Solved Windows shut down in 1 minute. Nasty Virus?

DamianN7 · Aug 7, 2012

Hello all,

I just got home and tried turning my computer and every time it shuts down after one minute.

Tried it is SAFE MODE and same thing happens.

I was running Malwarebytes last night and it found few svchost.exe trojans and I deleted them. I guess it did not completely delete them.

Please Help.
I am using my extra Mac Laptop right now. Keep in mind I can have only 1 minute and I checked my processes and there is nothing out of the ordinary running. Its hiding.

I have Kaspersky Recovery CD 10 if needed.

THANK YOU IN ADVANCE.

Broni · Aug 7, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

What Windows version is it?

DamianN7 · Aug 7, 2012

Windows 7 64bit sp1 I'm sorry I forgot to mention it. see my profile for my comp specs

Broni · Aug 7, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

DamianN7 · Aug 7, 2012

Here we go: 1st LOG

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012
Ran by SYSTEM at 07-08-2012 21:17:21
Running from L:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Damian\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-19] (BitTorrent, Inc.)
HKU\Damian\...\Run: [LinkMagic for magicolor 1690MF] [x]
HKU\Damian\...\Run: [AdobeBridge] [x]
HKU\Damian\...\Run: [Spyware Doctor with AntiVirus] C:\Users\Damian\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min [x]
HKU\Damian\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: [NameServer]68.237.161.12,71.250.0.12

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-07 21:17 - 2012-08-07 21:17 - 00000000 ____D C:\FRST
2012-08-07 15:31 - 2012-08-07 15:31 - 00001258 ____A C:\Users\Damian\Desktop\Spybot - Search & Destroy.lnk
2012-08-07 15:31 - 2012-08-07 15:31 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-08-07 15:31 - 2012-08-07 15:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-07 15:27 - 2012-08-07 15:27 - 00000000 ____D C:\Users\All Users\PC Tools
2012-08-07 15:26 - 2012-08-07 15:26 - 00285368 ____A C:\Windows\Minidump\080712-18938-01.dmp
2012-08-07 06:46 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-06 17:43 - 2012-08-06 17:43 - 00000000 ____D C:\Users\Damian\Desktop\rec
2012-08-06 16:57 - 2012-08-06 16:57 - 00002254 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
2012-08-06 16:57 - 2012-08-06 16:57 - 00000000 ____D C:\Program Files (x86)\EASEUS
2012-08-04 06:16 - 2012-08-04 06:16 - 00264504 ____A C:\Windows\Minidump\080412-18314-01.dmp
2012-08-02 20:18 - 2012-08-02 20:18 - 00291848 ____A C:\Windows\Minidump\080312-21434-01.dmp
2012-08-01 13:35 - 2012-08-01 13:35 - 00291752 ____A C:\Windows\Minidump\080112-18610-01.dmp
2012-07-29 17:28 - 2012-07-29 17:28 - 00292064 ____A C:\Windows\Minidump\072912-19609-01.dmp
2012-07-27 08:46 - 2012-08-06 08:33 - 00000000 ____D C:\Users\Damian\Desktop\tootsie
2012-07-24 14:28 - 2012-07-27 08:37 - 00000000 ____D C:\Users\Damian\Desktop\dl kasi
2012-07-12 05:26 - 2012-07-12 05:26 - 00000000 ____D C:\Download

============ 3 Months Modified Files ========================

2012-08-07 15:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-07 15:35 - 2009-07-13 20:51 - 00063592 ____A C:\Windows\setupact.log
2012-08-07 15:31 - 2012-08-07 15:31 - 00001258 ____A C:\Users\Damian\Desktop\Spybot - Search & Destroy.lnk
2012-08-07 15:26 - 2012-08-07 15:26 - 00285368 ____A C:\Windows\Minidump\080712-18938-01.dmp
2012-08-07 06:53 - 2011-12-23 13:00 - 01483925 ____A C:\Windows\WindowsUpdate.log
2012-08-07 06:52 - 2009-07-13 20:45 - 00024240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-07 06:52 - 2009-07-13 20:45 - 00024240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-07 06:51 - 2009-07-13 21:13 - 00730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-06 19:04 - 2012-04-29 12:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-06 16:57 - 2012-08-06 16:57 - 00002254 ____A C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
2012-08-04 06:16 - 2012-08-04 06:16 - 00264504 ____A C:\Windows\Minidump\080412-18314-01.dmp
2012-08-02 20:18 - 2012-08-02 20:18 - 00291848 ____A C:\Windows\Minidump\080312-21434-01.dmp
2012-08-02 14:04 - 2012-04-29 12:12 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 14:04 - 2011-12-23 15:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-01 13:35 - 2012-08-01 13:35 - 00291752 ____A C:\Windows\Minidump\080112-18610-01.dmp
2012-07-29 17:28 - 2012-07-29 17:28 - 00292064 ____A C:\Windows\Minidump\072912-19609-01.dmp
2012-07-29 14:55 - 2010-11-20 19:47 - 00011104 ____A C:\Windows\PFRO.log
2012-07-28 06:23 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-14 14:21 - 2012-04-27 17:53 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-03 09:46 - 2012-04-27 17:53 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 07:05 - 2012-06-29 07:05 - 00036519 ____A C:\Users\Damian\Downloads\2.htm
2012-06-24 14:37 - 2012-06-24 14:37 - 00001901 ____A C:\Users\Damian\Desktop\Nero Express.lnk
2012-06-24 11:47 - 2012-06-24 11:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-24 11:46 - 2012-06-24 11:46 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Damian\Downloads\Skype_5.10.0.114.exe
2012-06-18 19:05 - 2011-12-25 18:54 - 00028558 ____A C:\Windows\DirectX.log
2012-06-13 16:02 - 2012-06-13 16:02 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-30 14:43 - 2012-04-22 12:18 - 00248090 ____A C:\shared.log
2012-05-22 17:12 - 2012-01-28 17:52 - 00002025 ____A C:\Users\Public\Desktop\Samsung AllShare.lnk
2012-05-12 13:39 - 2011-12-31 06:51 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-12 13:39 - 2011-12-31 06:51 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8191.05 MB
Available physical RAM: 7384.68 MB
Total Pagefile: 8189.25 MB
Available Pagefile: 7377.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:139.64 GB) (Free:24.71 GB) NTFS
3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive e: (2.0TBDisk1) (Fixed) (Total:1863.01 GB) (Free:122.67 GB) NTFS
5 Drive f: (1.5TBDisk3) (Fixed) (Total:1397.26 GB) (Free:172.22 GB) NTFS
6 Drive g: (1.5TBDisk4) (Fixed) (Total:1397.26 GB) (Free:351.09 GB) NTFS
7 Drive h: (1.5TBDisk1) (Fixed) (Total:1397.25 GB) (Free:308.36 GB) NTFS
10 Drive l: (CLEAN DISK) (Removable) (Total:3.72 GB) (Free:2.8 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (1.5TBDisk2) (Fixed) (Total:1397.26 GB) (Free:192.36 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 Online 139 GB 0 B
Disk 2 Online 1863 GB 0 B
Disk 3 Online 1397 GB 0 B
Disk 4 Online 1397 GB 0 B
Disk 5 Online 1397 GB 7168 KB
Disk 6 Online 3820 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y 1.5TBDisk2 NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 139 GB 101 MB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 139 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E 2.0TBDisk1 NTFS Partition 1863 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F 1.5TBDisk3 NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

==================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 G 1.5TBDisk4 NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 1397 GB 8032 KB
Partition 1 Logical 1397 GB 8064 KB

==================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 H 1.5TBDisk1 NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3819 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L CLEAN DISK FAT32 Removable 3819 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 06:22

======================= End Of Log ==========================

2nd LOG

Farbar Recovery Scan Tool Version: 08-08-2012
Ran by SYSTEM at 2012-08-07 21:22:14
Running from L:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Thank You

Broni · Aug 7, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

DamianN7 · Aug 7, 2012

Posting from the infected computer

Its up for 5 minutes now.

What is the next step?

