TechSpot

Windows shut down in 1 minute. Nasty Virus?

By DamianN7
Aug 7, 2012
  1. Hello all,

    I just got home and tried turning my computer and every time it shuts down after one minute.

    Tried it is SAFE MODE and same thing happens.

    I was running Malwarebytes last night and it found few svchost.exe trojans and I deleted them. I guess it did not completely delete them.

    Please Help.
    I am using my extra Mac Laptop right now. Keep in mind I can have only 1 minute and I checked my processes and there is nothing out of the ordinary running. Its hiding.

    I have Kaspersky Recovery CD 10 if needed.

    THANK YOU IN ADVANCE.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    What Windows version is it?
     
  3. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    Windows 7 64bit sp1 I'm sorry I forgot to mention it. see my profile for my comp specs
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  5. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    Here we go: 1st LOG

    Scan result of Farbar Recovery Scan Tool Version: 08-08-2012
    Ran by SYSTEM at 07-08-2012 21:17:21
    Running from L:\
    Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\Damian\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-19] (BitTorrent, Inc.)
    HKU\Damian\...\Run: [LinkMagic for magicolor 1690MF] [x]
    HKU\Damian\...\Run: [AdobeBridge] [x]
    HKU\Damian\...\Run: [Spyware Doctor with AntiVirus] C:\Users\Damian\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min [x]
    HKU\Damian\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: [NameServer]68.237.161.12,71.250.0.12

    ==================== Services (Whitelisted) ======

    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

    ========================== Drivers (Whitelisted) =============

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-07 21:17 - 2012-08-07 21:17 - 00000000 ____D C:\FRST
    2012-08-07 15:31 - 2012-08-07 15:31 - 00001258 ____A C:\Users\Damian\Desktop\Spybot - Search & Destroy.lnk
    2012-08-07 15:31 - 2012-08-07 15:31 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-08-07 15:31 - 2012-08-07 15:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-08-07 15:27 - 2012-08-07 15:27 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-08-07 15:26 - 2012-08-07 15:26 - 00285368 ____A C:\Windows\Minidump\080712-18938-01.dmp
    2012-08-07 06:46 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-08-06 17:43 - 2012-08-06 17:43 - 00000000 ____D C:\Users\Damian\Desktop\rec
    2012-08-06 16:57 - 2012-08-06 16:57 - 00002254 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
    2012-08-06 16:57 - 2012-08-06 16:57 - 00000000 ____D C:\Program Files (x86)\EASEUS
    2012-08-04 06:16 - 2012-08-04 06:16 - 00264504 ____A C:\Windows\Minidump\080412-18314-01.dmp
    2012-08-02 20:18 - 2012-08-02 20:18 - 00291848 ____A C:\Windows\Minidump\080312-21434-01.dmp
    2012-08-01 13:35 - 2012-08-01 13:35 - 00291752 ____A C:\Windows\Minidump\080112-18610-01.dmp
    2012-07-29 17:28 - 2012-07-29 17:28 - 00292064 ____A C:\Windows\Minidump\072912-19609-01.dmp
    2012-07-27 08:46 - 2012-08-06 08:33 - 00000000 ____D C:\Users\Damian\Desktop\tootsie
    2012-07-24 14:28 - 2012-07-27 08:37 - 00000000 ____D C:\Users\Damian\Desktop\dl kasi
    2012-07-12 05:26 - 2012-07-12 05:26 - 00000000 ____D C:\Download

    ============ 3 Months Modified Files ========================

    2012-08-07 15:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-07 15:35 - 2009-07-13 20:51 - 00063592 ____A C:\Windows\setupact.log
    2012-08-07 15:31 - 2012-08-07 15:31 - 00001258 ____A C:\Users\Damian\Desktop\Spybot - Search & Destroy.lnk
    2012-08-07 15:26 - 2012-08-07 15:26 - 00285368 ____A C:\Windows\Minidump\080712-18938-01.dmp
    2012-08-07 06:53 - 2011-12-23 13:00 - 01483925 ____A C:\Windows\WindowsUpdate.log
    2012-08-07 06:52 - 2009-07-13 20:45 - 00024240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-07 06:52 - 2009-07-13 20:45 - 00024240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-07 06:51 - 2009-07-13 21:13 - 00730320 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-06 19:04 - 2012-04-29 12:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-06 16:57 - 2012-08-06 16:57 - 00002254 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
    2012-08-04 06:16 - 2012-08-04 06:16 - 00264504 ____A C:\Windows\Minidump\080412-18314-01.dmp
    2012-08-02 20:18 - 2012-08-02 20:18 - 00291848 ____A C:\Windows\Minidump\080312-21434-01.dmp
    2012-08-02 14:04 - 2012-04-29 12:12 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-02 14:04 - 2011-12-23 15:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-01 13:35 - 2012-08-01 13:35 - 00291752 ____A C:\Windows\Minidump\080112-18610-01.dmp
    2012-07-29 17:28 - 2012-07-29 17:28 - 00292064 ____A C:\Windows\Minidump\072912-19609-01.dmp
    2012-07-29 14:55 - 2010-11-20 19:47 - 00011104 ____A C:\Windows\PFRO.log
    2012-07-28 06:23 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-14 14:21 - 2012-04-27 17:53 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-03 09:46 - 2012-04-27 17:53 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-29 07:05 - 2012-06-29 07:05 - 00036519 ____A C:\Users\Damian\Downloads\2.htm
    2012-06-24 14:37 - 2012-06-24 14:37 - 00001901 ____A C:\Users\Damian\Desktop\Nero Express.lnk
    2012-06-24 11:47 - 2012-06-24 11:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-24 11:46 - 2012-06-24 11:46 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Damian\Downloads\Skype_5.10.0.114.exe
    2012-06-18 19:05 - 2011-12-25 18:54 - 00028558 ____A C:\Windows\DirectX.log
    2012-06-13 16:02 - 2012-06-13 16:02 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
    2012-05-30 14:43 - 2012-04-22 12:18 - 00248090 ____A C:\shared.log
    2012-05-22 17:12 - 2012-01-28 17:52 - 00002025 ____A C:\Users\Public\Desktop\Samsung AllShare.lnk
    2012-05-12 13:39 - 2011-12-31 06:51 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-12 13:39 - 2011-12-31 06:51 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

    Possible partition infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8191.05 MB
    Available physical RAM: 7384.68 MB
    Total Pagefile: 8189.25 MB
    Available Pagefile: 7377.08 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:139.64 GB) (Free:24.71 GB) NTFS
    3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive e: (2.0TBDisk1) (Fixed) (Total:1863.01 GB) (Free:122.67 GB) NTFS
    5 Drive f: (1.5TBDisk3) (Fixed) (Total:1397.26 GB) (Free:172.22 GB) NTFS
    6 Drive g: (1.5TBDisk4) (Fixed) (Total:1397.26 GB) (Free:351.09 GB) NTFS
    7 Drive h: (1.5TBDisk1) (Fixed) (Total:1397.25 GB) (Free:308.36 GB) NTFS
    10 Drive l: (CLEAN DISK) (Removable) (Total:3.72 GB) (Free:2.8 GB) FAT32
    11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    12 Drive y: (1.5TBDisk2) (Fixed) (Total:1397.26 GB) (Free:192.36 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1397 GB 0 B
    Disk 1 Online 139 GB 0 B
    Disk 2 Online 1863 GB 0 B
    Disk 3 Online 1397 GB 0 B
    Disk 4 Online 1397 GB 0 B
    Disk 5 Online 1397 GB 7168 KB
    Disk 6 Online 3820 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y 1.5TBDisk2 NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 139 GB 101 MB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C NTFS Partition 139 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E 2.0TBDisk1 NTFS Partition 1863 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 F 1.5TBDisk3 NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1397 GB 1024 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 G 1.5TBDisk4 NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 5:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 1397 GB 8032 KB
    Partition 1 Logical 1397 GB 8064 KB

    ==================================================================================

    Disk: 5
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 H 1.5TBDisk1 NTFS Partition 1397 GB Healthy

    ==================================================================================

    Partitions of Disk 6:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3819 MB 16 KB

    ==================================================================================

    Disk: 6
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 L CLEAN DISK FAT32 Removable 3819 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-08-07 06:22

    ======================= End Of Log ==========================


    2nd LOG

    Farbar Recovery Scan Tool Version: 08-08-2012
    Ran by SYSTEM at 2012-08-07 21:22:14
    Running from L:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======

    Thank You
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  7. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    Posting from the infected computer :) Its up for 5 minutes now.

