-05-11 14:31 - 2013-05-11 14:31 - 00000017 ____A C:\Users\Momo\AppData\Local\resmon.resmoncfg
2013-05-11 14:06 - 2013-05-11 14:06 - 00688992 ____R (Swearware) C:\Users\Momo\Desktop\dds.com
2013-05-11 11:16 - 2013-01-24 20:50 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-11 11:16 - 2013-01-24 20:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-10 19:07 - 2013-01-04 16:20 - 00000000 ____D C:\Users\Momo\AppData\Roaming\vlc
2013-05-10 16:47 - 2013-05-10 16:41 - 351481850 ____A C:\Users\Momo\Desktop\[HorribleSubs] Valvrave the Liberator - 05 [720p].mkv
2013-05-09 20:57 - 2013-05-09 20:45 - 342350861 ____A C:\Users\Momo\Desktop\[HorribleSubs] Majestic Prince - 06 [720p].mkv
2013-05-06 22:55 - 2013-05-06 22:52 - 344514055 ____A C:\Users\Momo\Desktop\[HorribleSubs] Shingeki no Kyojin - 05 [720p].mkv
2013-05-06 18:42 - 2013-01-14 20:47 - 00002190 ___AH C:\Users\Momo\Documents\Default.rdp
2013-05-06 18:41 - 2013-01-03 10:53 - 00000000 ____D C:\Users\Momo\AppData\Roaming\Questrade
2013-05-06 18:41 - 2013-01-03 10:52 - 00000000 ____D C:\Users\Momo\Documents\Questrade IQ Edge
2013-05-06 18:40 - 2013-01-03 10:52 - 00001105 ____A C:\Users\Public\Desktop\Questrade IQ Edge.lnk
2013-05-06 18:40 - 2013-01-03 10:52 - 00000000 ____D C:\Program Files (x86)\Questrade IQ Edge
2013-05-03 22:05 - 2013-04-22 22:28 - 00000000 ____D C:\Users\Momo\AppData\Local\Unity
2013-05-03 19:59 - 2013-05-02 18:45 - 00000000 ____D C:\Dragons Prophet Beta
2013-05-03 17:07 - 2013-01-04 15:42 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-05-02 22:28 - 2013-05-02 20:54 - 00000000 ____D C:\Users\Momo\Documents\dragoon
2013-05-02 21:02 - 2013-05-02 21:02 - 00000000 ____D C:\CrashReport
2013-05-02 18:45 - 2013-01-01 14:57 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-02 18:37 - 2013-03-17 22:28 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-05-02 11:29 - 2010-11-20 23:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 23:35 - 2013-05-01 21:17 - 00000000 ____D C:\AeriaGames
2013-05-01 23:12 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\ShellNew
2013-05-01 23:09 - 2013-05-01 23:09 - 00000000 ____D C:\Users\Momo\AppData\Local\Sony Online Entertainment
2013-05-01 23:08 - 2013-03-17 22:51 - 00000000 ____D C:\ProgramData\NexonUS
2013-05-01 23:02 - 2013-01-24 20:55 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-01 23:02 - 2013-01-24 20:55 - 00000000 ____D C:\Program Files\CCleaner
2013-05-01 22:38 - 2013-05-01 22:38 - 00000000 ____D C:\Users\Momo\AppData\Local\Aeria Games
2013-05-01 22:38 - 2013-05-01 22:38 - 00000000 ____D C:\ProgramData\Aeria Games
2013-04-28 21:29 - 2013-01-30 19:37 - 00000000 ____D C:\Users\Momo\Documents\My Games
2013-04-25 11:05 - 2013-04-25 11:05 - 00096800 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2013-04-23 15:04 - 2013-04-23 15:04 - 00437176 ____A (COMODO) C:\Windows\System32\guard64.dll
2013-04-23 15:04 - 2013-04-23 15:04 - 00348048 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2013-04-22 22:33 - 2013-04-22 22:33 - 00000000 ____D C:\Users\Momo\AppData\Roaming\Unity
2013-04-18 18:49 - 2013-01-02 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-17 23:05 - 2013-04-14 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-16 22:53 - 2013-04-16 22:11 - 00001284 ____A C:\Users\Momo\Documents\AutoHotkey.ahk
2013-04-16 22:16 - 2013-03-03 17:03 - 00000000 ____D C:\ProgramData\HappyCloud
2013-04-16 22:15 - 2013-01-01 14:29 - 00000000 ____D C:\Users\Momo\AppData\Local\Deployment
2013-04-16 14:55 - 2013-01-31 19:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-16 14:55 - 2013-01-01 14:53 - 00000000 ____D C:\ProgramData\Skype
2013-04-16 14:55 - 2009-07-14 01:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-15 18:38 - 2013-04-15 18:38 - 00706560 ____A (COMODO) C:\Windows\System32\Drivers\cmdguard.sys
2013-04-15 18:38 - 2013-04-15 18:38 - 00343760 ____A (COMODO) C:\Windows\System32\cmdvrt64.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00276688 ____A (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00048360 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2013-04-15 18:38 - 2013-04-15 18:38 - 00045776 ____A (COMODO) C:\Windows\System32\cmdkbd64.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00043216 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00040656 ____A (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2013-04-15 18:38 - 2013-04-15 18:38 - 00023168 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2013-04-14 21:18 - 2013-01-01 22:25 - 00000000 ____D C:\Users\Momo\AppData\Roaming\TS3Client
2013-04-14 21:18 - 2013-01-01 16:27 - 00000000 ____D C:\Windows\Panther
2013-04-14 21:17 - 2013-03-17 22:47 - 00000000 ___SD C:\Users\Momo\Documents\Mabinogi
2013-04-14 17:39 - 2013-01-01 20:54 - 00000000 ____D C:\Users\Momo\AppData\Roaming\ActiveDossierUploader
2013-04-12 10:45 - 2013-04-23 17:10 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-04 13:21