Broni · Aug 7, 2012

Cool

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

DamianN7 · Aug 7, 2012

alright:

Step 2:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Damian :: DAMIAN-PC [administrator]

Protection: Enabled

8/7/2012 10:34:12 PM
mbam-log-2012-08-07 (22-34-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211423
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Step 3:
GMER log was empty

Step 4:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Damian at 22:47:24 on 2012-08-07
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8191.6292 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [LinkMagic for magicolor 1690MF]
uRun: [AdobeBridge]
uRun: [Spyware Doctor with AntiVirus] C:\Users\Damian\Desktop\Spybot-Spyware-Doctor-Install-rw.exe -min
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C5043D6-D6F3-4CEE-BF2C-70661D523B11} : NameServer = 8.26.56.26,156.154.70.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-14 2253120]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 250056]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-08 05:17:07 -------- d-----w- C:\FRST
2012-08-08 02:30:59 -------- d-----w- C:\ProgramData\CPA_VA
2012-08-08 02:30:44 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E976E6B3-4FBC-47D6-98F6-572743C6D4C7}\offreg.dll
2012-08-08 02:01:28 -------- d-----w- C:\ProgramData\Comodo
2012-08-08 02:01:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-08 02:01:27 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-08-08 02:01:27 -------- d-----w- C:\Program Files\COMODO
2012-08-07 23:31:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-07 23:31:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-07 23:27:05 -------- d-----w- C:\ProgramData\PC Tools
2012-08-07 00:57:33 -------- d-----w- C:\Program Files (x86)\EASEUS
2012-08-07 00:56:39 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-08-07 00:56:39 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-08-07 00:56:39 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-08-07 00:56:39 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-08-07 00:56:39 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-08-07 00:56:39 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-08-07 00:56:34 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-08-07 00:56:34 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-07-12 13:26:08 -------- d-----w- C:\Download
.
==================== Find3M ====================
.
2012-08-02 22:04:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 22:04:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 22:49:45.41 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2011 3:58:09 PM
System Uptime: 8/7/2012 10:29:22 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA 775 | 3194/356mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 140 GiB total, 26.939 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 122.665 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 1397 GiB total, 192.355 GiB free.
H: is FIXED (NTFS) - 1397 GiB total, 308.359 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 172.215 GiB free.
J: is FIXED (NTFS) - 1397 GiB total, 351.088 GiB free.
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&8372D40&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&8372D40&0&00E5
Service: yukonw7
.
==== System Restore Points ===================
.
RP50: 8/6/2012 8:57:00 PM - Installed EASEUS Data Recovery Wizard Professional 3.3.4
RP51: 8/7/2012 10:02:16 PM - Device Driver Package Install: COMODO Network Service
RP52: 8/7/2012 10:30:48 PM - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
AnyDVD
AviSynth 2.5
COMODO GeekBuddy
EASEUS Data Recovery Wizard Professional 3.3.4
ffdshow v1.1.3882 [2011-06-13]
FIFA MANAGER 12
FileZilla Client 3.5.3
Haali Media Splitter
Hattrick Organizer (remove only)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 4
JavaFX 2.1.0
K-Lite Codec Pack 7.6.0 (Basic)
KONICA MINOLTA magicolor 1690MF Scanner
LinkMagic for magicolor 1690MF
Malwarebytes Anti-Malware version 1.62.0.1300
Medieval CUE Splitter
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
Nero 8 Micro v8.3.2.1
NewsLeecher v4.0 Final
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Opera 12.00
PDF Settings CS5
RAR Password Recovery Magic v6.1.1.361
Samsung AllShare
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 5.10
Star Wars: The Old Republic
StarCraft II
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
uTorrentControl2 Toolbar
VirtualCloneDrive
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 9:49:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/7/2012 7:26:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:26:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/7/2012 7:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/7/2012 7:26:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2012 7:26:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/7/2012 7:26:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
8/7/2012 7:26:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008a4ab30, 0xfffffa8008a4ae10, 0xfffff800031998b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080712-18938-01.
8/7/2012 10:30:43 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/5/2012 9:16:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JERRY-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{130AE867-659F-437A-AFFB-565AB71B82ED}. The master browser is stopping or an election is being forced.
8/5/2012 4:00:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/4/2012 10:16:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000ca0000, 0x0000000000000000, 0xfffff80002ee038e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-18314-01.
8/3/2012 12:18:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000003000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f15ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080312-21434-01.
8/1/2012 5:41:21 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/1/2012 5:35:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000003000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f13ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080112-18610-01.
.
==== End Of File ===========================

Broni · Aug 7, 2012

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

DamianN7 · Aug 8, 2012

ComboFix 12-08-07.05 - Damian 08/07/2012 23:54:42.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8191.6617 [GMT -4:00]
Running from: c:\users\Damian\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 05:17 . 2012-08-08 05:17 -------- d-----w- C:\FRST
2012-08-08 03:58 . 2012-08-08 03:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-08 03:58 . 2012-08-08 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 02:30 . 2012-08-08 02:30 -------- d-----w- c:\programdata\CPA_VA
2012-08-08 02:01 . 2012-08-08 02:02 -------- d-----w- c:\programdata\Comodo
2012-08-08 02:01 . 2012-08-08 02:26 -------- d-----w- c:\program files\COMODO
2012-08-08 02:01 . 2012-08-08 02:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-08 02:01 . 2012-08-08 02:01 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-08-07 23:31 . 2012-08-08 02:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-07 23:31 . 2012-08-08 02:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-07 23:27 . 2012-08-07 23:27 -------- d-----w- c:\programdata\PC Tools
2012-08-07 00:57 . 2012-08-07 00:57 -------- d-----w- c:\program files (x86)\EASEUS
2012-08-07 00:56 . 2004-04-19 03:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-08-07 00:56 . 2004-04-19 03:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-08-07 00:56 . 2004-04-19 03:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-08-07 00:56 . 2004-04-19 03:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-08-07 00:56 . 2004-04-19 03:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-08-07 00:56 . 2004-04-19 03:36 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-08-07 00:56 . 2012-08-07 00:56 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-08-07 00:56 . 2012-08-07 00:56 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-07-12 13:26 . 2012-07-12 13:26 -------- d-----w- C:\Download
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:04 . 2012-04-29 20:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 22:04 . 2011-12-23 23:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-04-28 01:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-12 22696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-12 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-12 43248]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{8C5043D6-D6F3-4CEE-BF2C-70661D523B11}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-LinkMagic for magicolor 1690MF - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:98,65,5c,7c,62,6f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 00:05:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 04:05
.
Pre-Run: 28,674,097,152 bytes free
Post-Run: 28,153,376,768 bytes free
.
- - End Of File - - 80F3635ABB50E89007B423B2267C5BEC

Broni · Aug 8, 2012

Looks good

Any current issues?

============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

DamianN7 · Aug 8, 2012

Nothing that I can notice. I installed Comodo and svchost.exe is poping up. I am hitting block for now, is it safe to allow it?

OTL Reports:

OTL logfile created on: 8/8/2012 12:34:37 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Damian\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.19% Memory free
16.00 Gb Paging File | 13.74 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.64 Gb Total Space | 26.29 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 125.40 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 192.49 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive H: | 1397.25 Gb Total Space | 308.36 Gb Free Space | 22.07% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 182.69 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive J: | 1397.26 Gb Total Space | 351.09 Gb Free Space | 25.13% Space Free | Partition Type: NTFS

Computer Name: DAMIAN-PC | User Name: Damian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 00:33:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Desktop\OTL.exe
PRC - [2012/08/02 18:04:09 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/17 16:19:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/02 18:04:09 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/17 16:19:58 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 06:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/02 18:04:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 16:19:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/19 11:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 19:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/08/19 11:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Damian\Desktop
IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B 6A 29 11 ED 6C CD 01 [binary data]
IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/01 23:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 16:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}: C:\Users\Damian\AppData\Local\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}\ [2012/04/14 17:56:12 | 000,000,000 | ---D | M]

[2011/12/24 10:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\Mozilla\Extensions
[2012/08/03 17:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions
[2012/07/17 16:20:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/06/23 15:34:45 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\0pwi24ny.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2012/02/16 21:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/14 17:56:12 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\DAMIAN\APPDATA\LOCAL\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}
[2012/05/28 22:16:22 | 000,104,669 | ---- | M] () (No name found) -- C:\USERS\DAMIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0PWI24NY.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI
[2012/08/02 19:30:18 | 000,060,833 | ---- | M] () (No name found) -- C:\USERS\DAMIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0PWI24NY.DEFAULT\EXTENSIONS\FIREDIFF@JOHNJBARTON.COM.XPI
[2012/07/17 16:19:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/17 20:56:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 20:56:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/08 00:00:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-189685806-1595172393-1958780754-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-189685806-1595172393-1958780754-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-189685806-1595172393-1958780754-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{130AE867-659F-437A-AFFB-565AB71B82ED}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C5043D6-D6F3-4CEE-BF2C-70661D523B11}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 01:17:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/08 00:33:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Damian\Desktop\OTL.exe
[2012/08/08 00:05:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/07 23:43:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/07 23:43:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/07 23:43:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/07 23:41:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/07 23:41:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/07 23:39:10 | 004,729,922 | R--- | C] (Swearware) -- C:\Users\Damian\Desktop\ComboFix.exe
[2012/08/07 22:47:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Damian\Desktop\dds.com
[2012/08/07 22:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/08/07 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/08/07 22:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012/08/07 22:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/08/07 22:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/08/07 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/07 19:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/07 19:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/06 21:43:56 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\rec
[2012/08/06 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Professional 3.3.4
[2012/08/06 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012/07/27 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\tootsie
[2012/07/24 18:28:38 | 000,000,000 | ---D | C] -- C:\Users\Damian\Desktop\dl kasi
[2012/07/12 09:26:08 | 000,000,000 | ---D | C] -- C:\Download