    What is the next step?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Cool :)

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  9. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    alright:

    Step 2:

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.07.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Damian :: DAMIAN-PC [administrator]

    Protection: Enabled

    8/7/2012 10:34:12 PM
    mbam-log-2012-08-07 (22-34-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211423
    Time elapsed: 2 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Step 3:
    GMER log was empty

    Step 4:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Damian at 22:47:24 on 2012-08-07
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8191.6292 [GMT -4:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [LinkMagic for magicolor 1690MF]
    uRun: [AdobeBridge]
    uRun: [Spyware Doctor with AntiVirus] C:\Users\Damian\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8C5043D6-D6F3-4CEE-BF2C-70661D523B11} : NameServer = 8.26.56.26,156.154.70.22
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-14 2253120]
    R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 250056]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-08 05:17:07 -------- d-----w- C:\FRST
    2012-08-08 02:30:59 -------- d-----w- C:\ProgramData\CPA_VA
    2012-08-08 02:30:44 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E976E6B3-4FBC-47D6-98F6-572743C6D4C7}\offreg.dll
    2012-08-08 02:01:28 -------- d-----w- C:\ProgramData\Comodo
    2012-08-08 02:01:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-08-08 02:01:27 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-08-08 02:01:27 -------- d-----w- C:\Program Files\COMODO
    2012-08-07 23:31:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-08-07 23:31:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-08-07 23:27:05 -------- d-----w- C:\ProgramData\PC Tools
    2012-08-07 00:57:33 -------- d-----w- C:\Program Files (x86)\EASEUS
    2012-08-07 00:56:39 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
    2012-08-07 00:56:39 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
    2012-08-07 00:56:39 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
    2012-08-07 00:56:39 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-08-07 00:56:39 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
    2012-08-07 00:56:39 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
    2012-08-07 00:56:34 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
    2012-08-07 00:56:34 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
    2012-07-12 13:26:08 -------- d-----w- C:\Download
    .
    ==================== Find3M ====================
    .
    2012-08-02 22:04:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-02 22:04:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 22:49:45.41 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/23/2011 3:58:09 PM
    System Uptime: 8/7/2012 10:29:22 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA 775 | 3194/356mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 140 GiB total, 26.939 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 1863 GiB total, 122.665 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 1397 GiB total, 192.355 GiB free.
    H: is FIXED (NTFS) - 1397 GiB total, 308.359 GiB free.
    I: is FIXED (NTFS) - 1397 GiB total, 172.215 GiB free.
    J: is FIXED (NTFS) - 1397 GiB total, 351.088 GiB free.
    K: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&8372D40&0&00E5
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&8372D40&0&00E5
    Service: yukonw7
    .
    ==== System Restore Points ===================
    .
    RP50: 8/6/2012 8:57:00 PM - Installed EASEUS Data Recovery Wizard Professional 3.3.4
    RP51: 8/7/2012 10:02:16 PM - Device Driver Package Install: COMODO Network Service
    RP52: 8/7/2012 10:30:48 PM - Device Driver Package Install: COMODO Network Service
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    AnyDVD
    AviSynth 2.5
    COMODO GeekBuddy
    EASEUS Data Recovery Wizard Professional 3.3.4
    ffdshow v1.1.3882 [2011-06-13]
    FIFA MANAGER 12
    FileZilla Client 3.5.3
    Haali Media Splitter
    Hattrick Organizer (remove only)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    K-Lite Codec Pack 7.6.0 (Basic)
    KONICA MINOLTA magicolor 1690MF Scanner
    LinkMagic for magicolor 1690MF
    Malwarebytes Anti-Malware version 1.62.0.1300
    Medieval CUE Splitter
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mumble 1.2.3
    Nero 8 Micro v8.3.2.1
    NewsLeecher v4.0 Final
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Opera 12.00
    PDF Settings CS5
    RAR Password Recovery Magic v6.1.1.361
    Samsung AllShare
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Skype™ 5.10
    Star Wars: The Old Republic
    StarCraft II
    Steam
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    uTorrentControl2 Toolbar
    VirtualCloneDrive
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/7/2012 9:49:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    8/7/2012 7:26:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:26:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2012 7:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/7/2012 7:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/7/2012 7:26:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/7/2012 7:26:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/7/2012 7:26:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
    8/7/2012 7:26:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008a4ab30, 0xfffffa8008a4ae10, 0xfffff800031998b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080712-18938-01.
    8/7/2012 10:30:43 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/5/2012 9:16:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JERRY-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{130AE867-659F-437A-AFFB-565AB71B82ED}. The master browser is stopping or an election is being forced.
    8/5/2012 4:00:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    8/4/2012 10:16:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000ca0000, 0x0000000000000000, 0xfffff80002ee038e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-18314-01.
    8/3/2012 12:18:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000003000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f15ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080312-21434-01.
    8/1/2012 5:41:21 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/1/2012 5:35:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000003000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f13ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080112-18610-01.
    .
    ==== End Of File ===========================


     
  10. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    ComboFix 12-08-07.05 - Damian 08/07/2012 23:54:42.2.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8191.6617 [GMT -4:00]
    Running from: c:\users\Damian\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-08 05:17 . 2012-08-08 05:17 -------- d-----w- C:\FRST
    2012-08-08 03:58 . 2012-08-08 03:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-08 03:58 . 2012-08-08 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-08 02:30 . 2012-08-08 02:30 -------- d-----w- c:\programdata\CPA_VA
    2012-08-08 02:01 . 2012-08-08 02:02 -------- d-----w- c:\programdata\Comodo
    2012-08-08 02:01 . 2012-08-08 02:26 -------- d-----w- c:\program files\COMODO
    2012-08-08 02:01 . 2012-08-08 02:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-08-08 02:01 . 2012-08-08 02:01 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2012-08-07 23:31 . 2012-08-08 02:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-08-07 23:31 . 2012-08-08 02:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-08-07 23:27 . 2012-08-07 23:27 -------- d-----w- c:\programdata\PC Tools
    2012-08-07 00:57 . 2012-08-07 00:57 -------- d-----w- c:\program files (x86)\EASEUS
    2012-08-07 00:56 . 2004-04-19 03:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
    2012-08-07 00:56 . 2004-04-19 03:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
    2012-08-07 00:56 . 2004-04-19 03:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
    2012-08-07 00:56 . 2004-04-19 03:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
    2012-08-07 00:56 . 2004-04-19 03:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
    2012-08-07 00:56 . 2004-04-19 03:36 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2012-08-07 00:56 . 2012-08-07 00:56 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
    2012-08-07 00:56 . 2012-08-07 00:56 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
    2012-07-12 13:26 . 2012-07-12 13:26 -------- d-----w- C:\Download
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 22:04 . 2012-04-29 20:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 22:04 . 2011-12-23 23:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2012-04-28 01:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-12 22696]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-12 577824]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-12 43248]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{8C5043D6-D6F3-4CEE-BF2C-70661D523B11}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-LinkMagic for magicolor 1690MF - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
    6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:98,65,5c,7c,62,6f,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-08 00:05:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-08 04:05
    .
    Pre-Run: 28,674,097,152 bytes free
    Post-Run: 28,153,376,768 bytes free
    .
    - - End Of File - - 80F3635ABB50E89007B423B2267C5BEC
     
  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good :)

    Any current issues?

    ============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    Nothing that I can notice. I installed Comodo and svchost.exe is poping up. I am hitting block for now, is it safe to allow it?

    OTL Reports:

    OTL logfile created on: 8/8/2012 12:34:37 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Damian\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.19% Memory free
    16.00 Gb Paging File | 13.74 Gb Available in Paging File | 85.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.64 Gb Total Space | 26.29 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 125.40 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 192.49 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
    Drive H: | 1397.25 Gb Total Space | 308.36 Gb Free Space | 22.07% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 182.69 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 351.09 Gb Free Space | 25.13% Space Free | Partition Type: NTFS

    Computer Name: DAMIAN-PC | User Name: Damian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/08 00:33:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Desktop\OTL.exe
    PRC - [2012/08/02 18:04:09 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    PRC - [2012/07/17 16:19:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/02 18:04:09 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    MOD - [2012/07/17 16:19:58 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2011/11/23 06:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/08/02 18:04:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/17 16:19:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
    SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
    SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2011/08/19 11:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/22 19:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2011/08/19 11:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Damian\Desktop
    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B 6A 29 11 ED 6C CD 01 [binary data]
    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
    FF - prefs.js..network.proxy.type: 4
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/01 23:25:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 16:19:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}: C:\Users\Damian\AppData\Local\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}\ [2012/04/14 17:56:12 | 000,000,000 | ---D | M]

    [2011/12/24 10:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\Mozilla\Extensions
    [2012/08/03 17:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions
    [2012/07/17 16:20:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/06/23 15:34:45 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
    [2012/02/16 21:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/14 17:56:12 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\DAMIAN\APPDATA\LOCAL\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}
    [2012/05/28 22:16:22 | 000,104,669 | ---- | M] () (No name found) -- C:\USERS\DAMIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0PWI24NY.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI
    [2012/08/02 19:30:18 | 000,060,833 | ---- | M] () (No name found) -- C:\USERS\DAMIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0PWI24NY.DEFAULT\EXTENSIONS\FIREDIFF@JOHNJBARTON.COM.XPI
    [2012/07/17 16:19:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/17 20:56:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/17 20:56:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/08 00:00:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-189685806-1595172393-1958780754-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-189685806-1595172393-1958780754-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-189685806-1595172393-1958780754-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C5043D6-D6F3-4CEE-BF2C-70661D523B11}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/08 01:17:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/08 00:33:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Damian\Desktop\OTL.exe
    [2012/08/08 00:05:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/07 23:43:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/07 23:43:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/07 23:43:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/07 23:41:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/07 23:41:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/07 23:39:10 | 004,729,922 | R--- | C] (Swearware) -- C:\Users\Damian\Desktop\ComboFix.exe
    [2012/08/07 22:47:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Damian\Desktop\dds.com
    [2012/08/07 22:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/08/07 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/08/07 22:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2012/08/07 22:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/08/07 22:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2012/08/07 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/08/07 19:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/08/07 19:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/08/06 21:43:56 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\rec
    [2012/08/06 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Professional 3.3.4
    [2012/08/06 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
    [2012/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\tootsie
    [2012/07/24 18:28:38 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\dl kasi
    [2012/07/12 09:26:08 | 000,000,000 | ---D | C] -- C:\Download