==================== End Of Log ============================

 

[patatepile]

And addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2013 01
Ran by Momo at 2013-05-12 13:24:47 Run:
Running from C:\Users\Momo\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.3.0.29625)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Akamai NetSession Interface
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0806.1213.19931)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center (Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
CCleaner (Version: 4.01)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
COMODO Antivirus (Version: 6.1.14723.2813)
Dropbox (Version: 2.0.5)
ESET Online Scanner v3
Etron USB3.0 Host Controller (Version: 0.115)
Foxit Reader (Version: 5.4.5.124)
Free RAR Extract Frog (Version: 4.70)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.145)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Knightage (Version: 22.21)
LeapFrog Connect (French) (Version: 4.1.7.15320)
LeapFrog Connect (Version: 4.1.7.15320)
LeapFrog LeapPad Explorer Plugin (Version: 4.1.7.15320)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MP3jam 1.0.0.5 (Version: 1.0.0.5)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA 3D Vision Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
ON_OFF Charge B12.1025.1 (Version: 1.00.0001)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Pidgin (Version: 2.10.6)
Questrade IQ Edge (Version: 2.0.0.25)
Razer Synapse 2.0 (Version: 1.7.15)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Skype™ 6.3 (Version: 6.3.105)
TeamSpeak 3 Client (Version: 3.0.10)
UltraVnc (Version: 1.1.8)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (Version: 4.1.7.15320)
VLC media player 2.0.6 (Version: 2.0.6)
WhoCrashed 4.01
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
World of Tanks

==================== Restore Points =========================

11-05-2013 22:39:30 before new antivirus

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2013 09:46:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/12/2013 08:29:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2013 08:27:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7c8
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (05/12/2013 08:01:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2013 11:01:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7c4
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (05/11/2013 09:10:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/11/2013 09:10:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/11/2013 09:10:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/11/2013 09:10:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/11/2013 09:05:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/12/2013 11:57:35 AM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000001 000000c0 ff1fe203 00000007 00000000

Error: (05/12/2013 11:54:30 AM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000001 000000c0 ff1fe202 00000004 00000084

Error: (05/12/2013 08:29:49 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (05/12/2013 08:29:49 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/12/2013 08:27:43 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (05/12/2013 08:27:07 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/12/2013 08:21:33 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error:
%%5

Error: (05/12/2013 08:02:03 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (05/12/2013 08:02:03 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/12/2013 08:00:00 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (05/12/2013 09:46:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/12/2013 08:29:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2013 08:27:06 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17c801ce4f083beea8b3C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll41d2e896-baff-11e2-89a4-902b341805a3

Error: (05/12/2013 08:01:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2013 11:01:29 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c17c401ce4eac893acb53C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll3dde8350-bab0-11e2-8bd2-902b341805a3

Error: (05/11/2013 09:10:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Momo\Desktop\esetsmartinstaller_enu.exe

Error: (05/11/2013 09:10:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Momo\Desktop\esetsmartinstaller_enu.exe

Error: (05/11/2013 09:10:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Momo\Desktop\esetsmartinstaller_enu.exe

Error: (05/11/2013 09:10:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Momo\Desktop\esetsmartinstaller_enu.exe

Error: (05/11/2013 09:05:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 16365.24 MB
Available physical RAM: 12208.14 MB
Total Pagefile: 22363.43 MB
Available Pagefile: 17430.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:63.49 GB) NTFS (Disk=1 Partition=1)
Drive d: () (Fixed) (Total:232.88 GB) (Free:232.11 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (MOMO'S IPOD) (Removable) (Total:14.71 GB) (Free:14.08 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 5EF45EF4)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 32FBBE9A)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End Of Log ============================

 

[Broni]

That looks fine.

Now I can see Comodo running.
Is it in running condition?

If so I can see MSE listed in installed programs.
If Comodo is in running condition, uninstall MSE.

Let me know when done.

 

[patatepile]

It won't let me uninstall it... I'm the administrator, only account on this computer

[Window Title]
Programs and Features

[Content]
You do not have sufficient access to uninstall Microsoft Security Essentials.
Please contact your system administrator.

[OK]

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[patatepile]

No log, no threats found...

 

[Broni]

Click Start button and in "Start search" type:
cmd
Hold CTRL and SHIFT buttons and press Enter.
Command prompt window will open.
Paste this in:
chkdsk /f /r (<------watch for "spaces")
Press Enter.
Restart the computer.
Chkdsk will run.
Let me know if any errors found any fixes applied.

 

[patatepile]

Chkdsk ran all 5 tests, rebooted and I'm back in here. I got 3 lines of text when it rebooted that are not there usually, but had no time to read them. was that the check disk report? if so, I'll rerun it and will not blink on next reboot.

 

[Broni]

OK.

 

[patatepile]

Ok? I need to run it again?