========== Files - Modified Within 30 Days ==========

[2012/08/08 00:33:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Damian\Desktop\OTL.exe
[2012/08/08 00:29:35 | 000,946,881 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/08/08 00:07:23 | 000,024,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 00:07:23 | 000,024,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 00:00:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/07 23:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 23:59:39 | 2146,734,079 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 23:39:19 | 004,729,922 | R--- | M] (Swearware) -- C:\Users\Damian\Desktop\ComboFix.exe
[2012/08/07 23:26:57 | 000,099,630 | ---- | M] () -- C:\Users\Damian\Desktop\Untitled-1.jpg
[2012/08/07 22:47:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Damian\Desktop\dds.com
[2012/08/07 22:36:30 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/07 22:36:30 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/07 22:36:30 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/07 22:30:09 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/08/07 22:26:31 | 000,000,460 | ---- | M] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/07 22:01:28 | 000,001,069 | ---- | M] () -- C:\Users\Damian\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/08/06 20:57:39 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
[2012/08/01 19:18:52 | 000,352,672 | ---- | M] () -- C:\Users\Damian\Desktop\Untitled-1.pdf
[2012/07/31 15:39:46 | 000,141,880 | ---- | M] () -- C:\Users\Damian\Desktop\FNM080109Weeknight031_s4x3_lg.jpg
[2012/07/14 18:21:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/08/07 23:43:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/07 23:43:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/07 23:43:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/07 23:43:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/07 23:43:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 23:26:55 | 000,099,630 | ---- | C] () -- C:\Users\Damian\Desktop\Untitled-1.jpg
[2012/08/07 22:31:05 | 000,946,881 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/08/07 22:30:09 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/08/07 22:26:31 | 000,000,460 | ---- | C] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/07 22:01:28 | 000,001,069 | ---- | C] () -- C:\Users\Damian\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/08/06 20:57:39 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Professional 3.3.4.lnk
[2012/08/01 23:38:39 | 000,141,880 | ---- | C] () -- C:\Users\Damian\Desktop\FNM080109Weeknight031_s4x3_lg.jpg
[2012/08/01 19:18:52 | 000,352,672 | ---- | C] () -- C:\Users\Damian\Desktop\Untitled-1.pdf
[2012/06/24 18:37:43 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
[2012/01/13 00:26:15 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/25 22:49:21 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/24 14:31:08 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/12/24 12:01:51 | 000,032,126 | ---- | C] () -- C:\Windows\MSUMLT0H.INI
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/05/12 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\.minecraft
[2012/01/13 00:30:11 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\BDREBUILDER
[2012/08/01 19:14:03 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\FileZilla
[2011/12/26 23:42:49 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\ImgBurn
[2012/01/02 23:36:34 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\KONICA MINOLTA
[2012/01/15 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Mobipocket
[2012/01/18 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\MultiPar
[2012/03/26 20:51:55 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Mumble
[2012/01/18 08:40:39 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\NewsLeecher
[2011/12/24 10:25:40 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Opera
[2012/01/28 21:52:35 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Samsung
[2012/08/07 23:53:17 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\uTorrent
[2012/07/28 10:23:11 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

DamianN7 · Aug 8, 2012

OTL Extras logfile created on: 8/8/2012 12:34:37 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Damian\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.19% Memory free
16.00 Gb Paging File | 13.74 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.64 Gb Total Space | 26.29 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 125.40 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 192.49 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive H: | 1397.25 Gb Total Space | 308.36 Gb Free Space | 22.07% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 182.69 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive J: | 1397.26 Gb Total Space | 351.09 Gb Free Space | 25.13% Space Free | Partition Type: NTFS

Computer Name: DAMIAN-PC | User Name: Damian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1210ECC6-B092-4FC9-8C66-22D92CED68D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F7FC194-B777-4C9F-9C65-6254C6A36662}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B213BBE-5FAA-4564-9B43-23C79742CC71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3294DF34-BCCE-4CE8-8680-E35FF64AF296}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{40F80C72-B469-44ED-B055-D3D8E4201C41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E4638C5-0E00-402D-9369-365465A35CE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52169F43-A542-4CB8-B905-53912FF0D618}" = lport=138 | protocol=17 | dir=in | app=system |
"{5470127D-EFB3-4305-9295-F90B34234FF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57FE32B2-1972-4BE2-9BD1-4B498763C22E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{631025AD-0A08-49A0-8A1F-ED59904812CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{872C671B-F26F-4C3B-8F44-5B472E2FB59E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{898B15DA-70DD-4AF3-A304-C502238CA186}" = lport=445 | protocol=6 | dir=in | app=system |
"{95AA0B3D-0635-43FD-938C-2AEA967540EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98812FA9-593F-44C7-9E69-850D0105C55B}" = rport=445 | protocol=6 | dir=out | app=system |
"{9CDD7A40-80C6-43EA-89E3-4BE74BC231A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{A012F9C0-1312-4ADE-B89F-AD5035E5D5E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3C55B02-DCF0-4357-94D0-4A23630E7913}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5DE99FA-3618-4315-8919-3F5EB21D7A54}" = rport=137 | protocol=17 | dir=out | app=system |
"{B677F271-9A40-451D-B389-23C2C52C993E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB3BEC6C-6907-4D9E-8228-A6D94802D880}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5190741-4BA6-44CB-956F-3AB46D8AF1D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8C2ED6E-8ED0-418C-BF8F-790C7E9D0C8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDE6C258-0CA0-4A69-A1E7-60C20FFFB1D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7EDE814-96EC-4EA6-BB11-0F3618D6ABF0}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC87FC-7F13-4258-8D37-F8BB7FA5F59E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{050659E5-C209-4C3A-8E10-A44D0D51832C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{0A2E89EF-6CF5-4647-90F8-BEA102C9C83F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{131529CE-BBB1-4CB0-8483-3C6AEFB3523F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1A503EB8-7702-46E7-A60C-E25085E70E51}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{26847ACF-9A43-4B6B-A166-CA67B8E6EB98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{28D7926B-5468-4C90-9F7F-61B6AC5687F1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{2D8EE169-293B-46AD-83C7-C5380FCE0139}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{31A057A1-3078-46DD-8624-E8625D143833}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39F20019-08D4-42DC-8EF0-E9C4DAC45868}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{3F3D99B3-D1F9-468E-9EC7-DE114C3305BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4B14EA06-A0B1-4791-AF72-1D187A6E5C0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53E0EA4E-02ED-4BCF-A784-5FD38E00BC83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B016CC0-1195-4380-941D-8DEE343831D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D9A7ED1-C1EB-4F36-9493-AB590DCAFF59}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{608F0575-60C1-4860-8062-31679BAC57BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62D867A3-FA95-4A1A-A40F-13691CB32F31}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{785A9C29-FE9E-47DE-8713-95BCC799FC83}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{7860F5D8-CD52-4A3B-8F32-F5C91E9393CA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{7DD75BAC-62A0-432E-8DAD-00170FB291D4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{7E17A5DF-5DCD-4D52-B919-B6A93BEAD41E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82D523EF-F1D2-4F7B-AAE3-25E55BCE4B30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{86F6CA5D-FF89-4742-9187-1EEC753E0341}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{8B028568-4D74-4242-80A2-6E447F9DA28A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8E426CE6-B5EA-417A-8B4A-4C8062989664}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F0C41A0-6BDB-4490-A163-62E682F82D2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9050966C-40FC-4049-95B0-71FB1C028E86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94ABBA07-8F5D-4D98-A102-D90A6A9F3CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95F1A25B-C3CC-4F61-9538-0883A90DABC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9729E2C2-114F-48CD-82F8-1425C681813B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A32DFBFF-F604-4CD5-9888-134BCF12AC06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A74F591D-79D4-4E1F-B193-19DB624D7ABF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE4090C0-7862-4F69-B568-B974CEA825BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFE3721A-14AB-46D7-9E30-3C2A4783FD04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{B12C25EF-0E48-4F68-9E68-9A1A49D40155}" = protocol=6 | dir=out | app=system |
"{B3B4F20A-BC3F-4F80-9F6C-C8A91F6EC814}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BB1D66BF-CE8B-4305-8E01-7FDC869A51A3}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{BDF2CEB8-4011-46F4-8540-E47CF6133D83}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3042003-00BC-4789-B9A3-EDEBA9493A64}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{CDACD25D-1882-4754-88F6-B874FAB06C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D6F0DC7B-DAE6-4DB6-8E16-E731F5B59523}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E2A3E832-237D-4C3E-BBB2-87B33D61B58B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F08AF15E-50E8-4227-8400-4ED4DD956CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{F9394FE0-3F0B-4424-8C7D-BD66344B0902}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F9A5DF65-959F-4D02-9B69-9C1B857BBBA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{7C28EC4D-0E9F-4DA6-87A9-B12AF62A0CB9}C:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=c:\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{7CBCD935-0B57-4304-AF48-AFE89AECA1D6}C:\program files (x86)\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dead island\deadislandgame.exe |
"TCP Query User{9BAF0526-0A73-45C3-9C42-2DA3B6C945A6}G:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe" = protocol=6 | dir=in | app=g:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe |
"TCP Query User{CE1AFEE9-C92C-4486-B0EC-6A1F8DCFE0C5}C:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe |
"UDP Query User{3E599007-1347-45A6-A788-E8B59532CACF}C:\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=c:\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{73FB8E49-969E-4C0F-A583-75695D63CD15}C:\program files (x86)\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dead island\deadislandgame.exe |
"UDP Query User{D8D4AD38-74C5-4EF7-BEC4-0C91BF6C5376}G:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe" = protocol=17 | dir=in | app=g:\ftp\appz\windows-office\microsoft.office.2010.professionalplus.vl.edition.x86.and.x64-zwtiso\zmoppv14\activator\activator.exe |
"UDP Query User{F4FAC165-693D-4D0D-BDE1-722D14A2CA19}C:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\damian\appdata\local\temp\rarsfx0\bie_kms.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23E68747-DA44-4EF1-A70E-3ECC8A5F7A6B}" = KONICA MINOLTA magicolor 1690MF Scanner
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"KONICA MINOLTA magicolor 1690MF" = KONICA MINOLTA magicolor 1690MF
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2F8669B2-F8FA-452B-8F48-C30CF6CC176F}" = LinkMagic for magicolor 1690MF
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B23535-8136-4863-965C-33A60FFA3CE7}" = EASEUS Data Recovery Wizard Professional 3.3.4
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"COMODO GeekBuddy" = COMODO GeekBuddy
"ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
"FIFA MANAGER 12" = FIFA MANAGER 12
"FileZilla Client" = FileZilla Client 3.5.3
"HaaliMkx" = Haali Media Splitter
"Hattrick Organizer" = Hattrick Organizer (remove only)
"ImgBurn" = ImgBurn
"InstallShield_{23E68747-DA44-4EF1-A70E-3ECC8A5F7A6B}" = KONICA MINOLTA magicolor 1690MF Scanner
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8321_Micro_is1" = Nero 8 Micro v8.3.2.1
"NewsLeecher_is1" = NewsLeecher v4.0 Final
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.01.1532" = Opera 12.01
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.361
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VirtualCloneDrive" = VirtualCloneDrive
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-189685806-1595172393-1958780754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2012 9:33:16 AM | Computer Name = Damian-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 9:54:01 AM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16440, time
stamp: 0x4eb31d5a Exception code: 0xc0000005 Fault offset: 0x0004ddae Faulting process
id: 0xf40 Faulting application start time: 0x01cd73d7efd1b976 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 2c7c1ded-dfce-11e1-9f94-002215770985