    ========== Files - Modified Within 30 Days ==========

    [2012/08/08 00:33:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Desktop\OTL.exe
    [2012/08/08 00:29:35 | 000,946,881 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/08/08 00:07:23 | 000,024,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/08 00:07:23 | 000,024,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/08 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/08 00:00:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/07 23:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/07 23:59:39 | 2146,734,079 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/07 23:39:19 | 004,729,922 | R--- | M] (Swearware) -- C:\Users\Damian\Desktop\ComboFix.exe
    [2012/08/07 23:26:57 | 000,099,630 | ---- | M] () -- C:\Users\Damian\Desktop\Untitled-1.jpg
    [2012/08/07 22:47:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Damian\Desktop\dds.com
    [2012/08/07 22:36:30 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/07 22:36:30 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/07 22:36:30 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/07 22:30:09 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2012/08/07 22:26:31 | 000,000,460 | ---- | M] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
    [2012/08/07 22:01:28 | 000,001,069 | ---- | M] () -- C:\Users\Damian\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/08/06 20:57:39 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
    [2012/08/01 19:18:52 | 000,352,672 | ---- | M] () -- C:\Users\Damian\Desktop\Untitled-1.pdf
    [2012/07/31 15:39:46 | 000,141,880 | ---- | M] () -- C:\Users\Damian\Desktop\FNM080109Weeknight031_s4x3_lg.jpg
    [2012/07/14 18:21:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/07 23:43:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/07 23:43:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/07 23:43:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/07 23:43:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/07 23:43:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/07 23:26:55 | 000,099,630 | ---- | C] () -- C:\Users\Damian\Desktop\Untitled-1.jpg
    [2012/08/07 22:31:05 | 000,946,881 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/08/07 22:30:09 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2012/08/07 22:26:31 | 000,000,460 | ---- | C] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
    [2012/08/07 22:01:28 | 000,001,069 | ---- | C] () -- C:\Users\Damian\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/08/06 20:57:39 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
    [2012/08/01 23:38:39 | 000,141,880 | ---- | C] () -- C:\Users\Damian\Desktop\FNM080109Weeknight031_s4x3_lg.jpg
    [2012/08/01 19:18:52 | 000,352,672 | ---- | C] () -- C:\Users\Damian\Desktop\Untitled-1.pdf
    [2012/06/24 18:37:43 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
    [2012/01/13 00:26:15 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/12/25 22:49:21 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/12/24 14:31:08 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/12/24 12:01:51 | 000,032,126 | ---- | C] () -- C:\Windows\MSUMLT0H.INI
    [2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

    ========== LOP Check ==========

    [2012/05/12 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraft
    [2012/01/13 00:30:11 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\BDREBUILDER
    [2012/08/01 19:14:03 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\FileZilla
    [2011/12/26 23:42:49 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\ImgBurn
    [2012/01/02 23:36:34 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\KONICA MINOLTA
    [2012/01/15 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Mobipocket
    [2012/01/18 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\MultiPar
    [2012/03/26 20:51:55 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Mumble
    [2012/01/18 08:40:39 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\NewsLeecher
    [2011/12/24 10:25:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Opera
    [2012/01/28 21:52:35 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Samsung
    [2012/08/07 23:53:17 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\uTorrent
    [2012/07/28 10:23:11 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  14. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    OTL Extras logfile created on: 8/8/2012 12:34:37 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Damian\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.19% Memory free
    16.00 Gb Paging File | 13.74 Gb Available in Paging File | 85.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.64 Gb Total Space | 26.29 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 125.40 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 192.49 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
    Drive H: | 1397.25 Gb Total Space | 308.36 Gb Free Space | 22.07% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 182.69 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 351.09 Gb Free Space | 25.13% Space Free | Partition Type: NTFS

    Computer Name: DAMIAN-PC | User Name: Damian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    [HKEY_USERS\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1210ECC6-B092-4FC9-8C66-22D92CED68D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1F7FC194-B777-4C9F-9C65-6254C6A36662}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2B213BBE-5FAA-4564-9B43-23C79742CC71}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3294DF34-BCCE-4CE8-8680-E35FF64AF296}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{40F80C72-B469-44ED-B055-D3D8E4201C41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4E4638C5-0E00-402D-9369-365465A35CE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{52169F43-A542-4CB8-B905-53912FF0D618}" = lport=138 | protocol=17 | dir=in | app=system |
    "{5470127D-EFB3-4305-9295-F90B34234FF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{57FE32B2-1972-4BE2-9BD1-4B498763C22E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{631025AD-0A08-49A0-8A1F-ED59904812CC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{872C671B-F26F-4C3B-8F44-5B472E2FB59E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{898B15DA-70DD-4AF3-A304-C502238CA186}" = lport=445 | protocol=6 | dir=in | app=system |
    "{95AA0B3D-0635-43FD-938C-2AEA967540EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{98812FA9-593F-44C7-9E69-850D0105C55B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9CDD7A40-80C6-43EA-89E3-4BE74BC231A1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A012F9C0-1312-4ADE-B89F-AD5035E5D5E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A3C55B02-DCF0-4357-94D0-4A23630E7913}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B5DE99FA-3618-4315-8919-3F5EB21D7A54}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B677F271-9A40-451D-B389-23C2C52C993E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BB3BEC6C-6907-4D9E-8228-A6D94802D880}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D5190741-4BA6-44CB-956F-3AB46D8AF1D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D8C2ED6E-8ED0-418C-BF8F-790C7E9D0C8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DDE6C258-0CA0-4A69-A1E7-60C20FFFB1D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E7EDE814-96EC-4EA6-BB11-0F3618D6ABF0}" = lport=139 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00BC87FC-7F13-4258-8D37-F8BB7FA5F59E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{050659E5-C209-4C3A-8E10-A44D0D51832C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
    "{0A2E89EF-6CF5-4647-90F8-BEA102C9C83F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{131529CE-BBB1-4CB0-8483-3C6AEFB3523F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{1A503EB8-7702-46E7-A60C-E25085E70E51}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{26847ACF-9A43-4B6B-A166-CA67B8E6EB98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{28D7926B-5468-4C90-9F7F-61B6AC5687F1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{2D8EE169-293B-46AD-83C7-C5380FCE0139}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{31A057A1-3078-46DD-8624-E8625D143833}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{39F20019-08D4-42DC-8EF0-E9C4DAC45868}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{3F3D99B3-D1F9-468E-9EC7-DE114C3305BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4B14EA06-A0B1-4791-AF72-1D187A6E5C0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{53E0EA4E-02ED-4BCF-A784-5FD38E00BC83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5B016CC0-1195-4380-941D-8DEE343831D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{5D9A7ED1-C1EB-4F36-9493-AB590DCAFF59}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{608F0575-60C1-4860-8062-31679BAC57BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{62D867A3-FA95-4A1A-A40F-13691CB32F31}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{785A9C29-FE9E-47DE-8713-95BCC799FC83}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{7860F5D8-CD52-4A3B-8F32-F5C91E9393CA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{7DD75BAC-62A0-432E-8DAD-00170FB291D4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{7E17A5DF-5DCD-4D52-B919-B6A93BEAD41E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{82D523EF-F1D2-4F7B-AAE3-25E55BCE4B30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{86F6CA5D-FF89-4742-9187-1EEC753E0341}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
    "{8B028568-4D74-4242-80A2-6E447F9DA28A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{8E426CE6-B5EA-417A-8B4A-4C8062989664}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8F0C41A0-6BDB-4490-A163-62E682F82D2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9050966C-40FC-4049-95B0-71FB1C028E86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{94ABBA07-8F5D-4D98-A102-D90A6A9F3CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{95F1A25B-C3CC-4F61-9538-0883A90DABC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{9729E2C2-114F-48CD-82F8-1425C681813B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A32DFBFF-F604-4CD5-9888-134BCF12AC06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{A74F591D-79D4-4E1F-B193-19DB624D7ABF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AE4090C0-7862-4F69-B568-B974CEA825BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AFE3721A-14AB-46D7-9E30-3C2A4783FD04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{B12C25EF-0E48-4F68-9E68-9A1A49D40155}" = protocol=6 | dir=out | app=system |
    "{B3B4F20A-BC3F-4F80-9F6C-C8A91F6EC814}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{BB1D66BF-CE8B-4305-8E01-7FDC869A51A3}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
    "{BDF2CEB8-4011-46F4-8540-E47CF6133D83}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C3042003-00BC-4789-B9A3-EDEBA9493A64}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
    "{CDACD25D-1882-4754-88F6-B874FAB06C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{D6F0DC7B-DAE6-4DB6-8E16-E731F5B59523}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{E2A3E832-237D-4C3E-BBB2-87B33D61B58B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F08AF15E-50E8-4227-8400-4ED4DD956CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
    "{F9394FE0-3F0B-4424-8C7D-BD66344B0902}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{F9A5DF65-959F-4D02-9B69-9C1B857BBBA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{7C28EC4D-0E9F-4DA6-87A9-B12AF62A0CB9}C:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=c:\mass effect 3\binaries\win32\masseffect3.exe |
    "TCP Query User{7CBCD935-0B57-4304-AF48-AFE89AECA1D6}C:\program files (x86)\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dead island\deadislandgame.exe |
    "TCP Query User{9BAF0526-0A73-45C3-9C42-2DA3B6C945A6}G:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe" = protocol=6 | dir=in | app=g:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe |
    "TCP Query User{CE1AFEE9-C92C-4486-B0EC-6A1F8DCFE0C5}C:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe |
    "UDP Query User{3E599007-1347-45A6-A788-E8B59532CACF}C:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=c:\mass effect 3\binaries\win32\masseffect3.exe |
    "UDP Query User{73FB8E49-969E-4C0F-A583-75695D63CD15}C:\program files (x86)\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dead island\deadislandgame.exe |
    "UDP Query User{D8D4AD38-74C5-4EF7-BEC4-0C91BF6C5376}G:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe" = protocol=17 | dir=in | app=g:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe |
    "UDP Query User{F4FAC165-693D-4D0D-BDE1-722D14A2CA19}C:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23E68747-DA44-4EF1-A70E-3ECC8A5F7A6B}" = KONICA MINOLTA magicolor 1690MF Scanner
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
    "KONICA MINOLTA magicolor 1690MF" = KONICA MINOLTA magicolor 1690MF
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{2F8669B2-F8FA-452B-8F48-C30CF6CC176F}" = LinkMagic for magicolor 1690MF
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72B23535-8136-4863-965C-33A60FFA3CE7}" = EASEUS Data Recovery Wizard Professional 3.3.4
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
    "{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AnyDVD" = AnyDVD
    "AviSynth" = AviSynth 2.5
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
    "FIFA MANAGER 12" = FIFA MANAGER 12
    "FileZilla Client" = FileZilla Client 3.5.3
    "HaaliMkx" = Haali Media Splitter
    "Hattrick Organizer" = Hattrick Organizer (remove only)
    "ImgBurn" = ImgBurn
    "InstallShield_{23E68747-DA44-4EF1-A70E-3ECC8A5F7A6B}" = KONICA MINOLTA magicolor 1690MF Scanner
    "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nero8321_Micro_is1" = Nero 8 Micro v8.3.2.1
    "NewsLeecher_is1" = NewsLeecher v4.0 Final
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Opera 12.01.1532" = Opera 12.01
    "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.361
    "StarCraft II" = StarCraft II
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VirtualCloneDrive" = VirtualCloneDrive
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/6/2012 9:33:16 AM | Computer Name = Damian-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/6/2012 9:54:01 AM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16440, time
    stamp: 0x4eb31d5a Exception code: 0xc0000005 Fault offset: 0x0004ddae Faulting process
    id: 0xf40 Faulting application start time: 0x01cd73d7efd1b976 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: 2c7c1ded-dfce-11e1-9f94-002215770985