Error - 8/6/2012 12:31:08 PM | Computer Name = Damian-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 1:29:24 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
id: 0xd8c Faulting application start time: 0x01cd73f0c9c4903a Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: 4347346a-dfec-11e1-af47-002215770985

Error - 8/6/2012 4:01:15 PM | Computer Name = Damian-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 4:17:21 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00016527 Faulting process id: 0xa84 Faulting application
start time: 0x01cd740e230fb5d2 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: b9abf29a-e003-11e1-bd05-002215770985

Error - 8/6/2012 5:19:10 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x03e683db Faulting process id: 0xe58 Faulting application
start time: 0x01cd7410a29611be Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 5cac8ab4-e00c-11e1-bd05-002215770985

Error - 8/6/2012 6:06:06 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
id: 0xe28 Faulting application start time: 0x01cd74193faf7689 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: eb294b8a-e012-11e1-bd05-002215770985

Error - 8/6/2012 7:02:52 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
id: 0x6d8 Faulting application start time: 0x01cd741fb3bd4701 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: d96fb432-e01a-11e1-bd05-002215770985

Error - 8/6/2012 7:23:44 PM | Computer Name = Damian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000bf885 Faulting process
id: 0x12d4 Faulting application start time: 0x01cd7427a205717d Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: c36f30e5-e01d-11e1-bd05-002215770985

[ System Events ]
Error - 5/27/2012 11:00:34 PM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 5/28/2012 10:06:40 AM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 5/28/2012 10:17:22 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 5/28/2012 10:17:23 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 5/28/2012 10:17:23 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 5/28/2012 10:17:24 PM | Computer Name = Damian-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 5/30/2012 9:02:15 PM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 5/31/2012 10:16:20 AM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 5/31/2012 9:38:11 PM | Computer Name = Damian-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 6/5/2012 4:38:54 PM | Computer Name = Damian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:23:31 PM on ?6/?5/?2012 was unexpected.

< End of report >

Broni · Aug 8, 2012

I installed Comodo and svchost.exe is poping up

.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

DamianN7 · Aug 8, 2012

PART 1

17:38:38.0047 5040 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:38:38.0269 5040 ============================================================
17:38:38.0269 5040 Current date / time: 2012/08/08 17:38:38.0269
17:38:38.0269 5040 SystemInfo:
17:38:38.0269 5040
17:38:38.0269 5040 OS Version: 6.1.7601 ServicePack: 1.0
17:38:38.0269 5040 Product type: Workstation
17:38:38.0269 5040 ComputerName: DAMIAN-PC
17:38:38.0269 5040 UserName: Damian
17:38:38.0269 5040 Windows directory: C:\Windows
17:38:38.0269 5040 System windows directory: C:\Windows
17:38:38.0269 5040 Running under WOW64
17:38:38.0269 5040 Processor architecture: Intel x64
17:38:38.0269 5040 Number of processors: 4
17:38:38.0269 5040 Page size: 0x1000
17:38:38.0269 5040 Boot type: Normal boot
17:38:38.0269 5040 ============================================================
17:38:48.0237 5040 Drive \Device\Harddisk4\DR4 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:48.0274 5040 Drive \Device\Harddisk3\DR3 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x3E1ACE, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
17:38:48.0292 5040 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:57.0707 5040 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:06.0822 5040 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:15.0792 5040 Drive \Device\Harddisk5\DR5 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:15.0797 5040 ============================================================
17:39:15.0797 5040 \Device\Harddisk4\DR4:
17:39:15.0820 5040 MBR partitions:
17:39:15.0820 5040 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
17:39:15.0820 5040 \Device\Harddisk3\DR3:
17:39:15.0830 5040 MBR partitions:
17:39:15.0830 5040 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:39:15.0830 5040 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x11745800
17:39:15.0830 5040 \Device\Harddisk0\DR0:
17:39:15.0845 5040 MBR partitions:
17:39:15.0845 5040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
17:39:15.0845 5040 \Device\Harddisk1\DR1:
17:39:15.0845 5040 MBR partitions:
17:39:15.0845 5040 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
17:39:15.0845 5040 \Device\Harddisk2\DR2:
17:39:15.0845 5040 MBR partitions:
17:39:15.0845 5040 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
17:39:15.0845 5040 \Device\Harddisk5\DR5:
17:39:15.0845 5040 MBR partitions:
17:39:15.0845 5040 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841
17:39:15.0845 5040 ============================================================
17:39:15.0862 5040 C: <-> \Device\Harddisk3\DR3\Partition1
17:39:15.0887 5040 E: <-> \Device\Harddisk0\DR0\Partition0
17:39:15.0922 5040 G: <-> \Device\Harddisk2\DR2\Partition0
17:39:15.0942 5040 H: <-> \Device\Harddisk5\DR5\Partition0
17:39:15.0972 5040 I: <-> \Device\Harddisk1\DR1\Partition0
17:39:15.0997 5040 J: <-> \Device\Harddisk4\DR4\Partition0
17:39:15.0997 5040 ============================================================
17:39:15.0997 5040 Initialize success
17:39:15.0997 5040 ============================================================
17:39:32.0717 3840 ============================================================
17:39:32.0717 3840 Scan started
17:39:32.0717 3840 Mode: Manual;
17:39:32.0717 3840 ============================================================
17:39:33.0253 3840 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
17:39:33.0253 3840 1394ohci - ok
17:39:33.0275 3840 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:39:33.0288 3840 ACPI - ok
17:39:33.0300 3840 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:39:33.0300 3840 AcpiPmi - ok
17:39:33.0400 3840 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:39:33.0400 3840 AdobeFlashPlayerUpdateSvc - ok
17:39:33.0420 3840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:39:33.0428 3840 adp94xx - ok
17:39:33.0443 3840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:39:33.0448 3840 adpahci - ok
17:39:33.0455 3840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:39:33.0458 3840 adpu320 - ok
17:39:33.0470 3840 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:39:33.0473 3840 AeLookupSvc - ok
17:39:33.0503 3840 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:39:33.0520 3840 AFD - ok
17:39:33.0530 3840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:39:33.0530 3840 agp440 - ok
17:39:33.0545 3840 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:39:33.0548 3840 ALG - ok
17:39:33.0555 3840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:39:33.0558 3840 aliide - ok
17:39:33.0560 3840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:39:33.0563 3840 amdide - ok
17:39:33.0570 3840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:39:33.0570 3840 AmdK8 - ok
17:39:33.0575 3840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:39:33.0575 3840 AmdPPM - ok
17:39:33.0585 3840 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:39:33.0585 3840 amdsata - ok
17:39:33.0598 3840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:39:33.0600 3840 amdsbs - ok
17:39:33.0608 3840 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:39:33.0608 3840 amdxata - ok
17:39:33.0635 3840 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
17:39:33.0638 3840 AnyDVD - ok
17:39:33.0645 3840 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:39:33.0648 3840 AppID - ok
17:39:33.0658 3840 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:39:33.0658 3840 AppIDSvc - ok
17:39:33.0663 3840 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:39:33.0663 3840 Appinfo - ok
17:39:33.0695 3840 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:39:33.0705 3840 AppMgmt - ok
17:39:33.0713 3840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:39:33.0713 3840 arc - ok
17:39:33.0723 3840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:39:33.0723 3840 arcsas - ok
17:39:33.0738 3840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:39:33.0738 3840 AsyncMac - ok
17:39:33.0748 3840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:39:33.0748 3840 atapi - ok
17:39:33.0773 3840 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:39:33.0790 3840 AudioEndpointBuilder - ok
17:39:33.0795 3840 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:39:33.0798 3840 AudioSrv - ok
17:39:33.0813 3840 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:39:33.0815 3840 AxInstSV - ok
17:39:33.0835 3840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:39:33.0853 3840 b06bdrv - ok
17:39:33.0875 3840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:39:33.0878 3840 b57nd60a - ok
17:39:33.0893 3840 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:39:33.0895 3840 BDESVC - ok
17:39:33.0918 3840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:39:33.0918 3840 Beep - ok
17:39:33.0953 3840 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:39:33.0968 3840 BFE - ok
17:39:34.0000 3840 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:39:34.0020 3840 BITS - ok
17:39:34.0043 3840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:39:34.0045 3840 blbdrive - ok
17:39:34.0050 3840 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:39:34.0050 3840 bowser - ok
17:39:34.0050 3840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:39:34.0050 3840 BrFiltLo - ok
17:39:34.0060 3840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:39:34.0063 3840 BrFiltUp - ok
17:39:34.0065 3840 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:39:34.0075 3840 BridgeMP - ok
17:39:34.0080 3840 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:39:34.0090 3840 Browser - ok
17:39:34.0100 3840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:39:34.0103 3840 Brserid - ok
17:39:34.0105 3840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:39:34.0108 3840 BrSerWdm - ok
17:39:34.0110 3840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:39:34.0113 3840 BrUsbMdm - ok
17:39:34.0115 3840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:39:34.0115 3840 BrUsbSer - ok
17:39:34.0120 3840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:39:34.0123 3840 BTHMODEM - ok
17:39:34.0130 3840 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:39:34.0130 3840 bthserv - ok
17:39:34.0145 3840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:39:34.0148 3840 cdfs - ok
17:39:34.0160 3840 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:39:34.0163 3840 cdrom - ok
17:39:34.0173 3840 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:39:34.0175 3840 CertPropSvc - ok
17:39:34.0180 3840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:39:34.0180 3840 circlass - ok
17:39:34.0208 3840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:39:34.0220 3840 CLFS - ok
17:39:34.0318 3840 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
17:39:34.0323 3840 CLPSLS - ok
17:39:34.0415 3840 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:34.0418 3840 clr_optimization_v2.0.50727_32 - ok
17:39:34.0430 3840 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:39:34.0440 3840 clr_optimization_v2.0.50727_64 - ok
17:39:34.0493 3840 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:39:34.0495 3840 clr_optimization_v4.0.30319_32 - ok
17:39:34.0523 3840 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:39:34.0523 3840 clr_optimization_v4.0.30319_64 - ok
17:39:34.0565 3840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:39:34.0565 3840 CmBatt - ok
17:39:34.0665 3840 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
17:39:34.0678 3840 cmdAgent - ok
17:39:34.0728 3840 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
17:39:34.0728 3840 cmderd - ok
17:39:34.0740 3840 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
17:39:34.0750 3840 cmdGuard - ok
17:39:34.0755 3840 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
17:39:34.0755 3840 cmdHlp - ok
17:39:34.0758 3840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:39:34.0760 3840 cmdide - ok
17:39:34.0775 3840 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:39:34.0790 3840 CNG - ok
17:39:34.0805 3840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:39:34.0805 3840 Compbatt - ok
17:39:34.0815 3840 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:39:34.0815 3840 CompositeBus - ok
17:39:34.0833 3840 COMSysApp - ok
17:39:34.0865 3840 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
17:39:34.0865 3840 cpuz135 - ok
17:39:34.0878 3840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:39:34.0878 3840 crcdisk - ok
17:39:34.0903 3840 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:39:34.0905 3840 CryptSvc - ok
17:39:34.0925 3840 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:39:34.0933 3840 CSC - ok
17:39:34.0958 3840 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:39:34.0980 3840 CscService - ok
17:39:35.0008 3840 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:39:35.0018 3840 DcomLaunch - ok
17:39:35.0053 3840 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:39:35.0058 3840 defragsvc - ok
17:39:35.0083 3840 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:39:35.0083 3840 DfsC - ok
17:39:35.0115 3840 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:39:35.0125 3840 Dhcp - ok
17:39:35.0133 3840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:39:35.0133 3840 discache - ok
17:39:35.0155 3840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:39:35.0155 3840 Disk - ok
17:39:35.0160 3840 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
17:39:35.0160 3840 dmvsc - ok
17:39:35.0175 3840 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:39:35.0178 3840 Dnscache - ok
17:39:35.0193 3840 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:39:35.0208 3840 dot3svc - ok
17:39:35.0223 3840 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:39:35.0225 3840 DPS - ok
17:39:35.0238 3840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:39:35.0238 3840 drmkaud - ok
17:39:35.0270 3840 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:39:35.0275 3840 DXGKrnl - ok
17:39:35.0285 3840 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:39:35.0285 3840 E1G60 - ok
17:39:35.0313 3840 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:39:35.0315 3840 EapHost - ok
17:39:35.0413 3840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:39:35.0455 3840 ebdrv - ok
17:39:35.0525 3840 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
17:39:35.0528 3840 EFS - ok
17:39:35.0573 3840 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:39:35.0575 3840 ehRecvr - ok
17:39:35.0583 3840 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:39:35.0583 3840 ehSched - ok
17:39:35.0625 3840 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:39:35.0625 3840 ElbyCDIO - ok
17:39:35.0653 3840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:39:35.0673 3840 elxstor - ok
17:39:35.0675 3840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:39:35.0675 3840 ErrDev - ok
17:39:35.0700 3840 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:39:35.0703 3840 EventSystem - ok