    Error - 8/6/2012 12:31:08 PM | Computer Name = Damian-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/6/2012 1:29:24 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
    stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
    id: 0xd8c Faulting application start time: 0x01cd73f0c9c4903a Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
    Report
    Id: 4347346a-dfec-11e1-af47-002215770985

    Error - 8/6/2012 4:01:15 PM | Computer Name = Damian-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/6/2012 4:17:21 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00016527 Faulting process id: 0xa84 Faulting application
    start time: 0x01cd740e230fb5d2 Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: b9abf29a-e003-11e1-bd05-002215770985

    Error - 8/6/2012 5:19:10 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x03e683db Faulting process id: 0xe58 Faulting application
    start time: 0x01cd7410a29611be Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: 5cac8ab4-e00c-11e1-bd05-002215770985

    Error - 8/6/2012 6:06:06 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
    stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
    id: 0xe28 Faulting application start time: 0x01cd74193faf7689 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
    Report
    Id: eb294b8a-e012-11e1-bd05-002215770985

    Error - 8/6/2012 7:02:52 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
    stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
    id: 0x6d8 Faulting application start time: 0x01cd741fb3bd4701 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
    Report
    Id: d96fb432-e01a-11e1-bd05-002215770985

    Error - 8/6/2012 7:23:44 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
    stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
    id: 0x12d4 Faulting application start time: 0x01cd7427a205717d Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
    Report
    Id: c36f30e5-e01d-11e1-bd05-002215770985

    [ System Events ]
    Error - 5/27/2012 11:00:34 PM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 5/28/2012 10:06:40 AM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 5/28/2012 10:17:22 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 5/28/2012 10:17:23 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 5/28/2012 10:17:23 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 5/28/2012 10:17:24 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 5/30/2012 9:02:15 PM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 5/31/2012 10:16:20 AM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 5/31/2012 9:38:11 PM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 6/5/2012 4:38:54 PM | Computer Name = Damian-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:23:31 PM on ?6/?5/?2012 was unexpected.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    .

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    PART 1

    17:38:38.0047 5040 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    17:38:38.0269 5040 ============================================================
    17:38:38.0269 5040 Current date / time: 2012/08/08 17:38:38.0269
    17:38:38.0269 5040 SystemInfo:
    17:38:38.0269 5040
    17:38:38.0269 5040 OS Version: 6.1.7601 ServicePack: 1.0
    17:38:38.0269 5040 Product type: Workstation
    17:38:38.0269 5040 ComputerName: DAMIAN-PC
    17:38:38.0269 5040 UserName: Damian
    17:38:38.0269 5040 Windows directory: C:\Windows
    17:38:38.0269 5040 System windows directory: C:\Windows
    17:38:38.0269 5040 Running under WOW64
    17:38:38.0269 5040 Processor architecture: Intel x64
    17:38:38.0269 5040 Number of processors: 4
    17:38:38.0269 5040 Page size: 0x1000
    17:38:38.0269 5040 Boot type: Normal boot
    17:38:38.0269 5040 ============================================================
    17:38:48.0237 5040 Drive \Device\Harddisk4\DR4 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:38:48.0274 5040 Drive \Device\Harddisk3\DR3 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x3E1ACE, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
    17:38:48.0292 5040 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:38:57.0707 5040 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:39:06.0822 5040 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:39:15.0792 5040 Drive \Device\Harddisk5\DR5 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:39:15.0797 5040 ============================================================
    17:39:15.0797 5040 \Device\Harddisk4\DR4:
    17:39:15.0820 5040 MBR partitions:
    17:39:15.0820 5040 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
    17:39:15.0820 5040 \Device\Harddisk3\DR3:
    17:39:15.0830 5040 MBR partitions:
    17:39:15.0830 5040 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:39:15.0830 5040 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x11745800
    17:39:15.0830 5040 \Device\Harddisk0\DR0:
    17:39:15.0845 5040 MBR partitions:
    17:39:15.0845 5040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    17:39:15.0845 5040 \Device\Harddisk1\DR1:
    17:39:15.0845 5040 MBR partitions:
    17:39:15.0845 5040 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
    17:39:15.0845 5040 \Device\Harddisk2\DR2:
    17:39:15.0845 5040 MBR partitions:
    17:39:15.0845 5040 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
    17:39:15.0845 5040 \Device\Harddisk5\DR5:
    17:39:15.0845 5040 MBR partitions:
    17:39:15.0845 5040 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841
    17:39:15.0845 5040 ============================================================
    17:39:15.0862 5040 C: <-> \Device\Harddisk3\DR3\Partition1
    17:39:15.0887 5040 E: <-> \Device\Harddisk0\DR0\Partition0
    17:39:15.0922 5040 G: <-> \Device\Harddisk2\DR2\Partition0
    17:39:15.0942 5040 H: <-> \Device\Harddisk5\DR5\Partition0
    17:39:15.0972 5040 I: <-> \Device\Harddisk1\DR1\Partition0
    17:39:15.0997 5040 J: <-> \Device\Harddisk4\DR4\Partition0
    17:39:15.0997 5040 ============================================================
    17:39:15.0997 5040 Initialize success
    17:39:15.0997 5040 ============================================================
    17:39:32.0717 3840 ============================================================
    17:39:32.0717 3840 Scan started
    17:39:32.0717 3840 Mode: Manual;
    17:39:32.0717 3840 ============================================================
    17:39:33.0253 3840 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
    17:39:33.0253 3840 1394ohci - ok
    17:39:33.0275 3840 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:39:33.0288 3840 ACPI - ok
    17:39:33.0300 3840 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:39:33.0300 3840 AcpiPmi - ok
    17:39:33.0400 3840 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:39:33.0400 3840 AdobeFlashPlayerUpdateSvc - ok
    17:39:33.0420 3840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    17:39:33.0428 3840 adp94xx - ok
    17:39:33.0443 3840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    17:39:33.0448 3840 adpahci - ok
    17:39:33.0455 3840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    17:39:33.0458 3840 adpu320 - ok
    17:39:33.0470 3840 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:39:33.0473 3840 AeLookupSvc - ok
    17:39:33.0503 3840 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    17:39:33.0520 3840 AFD - ok
    17:39:33.0530 3840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:39:33.0530 3840 agp440 - ok
    17:39:33.0545 3840 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:39:33.0548 3840 ALG - ok
    17:39:33.0555 3840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:39:33.0558 3840 aliide - ok
    17:39:33.0560 3840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:39:33.0563 3840 amdide - ok
    17:39:33.0570 3840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    17:39:33.0570 3840 AmdK8 - ok
    17:39:33.0575 3840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    17:39:33.0575 3840 AmdPPM - ok
    17:39:33.0585 3840 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:39:33.0585 3840 amdsata - ok
    17:39:33.0598 3840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    17:39:33.0600 3840 amdsbs - ok
    17:39:33.0608 3840 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:39:33.0608 3840 amdxata - ok
    17:39:33.0635 3840 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
    17:39:33.0638 3840 AnyDVD - ok
    17:39:33.0645 3840 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:39:33.0648 3840 AppID - ok
    17:39:33.0658 3840 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:39:33.0658 3840 AppIDSvc - ok
    17:39:33.0663 3840 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:39:33.0663 3840 Appinfo - ok
    17:39:33.0695 3840 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    17:39:33.0705 3840 AppMgmt - ok
    17:39:33.0713 3840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    17:39:33.0713 3840 arc - ok
    17:39:33.0723 3840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    17:39:33.0723 3840 arcsas - ok
    17:39:33.0738 3840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:39:33.0738 3840 AsyncMac - ok
    17:39:33.0748 3840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:39:33.0748 3840 atapi - ok
    17:39:33.0773 3840 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:39:33.0790 3840 AudioEndpointBuilder - ok
    17:39:33.0795 3840 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:39:33.0798 3840 AudioSrv - ok
    17:39:33.0813 3840 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:39:33.0815 3840 AxInstSV - ok
    17:39:33.0835 3840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    17:39:33.0853 3840 b06bdrv - ok
    17:39:33.0875 3840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:39:33.0878 3840 b57nd60a - ok
    17:39:33.0893 3840 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:39:33.0895 3840 BDESVC - ok
    17:39:33.0918 3840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:39:33.0918 3840 Beep - ok
    17:39:33.0953 3840 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:39:33.0968 3840 BFE - ok
    17:39:34.0000 3840 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    17:39:34.0020 3840 BITS - ok
    17:39:34.0043 3840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:39:34.0045 3840 blbdrive - ok
    17:39:34.0050 3840 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:39:34.0050 3840 bowser - ok
    17:39:34.0050 3840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    17:39:34.0050 3840 BrFiltLo - ok
    17:39:34.0060 3840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    17:39:34.0063 3840 BrFiltUp - ok
    17:39:34.0065 3840 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    17:39:34.0075 3840 BridgeMP - ok
    17:39:34.0080 3840 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:39:34.0090 3840 Browser - ok
    17:39:34.0100 3840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:39:34.0103 3840 Brserid - ok
    17:39:34.0105 3840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:39:34.0108 3840 BrSerWdm - ok
    17:39:34.0110 3840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:39:34.0113 3840 BrUsbMdm - ok
    17:39:34.0115 3840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:39:34.0115 3840 BrUsbSer - ok
    17:39:34.0120 3840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    17:39:34.0123 3840 BTHMODEM - ok
    17:39:34.0130 3840 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:39:34.0130 3840 bthserv - ok
    17:39:34.0145 3840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:39:34.0148 3840 cdfs - ok
    17:39:34.0160 3840 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:39:34.0163 3840 cdrom - ok
    17:39:34.0173 3840 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:39:34.0175 3840 CertPropSvc - ok
    17:39:34.0180 3840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    17:39:34.0180 3840 circlass - ok
    17:39:34.0208 3840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:39:34.0220 3840 CLFS - ok
    17:39:34.0318 3840 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    17:39:34.0323 3840 CLPSLS - ok
    17:39:34.0415 3840 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:39:34.0418 3840 clr_optimization_v2.0.50727_32 - ok
    17:39:34.0430 3840 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:39:34.0440 3840 clr_optimization_v2.0.50727_64 - ok
    17:39:34.0493 3840 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:39:34.0495 3840 clr_optimization_v4.0.30319_32 - ok
    17:39:34.0523 3840 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:39:34.0523 3840 clr_optimization_v4.0.30319_64 - ok
    17:39:34.0565 3840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    17:39:34.0565 3840 CmBatt - ok
    17:39:34.0665 3840 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    17:39:34.0678 3840 cmdAgent - ok
    17:39:34.0728 3840 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
    17:39:34.0728 3840 cmderd - ok
    17:39:34.0740 3840 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
    17:39:34.0750 3840 cmdGuard - ok
    17:39:34.0755 3840 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
    17:39:34.0755 3840 cmdHlp - ok
    17:39:34.0758 3840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:39:34.0760 3840 cmdide - ok
    17:39:34.0775 3840 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    17:39:34.0790 3840 CNG - ok
    17:39:34.0805 3840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    17:39:34.0805 3840 Compbatt - ok
    17:39:34.0815 3840 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:39:34.0815 3840 CompositeBus - ok
    17:39:34.0833 3840 COMSysApp - ok
    17:39:34.0865 3840 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
    17:39:34.0865 3840 cpuz135 - ok
    17:39:34.0878 3840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    17:39:34.0878 3840 crcdisk - ok
    17:39:34.0903 3840 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    17:39:34.0905 3840 CryptSvc - ok
    17:39:34.0925 3840 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    17:39:34.0933 3840 CSC - ok
    17:39:34.0958 3840 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    17:39:34.0980 3840 CscService - ok
    17:39:35.0008 3840 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:39:35.0018 3840 DcomLaunch - ok
    17:39:35.0053 3840 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:39:35.0058 3840 defragsvc - ok
    17:39:35.0083 3840 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:39:35.0083 3840 DfsC - ok
    17:39:35.0115 3840 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:39:35.0125 3840 Dhcp - ok
    17:39:35.0133 3840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:39:35.0133 3840 discache - ok
    17:39:35.0155 3840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    17:39:35.0155 3840 Disk - ok
    17:39:35.0160 3840 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    17:39:35.0160 3840 dmvsc - ok
    17:39:35.0175 3840 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:39:35.0178 3840 Dnscache - ok
    17:39:35.0193 3840 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:39:35.0208 3840 dot3svc - ok
    17:39:35.0223 3840 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:39:35.0225 3840 DPS - ok
    17:39:35.0238 3840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:39:35.0238 3840 drmkaud - ok
    17:39:35.0270 3840 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:39:35.0275 3840 DXGKrnl - ok
    17:39:35.0285 3840 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
    17:39:35.0285 3840 E1G60 - ok
    17:39:35.0313 3840 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:39:35.0315 3840 EapHost - ok
    17:39:35.0413 3840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    17:39:35.0455 3840 ebdrv - ok
    17:39:35.0525 3840 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    17:39:35.0528 3840 EFS - ok
    17:39:35.0573 3840 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:39:35.0575 3840 ehRecvr - ok
    17:39:35.0583 3840 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:39:35.0583 3840 ehSched - ok
    17:39:35.0625 3840 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    17:39:35.0625 3840 ElbyCDIO - ok
    17:39:35.0653 3840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    17:39:35.0673 3840 elxstor - ok
    17:39:35.0675 3840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:39:35.0675 3840 ErrDev - ok
    17:39:35.0700 3840 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:39:35.0703 3840 EventSystem - ok