17:39:35.0718 3840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:39:35.0728 3840 exfat - ok
17:39:35.0733 3840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:39:35.0733 3840 fastfat - ok
17:39:35.0775 3840 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:39:35.0783 3840 Fax - ok
17:39:35.0795 3840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:39:35.0795 3840 fdc - ok
17:39:35.0805 3840 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:39:35.0805 3840 fdPHost - ok
17:39:35.0808 3840 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:39:35.0808 3840 FDResPub - ok
17:39:35.0825 3840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:39:35.0828 3840 FileInfo - ok
17:39:35.0835 3840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:39:35.0835 3840 Filetrace - ok
17:39:35.0845 3840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:39:35.0848 3840 flpydisk - ok
17:39:35.0873 3840 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:39:35.0875 3840 FltMgr - ok
17:39:35.0908 3840 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:39:35.0933 3840 FontCache - ok
17:39:35.0968 3840 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:39:36.0020 3840 FontCache3.0.0.0 - ok
17:39:36.0045 3840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:39:36.0048 3840 FsDepends - ok
17:39:36.0053 3840 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:39:36.0053 3840 Fs_Rec - ok
17:39:36.0065 3840 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:39:36.0075 3840 fvevol - ok
17:39:36.0098 3840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:39:36.0100 3840 gagp30kx - ok
17:39:36.0133 3840 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:39:36.0155 3840 gpsvc - ok
17:39:36.0163 3840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:39:36.0165 3840 hcw85cir - ok
17:39:36.0188 3840 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:39:36.0195 3840 HdAudAddService - ok
17:39:36.0208 3840 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:39:36.0208 3840 HDAudBus - ok
17:39:36.0218 3840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:39:36.0220 3840 HidBatt - ok
17:39:36.0225 3840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:39:36.0225 3840 HidBth - ok
17:39:36.0230 3840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:39:36.0233 3840 HidIr - ok
17:39:36.0245 3840 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:39:36.0245 3840 hidserv - ok
17:39:36.0260 3840 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:39:36.0263 3840 HidUsb - ok
17:39:36.0275 3840 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:39:36.0275 3840 hkmsvc - ok
17:39:36.0283 3840 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:39:36.0293 3840 HomeGroupListener - ok
17:39:36.0318 3840 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:39:36.0328 3840 HomeGroupProvider - ok
17:39:36.0368 3840 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:39:36.0370 3840 HpSAMD - ok
17:39:36.0398 3840 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:39:36.0420 3840 HTTP - ok
17:39:36.0433 3840 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:39:36.0433 3840 hwpolicy - ok
17:39:36.0455 3840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:39:36.0455 3840 i8042prt - ok
17:39:36.0500 3840 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:39:36.0520 3840 iaStorV - ok
17:39:36.0588 3840 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:39:36.0605 3840 idsvc - ok
17:39:36.0623 3840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:39:36.0625 3840 iirsp - ok
17:39:36.0663 3840 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:39:36.0688 3840 IKEEXT - ok
17:39:36.0720 3840 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
17:39:36.0720 3840 inspect - ok
17:39:36.0728 3840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:39:36.0728 3840 intelide - ok
17:39:36.0745 3840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:39:36.0745 3840 intelppm - ok
17:39:36.0753 3840 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:39:36.0755 3840 IPBusEnum - ok
17:39:36.0760 3840 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:39:36.0763 3840 IpFilterDriver - ok
17:39:36.0780 3840 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:39:36.0785 3840 iphlpsvc - ok
17:39:36.0800 3840 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:39:36.0803 3840 IPMIDRV - ok
17:39:36.0808 3840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:39:36.0810 3840 IPNAT - ok
17:39:36.0818 3840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:39:36.0820 3840 IRENUM - ok
17:39:36.0823 3840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:39:36.0823 3840 isapnp - ok
17:39:36.0838 3840 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:39:36.0853 3840 iScsiPrt - ok
17:39:36.0858 3840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:39:36.0858 3840 kbdclass - ok
17:39:36.0863 3840 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:39:36.0863 3840 kbdhid - ok
17:39:36.0883 3840 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:39:36.0883 3840 KeyIso - ok
17:39:36.0888 3840 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:39:36.0888 3840 KSecDD - ok
17:39:36.0903 3840 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:39:36.0905 3840 KSecPkg - ok
17:39:36.0908 3840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:39:36.0910 3840 ksthunk - ok
17:39:36.0930 3840 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:39:36.0938 3840 KtmRm - ok
17:39:36.0963 3840 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:39:36.0978 3840 LanmanServer - ok
17:39:36.0995 3840 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:39:36.0995 3840 LanmanWorkstation - ok
17:39:37.0028 3840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:39:37.0028 3840 lltdio - ok
17:39:37.0038 3840 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:39:37.0063 3840 lltdsvc - ok
17:39:37.0078 3840 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:39:37.0078 3840 lmhosts - ok
17:39:37.0103 3840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:39:37.0105 3840 LSI_FC - ok
17:39:37.0110 3840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:39:37.0113 3840 LSI_SAS - ok
17:39:37.0113 3840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:39:37.0113 3840 LSI_SAS2 - ok
17:39:37.0123 3840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:39:37.0125 3840 LSI_SCSI - ok
17:39:37.0140 3840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:39:37.0140 3840 luafv - ok
17:39:37.0208 3840 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
17:39:37.0210 3840 MBAMProtector - ok
17:39:37.0263 3840 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:39:37.0268 3840 MBAMService - ok
17:39:37.0285 3840 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:39:37.0288 3840 Mcx2Svc - ok
17:39:37.0295 3840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:39:37.0295 3840 megasas - ok
17:39:37.0305 3840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:39:37.0308 3840 MegaSR - ok
17:39:37.0378 3840 Microsoft SharePoint Workspace Audit Service - ok
17:39:37.0398 3840 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:39:37.0400 3840 MMCSS - ok
17:39:37.0408 3840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:39:37.0408 3840 Modem - ok
17:39:37.0428 3840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:39:37.0428 3840 monitor - ok
17:39:37.0443 3840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:39:37.0443 3840 mouclass - ok
17:39:37.0448 3840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:39:37.0448 3840 mouhid - ok
17:39:37.0458 3840 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:39:37.0460 3840 mountmgr - ok
17:39:37.0495 3840 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:39:37.0498 3840 MozillaMaintenance - ok
17:39:37.0510 3840 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:39:37.0513 3840 mpio - ok
17:39:37.0525 3840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:39:37.0528 3840 mpsdrv - ok
17:39:37.0553 3840 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:39:37.0573 3840 MpsSvc - ok
17:39:37.0578 3840 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:39:37.0580 3840 MRxDAV - ok
17:39:37.0588 3840 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:37.0588 3840 mrxsmb - ok
17:39:37.0610 3840 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:37.0618 3840 mrxsmb10 - ok
17:39:37.0628 3840 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:37.0630 3840 mrxsmb20 - ok
17:39:37.0638 3840 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:39:37.0638 3840 msahci - ok
17:39:37.0645 3840 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:39:37.0648 3840 msdsm - ok
17:39:37.0668 3840 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:39:37.0670 3840 MSDTC - ok
17:39:37.0730 3840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:39:37.0730 3840 Msfs - ok
17:39:37.0755 3840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:39:37.0765 3840 mshidkmdf - ok
17:39:37.0773 3840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:39:37.0775 3840 msisadrv - ok
17:39:37.0793 3840 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:39:37.0795 3840 MSiSCSI - ok
17:39:37.0798 3840 msiserver - ok
17:39:37.0818 3840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:39:37.0818 3840 MSKSSRV - ok
17:39:37.0818 3840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:37.0818 3840 MSPCLOCK - ok
17:39:37.0828 3840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:39:37.0830 3840 MSPQM - ok
17:39:37.0848 3840 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:39:37.0855 3840 MsRPC - ok
17:39:37.0868 3840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:39:37.0868 3840 mssmbios - ok
17:39:37.0870 3840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:39:37.0870 3840 MSTEE - ok
17:39:37.0875 3840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:39:37.0875 3840 MTConfig - ok
17:39:37.0903 3840 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
17:39:37.0903 3840 MTsensor - ok
17:39:37.0913 3840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:39:37.0915 3840 Mup - ok
17:39:37.0935 3840 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:39:37.0955 3840 napagent - ok
17:39:37.0980 3840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:39:37.0985 3840 NativeWifiP - ok
17:39:38.0033 3840 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:39:38.0050 3840 NDIS - ok
17:39:38.0068 3840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:38.0070 3840 NdisCap - ok
17:39:38.0080 3840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:38.0080 3840 NdisTapi - ok
17:39:38.0080 3840 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:38.0090 3840 Ndisuio - ok
17:39:38.0103 3840 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:38.0120 3840 NdisWan - ok
17:39:38.0125 3840 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:39:38.0128 3840 NDProxy - ok
17:39:38.0150 3840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:39:38.0150 3840 NetBIOS - ok
17:39:38.0168 3840 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:39:38.0183 3840 NetBT - ok
17:39:38.0195 3840 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:39:38.0198 3840 Netlogon - ok
17:39:38.0230 3840 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:39:38.0235 3840 Netman - ok
17:39:38.0253 3840 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:39:38.0265 3840 netprofm - ok
17:39:38.0320 3840 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:39:38.0378 3840 NetTcpPortSharing - ok
17:39:38.0393 3840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:39:38.0395 3840 nfrd960 - ok
17:39:38.0415 3840 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:39:38.0418 3840 NlaSvc - ok
17:39:38.0430 3840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:39:38.0430 3840 Npfs - ok
17:39:38.0445 3840 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:39:38.0448 3840 nsi - ok
17:39:38.0458 3840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:39:38.0458 3840 nsiproxy - ok
17:39:38.0510 3840 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:39:38.0533 3840 Ntfs - ok
17:39:38.0590 3840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:39:38.0590 3840 Null - ok
17:39:38.0630 3840 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
17:39:38.0633 3840 NVHDA - ok
17:39:38.0973 3840 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:39:39.0028 3840 nvlddmkm - ok
17:39:39.0073 3840 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:39:39.0090 3840 nvraid - ok
17:39:39.0100 3840 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:39:39.0103 3840 nvstor - ok
17:39:39.0170 3840 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:39:39.0178 3840 nvsvc - ok
17:39:39.0255 3840 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:39:39.0338 3840 nvUpdatusService - ok
17:39:39.0358 3840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:39:39.0360 3840 nv_agp - ok
17:39:39.0365 3840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:39:39.0365 3840 ohci1394 - ok
17:39:39.0408 3840 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