    17:39:35.0718 3840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:39:35.0728 3840 exfat - ok
    17:39:35.0733 3840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:39:35.0733 3840 fastfat - ok
    17:39:35.0775 3840 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:39:35.0783 3840 Fax - ok
    17:39:35.0795 3840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:39:35.0795 3840 fdc - ok
    17:39:35.0805 3840 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:39:35.0805 3840 fdPHost - ok
    17:39:35.0808 3840 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:39:35.0808 3840 FDResPub - ok
    17:39:35.0825 3840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:39:35.0828 3840 FileInfo - ok
    17:39:35.0835 3840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:39:35.0835 3840 Filetrace - ok
    17:39:35.0845 3840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:39:35.0848 3840 flpydisk - ok
    17:39:35.0873 3840 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:39:35.0875 3840 FltMgr - ok
    17:39:35.0908 3840 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:39:35.0933 3840 FontCache - ok
    17:39:35.0968 3840 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:39:36.0020 3840 FontCache3.0.0.0 - ok
    17:39:36.0045 3840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:39:36.0048 3840 FsDepends - ok
    17:39:36.0053 3840 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:39:36.0053 3840 Fs_Rec - ok
    17:39:36.0065 3840 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:39:36.0075 3840 fvevol - ok
    17:39:36.0098 3840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    17:39:36.0100 3840 gagp30kx - ok
    17:39:36.0133 3840 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:39:36.0155 3840 gpsvc - ok
    17:39:36.0163 3840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:39:36.0165 3840 hcw85cir - ok
    17:39:36.0188 3840 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:39:36.0195 3840 HdAudAddService - ok
    17:39:36.0208 3840 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:39:36.0208 3840 HDAudBus - ok
    17:39:36.0218 3840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    17:39:36.0220 3840 HidBatt - ok
    17:39:36.0225 3840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    17:39:36.0225 3840 HidBth - ok
    17:39:36.0230 3840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    17:39:36.0233 3840 HidIr - ok
    17:39:36.0245 3840 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    17:39:36.0245 3840 hidserv - ok
    17:39:36.0260 3840 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:39:36.0263 3840 HidUsb - ok
    17:39:36.0275 3840 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:39:36.0275 3840 hkmsvc - ok
    17:39:36.0283 3840 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:39:36.0293 3840 HomeGroupListener - ok
    17:39:36.0318 3840 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:39:36.0328 3840 HomeGroupProvider - ok
    17:39:36.0368 3840 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:39:36.0370 3840 HpSAMD - ok
    17:39:36.0398 3840 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:39:36.0420 3840 HTTP - ok
    17:39:36.0433 3840 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:39:36.0433 3840 hwpolicy - ok
    17:39:36.0455 3840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:39:36.0455 3840 i8042prt - ok
    17:39:36.0500 3840 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:39:36.0520 3840 iaStorV - ok
    17:39:36.0588 3840 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:39:36.0605 3840 idsvc - ok
    17:39:36.0623 3840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    17:39:36.0625 3840 iirsp - ok
    17:39:36.0663 3840 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:39:36.0688 3840 IKEEXT - ok
    17:39:36.0720 3840 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
    17:39:36.0720 3840 inspect - ok
    17:39:36.0728 3840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:39:36.0728 3840 intelide - ok
    17:39:36.0745 3840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:39:36.0745 3840 intelppm - ok
    17:39:36.0753 3840 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:39:36.0755 3840 IPBusEnum - ok
    17:39:36.0760 3840 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:39:36.0763 3840 IpFilterDriver - ok
    17:39:36.0780 3840 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:39:36.0785 3840 iphlpsvc - ok
    17:39:36.0800 3840 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:39:36.0803 3840 IPMIDRV - ok
    17:39:36.0808 3840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:39:36.0810 3840 IPNAT - ok
    17:39:36.0818 3840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:39:36.0820 3840 IRENUM - ok
    17:39:36.0823 3840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:39:36.0823 3840 isapnp - ok
    17:39:36.0838 3840 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:39:36.0853 3840 iScsiPrt - ok
    17:39:36.0858 3840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:39:36.0858 3840 kbdclass - ok
    17:39:36.0863 3840 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:39:36.0863 3840 kbdhid - ok
    17:39:36.0883 3840 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:39:36.0883 3840 KeyIso - ok
    17:39:36.0888 3840 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    17:39:36.0888 3840 KSecDD - ok
    17:39:36.0903 3840 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:39:36.0905 3840 KSecPkg - ok
    17:39:36.0908 3840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:39:36.0910 3840 ksthunk - ok
    17:39:36.0930 3840 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:39:36.0938 3840 KtmRm - ok
    17:39:36.0963 3840 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    17:39:36.0978 3840 LanmanServer - ok
    17:39:36.0995 3840 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:39:36.0995 3840 LanmanWorkstation - ok
    17:39:37.0028 3840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:39:37.0028 3840 lltdio - ok
    17:39:37.0038 3840 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:39:37.0063 3840 lltdsvc - ok
    17:39:37.0078 3840 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:39:37.0078 3840 lmhosts - ok
    17:39:37.0103 3840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    17:39:37.0105 3840 LSI_FC - ok
    17:39:37.0110 3840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    17:39:37.0113 3840 LSI_SAS - ok
    17:39:37.0113 3840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    17:39:37.0113 3840 LSI_SAS2 - ok
    17:39:37.0123 3840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    17:39:37.0125 3840 LSI_SCSI - ok
    17:39:37.0140 3840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:39:37.0140 3840 luafv - ok
    17:39:37.0208 3840 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    17:39:37.0210 3840 MBAMProtector - ok
    17:39:37.0263 3840 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:39:37.0268 3840 MBAMService - ok
    17:39:37.0285 3840 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:39:37.0288 3840 Mcx2Svc - ok
    17:39:37.0295 3840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    17:39:37.0295 3840 megasas - ok
    17:39:37.0305 3840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    17:39:37.0308 3840 MegaSR - ok
    17:39:37.0378 3840 Microsoft SharePoint Workspace Audit Service - ok
    17:39:37.0398 3840 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:39:37.0400 3840 MMCSS - ok
    17:39:37.0408 3840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:39:37.0408 3840 Modem - ok
    17:39:37.0428 3840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:39:37.0428 3840 monitor - ok
    17:39:37.0443 3840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:39:37.0443 3840 mouclass - ok
    17:39:37.0448 3840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:39:37.0448 3840 mouhid - ok
    17:39:37.0458 3840 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:39:37.0460 3840 mountmgr - ok
    17:39:37.0495 3840 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:39:37.0498 3840 MozillaMaintenance - ok
    17:39:37.0510 3840 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:39:37.0513 3840 mpio - ok
    17:39:37.0525 3840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:39:37.0528 3840 mpsdrv - ok
    17:39:37.0553 3840 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:39:37.0573 3840 MpsSvc - ok
    17:39:37.0578 3840 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:39:37.0580 3840 MRxDAV - ok
    17:39:37.0588 3840 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:39:37.0588 3840 mrxsmb - ok
    17:39:37.0610 3840 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:39:37.0618 3840 mrxsmb10 - ok
    17:39:37.0628 3840 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:39:37.0630 3840 mrxsmb20 - ok
    17:39:37.0638 3840 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:39:37.0638 3840 msahci - ok
    17:39:37.0645 3840 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:39:37.0648 3840 msdsm - ok
    17:39:37.0668 3840 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:39:37.0670 3840 MSDTC - ok
    17:39:37.0730 3840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:39:37.0730 3840 Msfs - ok
    17:39:37.0755 3840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:39:37.0765 3840 mshidkmdf - ok
    17:39:37.0773 3840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:39:37.0775 3840 msisadrv - ok
    17:39:37.0793 3840 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:39:37.0795 3840 MSiSCSI - ok
    17:39:37.0798 3840 msiserver - ok
    17:39:37.0818 3840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:39:37.0818 3840 MSKSSRV - ok
    17:39:37.0818 3840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:39:37.0818 3840 MSPCLOCK - ok
    17:39:37.0828 3840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:39:37.0830 3840 MSPQM - ok
    17:39:37.0848 3840 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:39:37.0855 3840 MsRPC - ok
    17:39:37.0868 3840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:39:37.0868 3840 mssmbios - ok
    17:39:37.0870 3840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:39:37.0870 3840 MSTEE - ok
    17:39:37.0875 3840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    17:39:37.0875 3840 MTConfig - ok
    17:39:37.0903 3840 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    17:39:37.0903 3840 MTsensor - ok
    17:39:37.0913 3840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:39:37.0915 3840 Mup - ok
    17:39:37.0935 3840 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:39:37.0955 3840 napagent - ok
    17:39:37.0980 3840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:39:37.0985 3840 NativeWifiP - ok
    17:39:38.0033 3840 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:39:38.0050 3840 NDIS - ok
    17:39:38.0068 3840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:39:38.0070 3840 NdisCap - ok
    17:39:38.0080 3840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:39:38.0080 3840 NdisTapi - ok
    17:39:38.0080 3840 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:39:38.0090 3840 Ndisuio - ok
    17:39:38.0103 3840 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:39:38.0120 3840 NdisWan - ok
    17:39:38.0125 3840 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:39:38.0128 3840 NDProxy - ok
    17:39:38.0150 3840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:39:38.0150 3840 NetBIOS - ok
    17:39:38.0168 3840 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:39:38.0183 3840 NetBT - ok
    17:39:38.0195 3840 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:39:38.0198 3840 Netlogon - ok
    17:39:38.0230 3840 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:39:38.0235 3840 Netman - ok
    17:39:38.0253 3840 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:39:38.0265 3840 netprofm - ok
    17:39:38.0320 3840 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:39:38.0378 3840 NetTcpPortSharing - ok
    17:39:38.0393 3840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    17:39:38.0395 3840 nfrd960 - ok
    17:39:38.0415 3840 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:39:38.0418 3840 NlaSvc - ok
    17:39:38.0430 3840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:39:38.0430 3840 Npfs - ok
    17:39:38.0445 3840 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:39:38.0448 3840 nsi - ok
    17:39:38.0458 3840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:39:38.0458 3840 nsiproxy - ok
    17:39:38.0510 3840 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:39:38.0533 3840 Ntfs - ok
    17:39:38.0590 3840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:39:38.0590 3840 Null - ok
    17:39:38.0630 3840 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
    17:39:38.0633 3840 NVHDA - ok
    17:39:38.0973 3840 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:39:39.0028 3840 nvlddmkm - ok
    17:39:39.0073 3840 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:39:39.0090 3840 nvraid - ok
    17:39:39.0100 3840 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:39:39.0103 3840 nvstor - ok
    17:39:39.0170 3840 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
    17:39:39.0178 3840 nvsvc - ok
    17:39:39.0255 3840 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    17:39:39.0338 3840 nvUpdatusService - ok
    17:39:39.0358 3840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:39:39.0360 3840 nv_agp - ok
    17:39:39.0365 3840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:39:39.0365 3840 ohci1394 - ok
    17:39:39.0408 3840 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
     
  17. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    PART 2

    17:39:39.0408 3840 ose64 - ok
    17:39:39.0558 3840 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:39:39.0570 3840 osppsvc - ok
    17:39:39.0628 3840 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:39:39.0633 3840 p2pimsvc - ok
    17:39:39.0658 3840 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:39:39.0675 3840 p2psvc - ok
    17:39:39.0700 3840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    17:39:39.0700 3840 Parport - ok
    17:39:39.0700 3840 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:39:39.0710 3840 partmgr - ok
    17:39:39.0720 3840 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:39:39.0730 3840 PcaSvc - ok
    17:39:39.0735 3840 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:39:39.0735 3840 pci - ok
    17:39:39.0750 3840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:39:39.0750 3840 pciide - ok
    17:39:39.0763 3840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    17:39:39.0765 3840 pcmcia - ok
    17:39:39.0773 3840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:39:39.0773 3840 pcw - ok
    17:39:39.0800 3840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:39:39.0818 3840 PEAUTH - ok
    17:39:39.0863 3840 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    17:39:39.0875 3840 PeerDistSvc - ok
    17:39:39.0920 3840 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:39:39.0970 3840 PerfHost - ok
    17:39:40.0048 3840 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:39:40.0075 3840 pla - ok
    17:39:40.0110 3840 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:39:40.0130 3840 PlugPlay - ok
    17:39:40.0143 3840 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:39:40.0145 3840 PNRPAutoReg - ok
    17:39:40.0155 3840 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:39:40.0165 3840 PNRPsvc - ok
    17:39:40.0190 3840 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:39:40.0210 3840 PolicyAgent - ok
    17:39:40.0220 3840 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:39:40.0223 3840 Power - ok
    17:39:40.0250 3840 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:39:40.0253 3840 PptpMiniport - ok
    17:39:40.0268 3840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    17:39:40.0268 3840 Processor - ok
    17:39:40.0280 3840 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    17:39:40.0298 3840 ProfSvc - ok
    17:39:40.0313 3840 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:39:40.0315 3840 ProtectedStorage - ok
    17:39:40.0355 3840 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:39:40.0365 3840 Psched - ok
    17:39:40.0415 3840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    17:39:40.0445 3840 ql2300 - ok
    17:39:40.0493 3840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    17:39:40.0495 3840 ql40xx - ok
    17:39:40.0508 3840 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:39:40.0513 3840 QWAVE - ok
    17:39:40.0518 3840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:39:40.0520 3840 QWAVEdrv - ok
    17:39:40.0523 3840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:39:40.0523 3840 RasAcd - ok
    17:39:40.0533 3840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:39:40.0543 3840 RasAgileVpn - ok
    17:39:40.0555 3840 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:39:40.0555 3840 RasAuto - ok
    17:39:40.0565 3840 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:39:40.0565 3840 Rasl2tp - ok
    17:39:40.0580 3840 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:39:40.0590 3840 RasMan - ok
    17:39:40.0603 3840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:39:40.0605 3840 RasPppoe - ok
    17:39:40.0623 3840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:39:40.0625 3840 RasSstp - ok
    17:39:40.0648 3840 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:39:40.0655 3840 rdbss - ok
    17:39:40.0658 3840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:39:40.0660 3840 rdpbus - ok
    17:39:40.0670 3840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:39:40.0670 3840 RDPCDD - ok
    17:39:40.0678 3840 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    17:39:40.0680 3840 RDPDR - ok
    17:39:40.0685 3840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:39:40.0685 3840 RDPENCDD - ok
    17:39:40.0695 3840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:39:40.0695 3840 RDPREFMP - ok
    17:39:40.0695 3840 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    17:39:40.0705 3840 RdpVideoMiniport - ok
    17:39:40.0713 3840 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    17:39:40.0715 3840 RDPWD - ok
    17:39:40.0730 3840 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:39:40.0730 3840 rdyboost - ok
    17:39:40.0750 3840 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:39:40.0753 3840 RemoteAccess - ok
    17:39:40.0765 3840 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:39:40.0775 3840 RemoteRegistry - ok
    17:39:40.0795 3840 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:39:40.0798 3840 RpcEptMapper - ok
    17:39:40.0808 3840 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:39:40.0810 3840 RpcLocator - ok
    17:39:40.0825 3840 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:39:40.0830 3840 RpcSs - ok
    17:39:40.0835 3840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:39:40.0835 3840 rspndr - ok
    17:39:40.0853 3840 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    17:39:40.0853 3840 s3cap - ok
    17:39:40.0860 3840 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:39:40.0860 3840 SamSs - ok
    17:39:40.0920 3840 SamsungAllShareV2.0 (328100af2efd951eab657384ec361b6f) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    17:39:40.0968 3840 SamsungAllShareV2.0 - ok
    17:39:40.0980 3840 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:39:40.0983 3840 sbp2port - ok
    17:39:41.0005 3840 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:39:41.0008 3840 SCardSvr - ok
    17:39:41.0018 3840 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:39:41.0018 3840 scfilter - ok
    17:39:41.0045 3840 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:39:41.0070 3840 Schedule - ok
    17:39:41.0085 3840 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:39:41.0085 3840 SCPolicySvc - ok
    17:39:41.0103 3840 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:39:41.0105 3840 SDRSVC - ok
    17:39:41.0140 3840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:39:41.0140 3840 secdrv - ok
    17:39:41.0150 3840 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:39:41.0153 3840 seclogon - ok
    17:39:41.0158 3840 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    17:39:41.0160 3840 SENS - ok
    17:39:41.0168 3840 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:39:41.0170 3840 SensrSvc - ok
    17:39:41.0183 3840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:39:41.0183 3840 Serenum - ok
    17:39:41.0195 3840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:39:41.0198 3840 Serial - ok
    17:39:41.0200 3840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    17:39:41.0203 3840 sermouse - ok
    17:39:41.0215 3840 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:39:41.0218 3840 SessionEnv - ok
    17:39:41.0220 3840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:39:41.0223 3840 sffdisk - ok
    17:39:41.0225 3840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:39:41.0228 3840 sffp_mmc - ok
    17:39:41.0230 3840 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:39:41.0230 3840 sffp_sd - ok
    17:39:41.0230 3840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    17:39:41.0230 3840 sfloppy - ok
    17:39:41.0260 3840 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:39:41.0275 3840 SharedAccess - ok
    17:39:41.0295 3840 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:39:41.0310 3840 ShellHWDetection - ok
    17:39:41.0395 3840 SimpleSlideShowServer (1980fe1f5a32067dad1d8776b63c2669) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
    17:39:41.0440 3840 SimpleSlideShowServer - ok
    17:39:41.0448 3840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    17:39:41.0450 3840 SiSRaid2 - ok
    17:39:41.0455 3840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    17:39:41.0455 3840 SiSRaid4 - ok
    17:39:41.0483 3840 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:39:41.0483 3840 SkypeUpdate - ok
    17:39:41.0500 3840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:39:41.0503 3840 Smb - ok
    17:39:41.0505 3840 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:39:41.0515 3840 SNMPTRAP - ok
    17:39:41.0520 3840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:39:41.0523 3840 spldr - ok
    17:39:41.0543 3840 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:39:41.0548 3840 Spooler - ok
    17:39:41.0645 3840 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:39:41.0660 3840 sppsvc - ok
    17:39:41.0703 3840 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:39:41.0705 3840 sppuinotify - ok
    17:39:41.0730 3840 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:39:41.0733 3840 srv - ok
    17:39:41.0753 3840 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:39:41.0770 3840 srv2 - ok
    17:39:41.0780 3840 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:39:41.0780 3840 srvnet - ok
    17:39:41.0810 3840 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:39:41.0820 3840 SSDPSRV - ok
    17:39:41.0830 3840 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:39:41.0833 3840 SstpSvc - ok
    17:39:41.0878 3840 Steam Client Service - ok
    17:39:41.0925 3840 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    17:39:42.0000 3840 Stereo Service - ok
    17:39:42.0005 3840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    17:39:42.0008 3840 stexstor - ok
    17:39:42.0033 3840 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    17:39:42.0033 3840 StillCam - ok
    17:39:42.0068 3840 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:39:42.0075 3840 stisvc - ok
    17:39:42.0090 3840 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    17:39:42.0090 3840 storflt - ok
    17:39:42.0090 3840 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    17:39:42.0100 3840 StorSvc - ok
    17:39:42.0113 3840 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    17:39:42.0113 3840 storvsc - ok
    17:39:42.0115 3840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    17:39:42.0115 3840 swenum - ok
    17:39:42.0180 3840 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    17:39:42.0185 3840 SwitchBoard - ok
    17:39:42.0205 3840 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:39:42.0225 3840 swprv - ok
    17:39:42.0230 3840 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
    17:39:42.0230 3840 Synth3dVsc - ok
    17:39:42.0290 3840 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:39:42.0325 3840 SysMain - ok
    17:39:42.0400 3840 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:39:42.0403 3840 TabletInputService - ok
    17:39:42.0423 3840 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:39:42.0425 3840 TapiSrv - ok
    17:39:42.0438 3840 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:39:42.0440 3840 TBS - ok
    17:39:42.0490 3840 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:39:42.0505 3840 Tcpip - ok
    17:39:42.0585 3840 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:39:42.0593 3840 TCPIP6 - ok
    17:39:42.0628 3840 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:39:42.0628 3840 tcpipreg - ok
    17:39:42.0638 3840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:39:42.0638 3840 TDPIPE - ok
    17:39:42.0640 3840 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:39:42.0643 3840 TDTCP - ok
    17:39:42.0648 3840 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:39:42.0658 3840 tdx - ok
    17:39:42.0658 3840 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    17:39:42.0658 3840 TermDD - ok
    17:39:42.0673 3840 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
    17:39:42.0673 3840 terminpt - ok
    17:39:42.0723 3840 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:39:42.0743 3840 TermService - ok
    17:39:42.0753 3840 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:39:42.0755 3840 Themes - ok
    17:39:42.0773 3840 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:39:42.0773 3840 THREADORDER - ok
    17:39:42.0775 3840 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:39:42.0788 3840 TrkWks - ok
    17:39:42.0818 3840 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:39:42.0820 3840 TrustedInstaller - ok
    17:39:42.0833 3840 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:39:42.0833 3840 tssecsrv - ok
    17:39:42.0843 3840 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:39:42.0845 3840 TsUsbFlt - ok
    17:39:42.0850 3840 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    17:39:42.0850 3840 TsUsbGD - ok
    17:39:42.0863 3840 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
    17:39:42.0865 3840 tsusbhub - ok
    17:39:42.0880 3840 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:39:42.0883 3840 tunnel - ok
    17:39:42.0890 3840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    17:39:42.0913 3840 uagp35 - ok
    17:39:42.0925 3840 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:39:42.0945 3840 udfs - ok
    17:39:42.0953 3840 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:39:42.0963 3840 UI0Detect - ok
    17:39:42.0970 3840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:39:42.0973 3840 uliagpkx - ok
    17:39:42.0975 3840 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:39:42.0975 3840 umbus - ok
    17:39:42.0985 3840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    17:39:42.0988 3840 UmPass - ok
    17:39:43.0000 3840 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    17:39:43.0013 3840 UmRdpService - ok
    17:39:43.0040 3840 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:39:43.0053 3840 upnphost - ok
    17:39:43.0078 3840 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    17:39:43.0080 3840 usbaudio - ok
    17:39:43.0088 3840 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:39:43.0090 3840 usbccgp - ok
    17:39:43.0100 3840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:39:43.0100 3840 usbcir - ok
    17:39:43.0100 3840 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:39:43.0110 3840 usbehci - ok
    17:39:43.0125 3840 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:39:43.0140 3840 usbhub - ok
    17:39:43.0150 3840 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    17:39:43.0150 3840 usbohci - ok
    17:39:43.0165 3840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:39:43.0165 3840 usbprint - ok
    17:39:43.0185 3840 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:39:43.0188 3840 usbscan - ok
    17:39:43.0190 3840 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:39:43.0193 3840 USBSTOR - ok
    17:39:43.0200 3840 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:39:43.0200 3840 usbuhci - ok
    17:39:43.0235 3840 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    17:39:43.0238 3840 usbvideo - ok
    17:39:43.0250 3840 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:39:43.0253 3840 UxSms - ok
    17:39:43.0265 3840 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    17:39:43.0268 3840 VaultSvc - ok
    17:39:43.0293 3840 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
    17:39:43.0295 3840 VClone - ok
    17:39:43.0300 3840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:39:43.0300 3840 vdrvroot - ok
    17:39:43.0325 3840 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:39:43.0325 3840 vds - ok
    17:39:43.0363 3840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:39:43.0365 3840 vga - ok
    17:39:43.0368 3840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:39:43.0370 3840 VgaSave - ok
    17:39:43.0373 3840 VGPU - ok
    17:39:43.0388 3840 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:39:43.0390 3840 vhdmp - ok
    17:39:43.0395 3840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:39:43.0395 3840 viaide - ok
    17:39:43.0410 3840 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    17:39:43.0410 3840 vmbus - ok
    17:39:43.0410 3840 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    17:39:43.0410 3840 VMBusHID - ok
    17:39:43.0425 3840 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:39:43.0425 3840 volmgr - ok
    17:39:43.0445 3840 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:39:43.0450 3840 volmgrx - ok
    17:39:43.0465 3840 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:39:43.0473 3840 volsnap - ok
    17:39:43.0485 3840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    17:39:43.0488 3840 vsmraid - ok
    17:39:43.0540 3840 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:39:43.0550 3840 VSS - ok
    17:39:43.0608 3840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    17:39:43.0608 3840 vwifibus - ok
    17:39:43.0625 3840 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:39:43.0645 3840 W32Time - ok
    17:39:43.0668 3840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    17:39:43.0668 3840 WacomPen - ok
    17:39:43.0678 3840 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:39:43.0678 3840 WANARP - ok
    17:39:43.0678 3840 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:39:43.0678 3840 Wanarpv6 - ok
    17:39:43.0728 3840 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:39:43.0755 3840 wbengine - ok
    17:39:43.0795 3840 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:39:43.0800 3840 WbioSrvc - ok
    17:39:43.0820 3840 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:39:43.0828 3840 wcncsvc - ok
    17:39:43.0848 3840 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:39:43.0850 3840 WcsPlugInService - ok
    17:39:43.0853 3840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    17:39:43.0853 3840 Wd - ok
    17:39:43.0878 3840 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    17:39:43.0878 3840 WDC_SAM - ok
    17:39:43.0903 3840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:39:43.0920 3840 Wdf01000 - ok
    17:39:43.0925 3840 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:39:43.0935 3840 WdiServiceHost - ok
    17:39:43.0935 3840 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:39:43.0935 3840 WdiSystemHost - ok
    17:39:43.0955 3840 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:39:43.0970 3840 WebClient - ok
    17:39:43.0978 3840 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:39:44.0000 3840 Wecsvc - ok
    17:39:44.0003 3840 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:39:44.0013 3840 wercplsupport - ok
    17:39:44.0023 3840 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:39:44.0025 3840 WerSvc - ok
    17:39:44.0060 3840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:39:44.0060 3840 WfpLwf - ok
    17:39:44.0063 3840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:39:44.0065 3840 WIMMount - ok
    17:39:44.0078 3840 WinDefend - ok
    17:39:44.0078 3840 WinHttpAutoProxySvc - ok
    17:39:44.0125 3840 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:39:44.0143 3840 Winmgmt - ok
    17:39:44.0205 3840 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:39:44.0238 3840 WinRM - ok
    17:39:44.0315 3840 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:39:44.0340 3840 Wlansvc - ok
    17:39:44.0355 3840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:39:44.0355 3840 WmiAcpi - ok
    17:39:44.0378 3840 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:39:44.0380 3840 wmiApSrv - ok
    17:39:44.0395 3840 WMPNetworkSvc - ok
    17:39:44.0408 3840 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:39:44.0410 3840 WPCSvc - ok
    17:39:44.0420 3840 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:39:44.0420 3840 WPDBusEnum - ok
    17:39:44.0430 3840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:39:44.0433 3840 ws2ifsl - ok
    17:39:44.0445 3840 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    17:39:44.0448 3840 wscsvc - ok
    17:39:44.0453 3840 WSearch - ok
    17:39:44.0518 3840 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    17:39:44.0558 3840 wuauserv - ok
    17:39:44.0613 3840 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:39:44.0615 3840 WudfPf - ok
    17:39:44.0640 3840 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:39:44.0650 3840 WUDFRd - ok
    17:39:44.0670 3840 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:39:44.0670 3840 wudfsvc - ok
    17:39:44.0695 3840 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:39:44.0710 3840 WwanSvc - ok
    17:39:44.0745 3840 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    17:39:44.0748 3840 yukonw7 - ok
    17:39:44.0753 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
    17:39:44.0758 3840 \Device\Harddisk4\DR4 - ok
    17:39:44.0763 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
    17:39:44.0845 3840 \Device\Harddisk3\DR3 - ok
    17:39:44.0873 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:39:44.0873 3840 \Device\Harddisk0\DR0 - ok
    17:39:44.0885 3840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
    17:39:44.0888 3840 \Device\Harddisk1\DR1 - ok
    17:39:44.0890 3840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
    17:39:45.0243 3840 \Device\Harddisk2\DR2 - ok
    17:39:45.0245 3840 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR5
    17:39:45.0248 3840 \Device\Harddisk5\DR5 - ok
    17:39:45.0250 3840 Boot (0x1200) (ce4d7a9d459989351b319ade2aa7e951) \Device\Harddisk4\DR4\Partition0
    17:39:45.0253 3840 \Device\Harddisk4\DR4\Partition0 - ok
    17:39:45.0255 3840 Boot (0x1200) (eb7608f5c794fbd97cf8a46c7af94391) \Device\Harddisk3\DR3\Partition0
    17:39:45.0255 3840 \Device\Harddisk3\DR3\Partition0 - ok
    17:39:45.0260 3840 Boot (0x1200) (f0f6e0ab5ffbd013ca6d3a7a8c8009f0) \Device\Harddisk3\DR3\Partition1
    17:39:45.0260 3840 \Device\Harddisk3\DR3\Partition1 - ok
    17:39:45.0263 3840 Boot (0x1200) (c75732b20530fd41b3b6f66d47b062d1) \Device\Harddisk0\DR0\Partition0
    17:39:45.0265 3840 \Device\Harddisk0\DR0\Partition0 - ok
    17:39:45.0275 3840 Boot (0x1200) (8987d4507f1cf9c2700e85fb63d6fa1c) \Device\Harddisk1\DR1\Partition0
    17:39:45.0275 3840 \Device\Harddisk1\DR1\Partition0 - ok
    17:39:45.0278 3840 Boot (0x1200) (899e98a57e606f25ccc457c2589e1f0f) \Device\Harddisk2\DR2\Partition0
    17:39:45.0280 3840 \Device\Harddisk2\DR2\Partition0 - ok
    17:39:45.0283 3840 Boot (0x1200) (7c49fbd01a6dbb20331263b5eb3e6521) \Device\Harddisk5\DR5\Partition0
    17:39:45.0283 3840 \Device\Harddisk5\DR5\Partition0 - ok
    17:39:45.0285 3840 ============================================================
    17:39:45.0285 3840 Scan finished
    17:39:45.0285 3840 ============================================================
    17:39:45.0293 4744 Detected object count: 0
    17:39:45.0293 4744 Actual detected object count: 0