DamianN7 · Aug 8, 2012

PART 2

17:39:39.0408 3840 ose64 - ok
17:39:39.0558 3840 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:39:39.0570 3840 osppsvc - ok
17:39:39.0628 3840 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:39:39.0633 3840 p2pimsvc - ok
17:39:39.0658 3840 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:39:39.0675 3840 p2psvc - ok
17:39:39.0700 3840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:39:39.0700 3840 Parport - ok
17:39:39.0700 3840 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:39:39.0710 3840 partmgr - ok
17:39:39.0720 3840 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:39:39.0730 3840 PcaSvc - ok
17:39:39.0735 3840 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:39:39.0735 3840 pci - ok
17:39:39.0750 3840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:39:39.0750 3840 pciide - ok
17:39:39.0763 3840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:39:39.0765 3840 pcmcia - ok
17:39:39.0773 3840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:39:39.0773 3840 pcw - ok
17:39:39.0800 3840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:39:39.0818 3840 PEAUTH - ok
17:39:39.0863 3840 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:39:39.0875 3840 PeerDistSvc - ok
17:39:39.0920 3840 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:39:39.0970 3840 PerfHost - ok
17:39:40.0048 3840 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:39:40.0075 3840 pla - ok
17:39:40.0110 3840 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:39:40.0130 3840 PlugPlay - ok
17:39:40.0143 3840 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:39:40.0145 3840 PNRPAutoReg - ok
17:39:40.0155 3840 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:39:40.0165 3840 PNRPsvc - ok
17:39:40.0190 3840 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:39:40.0210 3840 PolicyAgent - ok
17:39:40.0220 3840 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:39:40.0223 3840 Power - ok
17:39:40.0250 3840 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:39:40.0253 3840 PptpMiniport - ok
17:39:40.0268 3840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:39:40.0268 3840 Processor - ok
17:39:40.0280 3840 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:39:40.0298 3840 ProfSvc - ok
17:39:40.0313 3840 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:39:40.0315 3840 ProtectedStorage - ok
17:39:40.0355 3840 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:39:40.0365 3840 Psched - ok
17:39:40.0415 3840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:39:40.0445 3840 ql2300 - ok
17:39:40.0493 3840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:39:40.0495 3840 ql40xx - ok
17:39:40.0508 3840 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:39:40.0513 3840 QWAVE - ok
17:39:40.0518 3840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:39:40.0520 3840 QWAVEdrv - ok
17:39:40.0523 3840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:39:40.0523 3840 RasAcd - ok
17:39:40.0533 3840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:40.0543 3840 RasAgileVpn - ok
17:39:40.0555 3840 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:39:40.0555 3840 RasAuto - ok
17:39:40.0565 3840 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:40.0565 3840 Rasl2tp - ok
17:39:40.0580 3840 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:39:40.0590 3840 RasMan - ok
17:39:40.0603 3840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:40.0605 3840 RasPppoe - ok
17:39:40.0623 3840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:39:40.0625 3840 RasSstp - ok
17:39:40.0648 3840 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:39:40.0655 3840 rdbss - ok
17:39:40.0658 3840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:40.0660 3840 rdpbus - ok
17:39:40.0670 3840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:40.0670 3840 RDPCDD - ok
17:39:40.0678 3840 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:39:40.0680 3840 RDPDR - ok
17:39:40.0685 3840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:39:40.0685 3840 RDPENCDD - ok
17:39:40.0695 3840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:39:40.0695 3840 RDPREFMP - ok
17:39:40.0695 3840 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:39:40.0705 3840 RdpVideoMiniport - ok
17:39:40.0713 3840 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:39:40.0715 3840 RDPWD - ok
17:39:40.0730 3840 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:39:40.0730 3840 rdyboost - ok
17:39:40.0750 3840 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:39:40.0753 3840 RemoteAccess - ok
17:39:40.0765 3840 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:39:40.0775 3840 RemoteRegistry - ok
17:39:40.0795 3840 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:39:40.0798 3840 RpcEptMapper - ok
17:39:40.0808 3840 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:39:40.0810 3840 RpcLocator - ok
17:39:40.0825 3840 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:39:40.0830 3840 RpcSs - ok
17:39:40.0835 3840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:39:40.0835 3840 rspndr - ok
17:39:40.0853 3840 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:39:40.0853 3840 s3cap - ok
17:39:40.0860 3840 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:39:40.0860 3840 SamSs - ok
17:39:40.0920 3840 SamsungAllShareV2.0 (328100af2efd951eab657384ec361b6f) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
17:39:40.0968 3840 SamsungAllShareV2.0 - ok
17:39:40.0980 3840 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:39:40.0983 3840 sbp2port - ok
17:39:41.0005 3840 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:39:41.0008 3840 SCardSvr - ok
17:39:41.0018 3840 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:39:41.0018 3840 scfilter - ok
17:39:41.0045 3840 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:39:41.0070 3840 Schedule - ok
17:39:41.0085 3840 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:39:41.0085 3840 SCPolicySvc - ok
17:39:41.0103 3840 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:39:41.0105 3840 SDRSVC - ok
17:39:41.0140 3840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:39:41.0140 3840 secdrv - ok
17:39:41.0150 3840 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:39:41.0153 3840 seclogon - ok
17:39:41.0158 3840 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:39:41.0160 3840 SENS - ok
17:39:41.0168 3840 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:39:41.0170 3840 SensrSvc - ok
17:39:41.0183 3840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:39:41.0183 3840 Serenum - ok
17:39:41.0195 3840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:39:41.0198 3840 Serial - ok
17:39:41.0200 3840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:39:41.0203 3840 sermouse - ok
17:39:41.0215 3840 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:39:41.0218 3840 SessionEnv - ok
17:39:41.0220 3840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:39:41.0223 3840 sffdisk - ok
17:39:41.0225 3840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:39:41.0228 3840 sffp_mmc - ok
17:39:41.0230 3840 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:39:41.0230 3840 sffp_sd - ok
17:39:41.0230 3840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:39:41.0230 3840 sfloppy - ok
17:39:41.0260 3840 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:39:41.0275 3840 SharedAccess - ok
17:39:41.0295 3840 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:39:41.0310 3840 ShellHWDetection - ok
17:39:41.0395 3840 SimpleSlideShowServer (1980fe1f5a32067dad1d8776b63c2669) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
17:39:41.0440 3840 SimpleSlideShowServer - ok
17:39:41.0448 3840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:39:41.0450 3840 SiSRaid2 - ok
17:39:41.0455 3840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:39:41.0455 3840 SiSRaid4 - ok
17:39:41.0483 3840 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:39:41.0483 3840 SkypeUpdate - ok
17:39:41.0500 3840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:39:41.0503 3840 Smb - ok
17:39:41.0505 3840 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:39:41.0515 3840 SNMPTRAP - ok
17:39:41.0520 3840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:39:41.0523 3840 spldr - ok
17:39:41.0543 3840 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:39:41.0548 3840 Spooler - ok
17:39:41.0645 3840 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:39:41.0660 3840 sppsvc - ok
17:39:41.0703 3840 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:39:41.0705 3840 sppuinotify - ok
17:39:41.0730 3840 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:39:41.0733 3840 srv - ok
17:39:41.0753 3840 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:39:41.0770 3840 srv2 - ok
17:39:41.0780 3840 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:39:41.0780 3840 srvnet - ok
17:39:41.0810 3840 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:39:41.0820 3840 SSDPSRV - ok
17:39:41.0830 3840 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:39:41.0833 3840 SstpSvc - ok
17:39:41.0878 3840 Steam Client Service - ok
17:39:41.0925 3840 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:39:42.0000 3840 Stereo Service - ok
17:39:42.0005 3840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:39:42.0008 3840 stexstor - ok
17:39:42.0033 3840 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:39:42.0033 3840 StillCam - ok
17:39:42.0068 3840 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:39:42.0075 3840 stisvc - ok
17:39:42.0090 3840 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:39:42.0090 3840 storflt - ok
17:39:42.0090 3840 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:39:42.0100 3840 StorSvc - ok
17:39:42.0113 3840 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:39:42.0113 3840 storvsc - ok
17:39:42.0115 3840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:39:42.0115 3840 swenum - ok
17:39:42.0180 3840 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:39:42.0185 3840 SwitchBoard - ok
17:39:42.0205 3840 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:39:42.0225 3840 swprv - ok
17:39:42.0230 3840 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
17:39:42.0230 3840 Synth3dVsc - ok
17:39:42.0290 3840 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:39:42.0325 3840 SysMain - ok
17:39:42.0400 3840 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:39:42.0403 3840 TabletInputService - ok
17:39:42.0423 3840 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:39:42.0425 3840 TapiSrv - ok
17:39:42.0438 3840 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:39:42.0440 3840 TBS - ok
17:39:42.0490 3840 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:39:42.0505 3840 Tcpip - ok
17:39:42.0585 3840 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:39:42.0593 3840 TCPIP6 - ok
17:39:42.0628 3840 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:39:42.0628 3840 tcpipreg - ok
17:39:42.0638 3840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:39:42.0638 3840 TDPIPE - ok
17:39:42.0640 3840 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:39:42.0643 3840 TDTCP - ok
17:39:42.0648 3840 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:39:42.0658 3840 tdx - ok
17:39:42.0658 3840 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:39:42.0658 3840 TermDD - ok
17:39:42.0673 3840 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
17:39:42.0673 3840 terminpt - ok