    Computer feels very good. Just that one popup is making me worry, but is'nt svchost also part of windows files?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It depends on its location.
    Can you post exact wording of that warning?

    ===============================

    OTL logs are clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    1.
    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    COMODO Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.0
    Java(TM) 6 Update 30
    Java(TM) 7 Update 4
    Java version out of Date!
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    2.
    Farbar Service Scanner Version: 06-08-2012
    Ran by Damian (administrator) on 08-08-2012 at 21:14:01
    Running from "C:\Users\Damian\Desktop"
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    3.
    Cleaned 600mb

    4.
    It's taking forever. I'll post the log tomorrow. It finished scanning my C: windows installation HD and found 1 threat. "JS/Redirector.NIQ trojan" I will post the log tomorrow when it is done scanning. Hopefully in the morning :)


    As for Comodos pop-up here is the screen shot:
    [​IMG]

    Thank you.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It looks safe to allow it.
     
  21. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    4.
    C:\Users\Damian\AppData\Local\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
    G:\FTP\Appz\DVD.Apps.Pack-Torrentleech\DVD.Audio.Extractor.v4.5.5.Incl.KeyGen-F4CG\f4cg.rar probably a variant of Win32/Agent.JCMPKEV trojan deleted - quarantined
    G:\FTP\Appz\DVDCopy\DVDFab Platinum 4.0.5.5 -FULL Personalized\DVDFab.Platinum.4.0.5.5.exe probably a variant of Win32/TrojanDownloader.Agent.FSSJMAE trojan cleaned by deleting - quarantined
    G:\FTP\Appz\DVDCopy\DVDPack 2007-07-20 -DNM\1Click DVD Copy Pro v3.0.0.0\ICU Patch\All.LG.Software.Innovations.Generic.Patch-ICU.exe probably a variant of Win32/Autorun.CPLKURV worm cleaned by deleting - quarantined
    G:\FTP\Appz\DVDCopy\DVDPack 2007-07-20 -DNM\DVDFab Platinum v3.1.5.0\DVDFabPlatinum3150.exe probably a variant of Win32/IRCBot.FMZTXBZ trojan cleaned by deleting - quarantined
    G:\FTP\Appz\DVDCopy\DVDPack 2007-07-20 -DNM\DVDInfoPro v4.635\keygen.rar probably a variant of Win32/Agent.NWQDGXY trojan deleted - quarantined
    G:\FTP\Appz\ForGames\CureROM_2033_Setup.rar probably a variant of Win32/Agent.LTYFKIZ trojan deleted - quarantined
    G:\FTP\Appz\ForGames\SecuROM_Loader_v7.26.rar probably a variant of Win32/Agent.TBQIGY trojan deleted - quarantined
    G:\FTP\Appz\Internet\Uniblue Performans Programs\SpyEraser V2\spyeraser.exe a variant of Win32/UbSpyEraser application cleaned by deleting - quarantined


    :) I guess it found a lot of my applications, but they are not dangerous right?

    Thank you for the answer with comodo.

    Any other steps?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =====================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    OTL Log:
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Damian
    ->Temp folder emptied: 100761 bytes
    ->Temporary Internet Files folder emptied: 568610 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 119888133 bytes
    ->Opera cache emptied: 22137958 bytes
    ->Flash cache emptied: 1753 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 882 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 1262140494 bytes

    Total Files Cleaned = 1,340.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Damian
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Damian
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.56.0 log created on 08092012_180213

    Files\Folders moved on Reboot...
    C:\Users\Damian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Damian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...


    Is it all good? Computer feels really fast. It's reborn.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  25. DamianN7

    DamianN7 TS Member Topic Starter Posts: 24

    Thank you so much man. Sending a small thank you to your paypal as yinyangsuperfoods.

    something strange happen with windows update. after installing 51 updates (I was behind) my windows could not start. it was stuck on the windows logo screen. I had to restore. Ill try again with just the security updates, unless you think its a bad idea?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...