17:39:42.0723 3840 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:39:42.0743 3840 TermService - ok
17:39:42.0753 3840 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:39:42.0755 3840 Themes - ok
17:39:42.0773 3840 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:39:42.0773 3840 THREADORDER - ok
17:39:42.0775 3840 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:39:42.0788 3840 TrkWks - ok
17:39:42.0818 3840 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:39:42.0820 3840 TrustedInstaller - ok
17:39:42.0833 3840 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:42.0833 3840 tssecsrv - ok
17:39:42.0843 3840 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:39:42.0845 3840 TsUsbFlt - ok
17:39:42.0850 3840 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:39:42.0850 3840 TsUsbGD - ok
17:39:42.0863 3840 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
17:39:42.0865 3840 tsusbhub - ok
17:39:42.0880 3840 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:39:42.0883 3840 tunnel - ok
17:39:42.0890 3840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:39:42.0913 3840 uagp35 - ok
17:39:42.0925 3840 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:39:42.0945 3840 udfs - ok
17:39:42.0953 3840 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:39:42.0963 3840 UI0Detect - ok
17:39:42.0970 3840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:39:42.0973 3840 uliagpkx - ok
17:39:42.0975 3840 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:39:42.0975 3840 umbus - ok
17:39:42.0985 3840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:39:42.0988 3840 UmPass - ok
17:39:43.0000 3840 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:39:43.0013 3840 UmRdpService - ok
17:39:43.0040 3840 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:39:43.0053 3840 upnphost - ok
17:39:43.0078 3840 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:39:43.0080 3840 usbaudio - ok
17:39:43.0088 3840 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:43.0090 3840 usbccgp - ok
17:39:43.0100 3840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:39:43.0100 3840 usbcir - ok
17:39:43.0100 3840 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:39:43.0110 3840 usbehci - ok
17:39:43.0125 3840 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:39:43.0140 3840 usbhub - ok
17:39:43.0150 3840 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:39:43.0150 3840 usbohci - ok
17:39:43.0165 3840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:39:43.0165 3840 usbprint - ok
17:39:43.0185 3840 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:39:43.0188 3840 usbscan - ok
17:39:43.0190 3840 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:43.0193 3840 USBSTOR - ok
17:39:43.0200 3840 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:39:43.0200 3840 usbuhci - ok
17:39:43.0235 3840 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:39:43.0238 3840 usbvideo - ok
17:39:43.0250 3840 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:39:43.0253 3840 UxSms - ok
17:39:43.0265 3840 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
17:39:43.0268 3840 VaultSvc - ok
17:39:43.0293 3840 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
17:39:43.0295 3840 VClone - ok
17:39:43.0300 3840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:39:43.0300 3840 vdrvroot - ok
17:39:43.0325 3840 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:39:43.0325 3840 vds - ok
17:39:43.0363 3840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:43.0365 3840 vga - ok
17:39:43.0368 3840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:39:43.0370 3840 VgaSave - ok
17:39:43.0373 3840 VGPU - ok
17:39:43.0388 3840 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:39:43.0390 3840 vhdmp - ok
17:39:43.0395 3840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:39:43.0395 3840 viaide - ok
17:39:43.0410 3840 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:39:43.0410 3840 vmbus - ok
17:39:43.0410 3840 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:39:43.0410 3840 VMBusHID - ok
17:39:43.0425 3840 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:39:43.0425 3840 volmgr - ok
17:39:43.0445 3840 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:39:43.0450 3840 volmgrx - ok
17:39:43.0465 3840 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:39:43.0473 3840 volsnap - ok
17:39:43.0485 3840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:39:43.0488 3840 vsmraid - ok
17:39:43.0540 3840 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:39:43.0550 3840 VSS - ok
17:39:43.0608 3840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:39:43.0608 3840 vwifibus - ok
17:39:43.0625 3840 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:39:43.0645 3840 W32Time - ok
17:39:43.0668 3840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:39:43.0668 3840 WacomPen - ok
17:39:43.0678 3840 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:43.0678 3840 WANARP - ok
17:39:43.0678 3840 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:43.0678 3840 Wanarpv6 - ok
17:39:43.0728 3840 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:39:43.0755 3840 wbengine - ok
17:39:43.0795 3840 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:39:43.0800 3840 WbioSrvc - ok
17:39:43.0820 3840 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:39:43.0828 3840 wcncsvc - ok
17:39:43.0848 3840 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:39:43.0850 3840 WcsPlugInService - ok
17:39:43.0853 3840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:39:43.0853 3840 Wd - ok
17:39:43.0878 3840 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:39:43.0878 3840 WDC_SAM - ok
17:39:43.0903 3840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:39:43.0920 3840 Wdf01000 - ok
17:39:43.0925 3840 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:39:43.0935 3840 WdiServiceHost - ok
17:39:43.0935 3840 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:39:43.0935 3840 WdiSystemHost - ok
17:39:43.0955 3840 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:39:43.0970 3840 WebClient - ok
17:39:43.0978 3840 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:39:44.0000 3840 Wecsvc - ok
17:39:44.0003 3840 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:39:44.0013 3840 wercplsupport - ok
17:39:44.0023 3840 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:39:44.0025 3840 WerSvc - ok
17:39:44.0060 3840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:44.0060 3840 WfpLwf - ok
17:39:44.0063 3840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:39:44.0065 3840 WIMMount - ok
17:39:44.0078 3840 WinDefend - ok
17:39:44.0078 3840 WinHttpAutoProxySvc - ok
17:39:44.0125 3840 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:39:44.0143 3840 Winmgmt - ok
17:39:44.0205 3840 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:39:44.0238 3840 WinRM - ok
17:39:44.0315 3840 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:39:44.0340 3840 Wlansvc - ok
17:39:44.0355 3840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:39:44.0355 3840 WmiAcpi - ok
17:39:44.0378 3840 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:39:44.0380 3840 wmiApSrv - ok
17:39:44.0395 3840 WMPNetworkSvc - ok
17:39:44.0408 3840 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:39:44.0410 3840 WPCSvc - ok
17:39:44.0420 3840 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:39:44.0420 3840 WPDBusEnum - ok
17:39:44.0430 3840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:39:44.0433 3840 ws2ifsl - ok
17:39:44.0445 3840 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:39:44.0448 3840 wscsvc - ok
17:39:44.0453 3840 WSearch - ok
17:39:44.0518 3840 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:39:44.0558 3840 wuauserv - ok
17:39:44.0613 3840 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:39:44.0615 3840 WudfPf - ok
17:39:44.0640 3840 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:44.0650 3840 WUDFRd - ok
17:39:44.0670 3840 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:39:44.0670 3840 wudfsvc - ok
17:39:44.0695 3840 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:39:44.0710 3840 WwanSvc - ok
17:39:44.0745 3840 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:39:44.0748 3840 yukonw7 - ok
17:39:44.0753 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
17:39:44.0758 3840 \Device\Harddisk4\DR4 - ok
17:39:44.0763 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
17:39:44.0845 3840 \Device\Harddisk3\DR3 - ok
17:39:44.0873 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:39:44.0873 3840 \Device\Harddisk0\DR0 - ok
17:39:44.0885 3840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
17:39:44.0888 3840 \Device\Harddisk1\DR1 - ok
17:39:44.0890 3840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
17:39:45.0243 3840 \Device\Harddisk2\DR2 - ok
17:39:45.0245 3840 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR5
17:39:45.0248 3840 \Device\Harddisk5\DR5 - ok
17:39:45.0250 3840 Boot (0x1200) (ce4d7a9d459989351b319ade2aa7e951) \Device\Harddisk4\DR4\Partition0
17:39:45.0253 3840 \Device\Harddisk4\DR4\Partition0 - ok
17:39:45.0255 3840 Boot (0x1200) (eb7608f5c794fbd97cf8a46c7af94391) \Device\Harddisk3\DR3\Partition0
17:39:45.0255 3840 \Device\Harddisk3\DR3\Partition0 - ok
17:39:45.0260 3840 Boot (0x1200) (f0f6e0ab5ffbd013ca6d3a7a8c8009f0) \Device\Harddisk3\DR3\Partition1
17:39:45.0260 3840 \Device\Harddisk3\DR3\Partition1 - ok
17:39:45.0263 3840 Boot (0x1200) (c75732b20530fd41b3b6f66d47b062d1) \Device\Harddisk0\DR0\Partition0
17:39:45.0265 3840 \Device\Harddisk0\DR0\Partition0 - ok
17:39:45.0275 3840 Boot (0x1200) (8987d4507f1cf9c2700e85fb63d6fa1c) \Device\Harddisk1\DR1\Partition0
17:39:45.0275 3840 \Device\Harddisk1\DR1\Partition0 - ok
17:39:45.0278 3840 Boot (0x1200) (899e98a57e606f25ccc457c2589e1f0f) \Device\Harddisk2\DR2\Partition0
17:39:45.0280 3840 \Device\Harddisk2\DR2\Partition0 - ok
17:39:45.0283 3840 Boot (0x1200) (7c49fbd01a6dbb20331263b5eb3e6521) \Device\Harddisk5\DR5\Partition0
17:39:45.0283 3840 \Device\Harddisk5\DR5\Partition0 - ok
17:39:45.0285 3840 ============================================================
17:39:45.0285 3840 Scan finished
17:39:45.0285 3840 ============================================================
17:39:45.0293 4744 Detected object count: 0
17:39:45.0293 4744 Actual detected object count: 0

Computer feels very good. Just that one popup is making me worry, but is'nt svchost also part of windows files?

Broni · Aug 8, 2012

It depends on its location.
Can you post exact wording of that warning?

===============================

OTL logs are clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

DamianN7 · Aug 8, 2012

1.
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java(TM) 6 Update 30
Java(TM) 7 Update 4
Java version out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

2.
Farbar Service Scanner Version: 06-08-2012
Ran by Damian (administrator) on 08-08-2012 at 21:14:01
Running from "C:\Users\Damian\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

3.
Cleaned 600mb

4.
It's taking forever. I'll post the log tomorrow. It finished scanning my C: windows installation HD and found 1 threat. "JS/Redirector.NIQ trojan" I will post the log tomorrow when it is done scanning. Hopefully in the morning

As for Comodos pop-up here is the screen shot:

Thank you.

Broni · Aug 8, 2012

It looks safe to allow it.

DamianN7 · Aug 9, 2012

4.
C:\Users\Damian\AppData\Local\{AFB68FFD-867C-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
G:\FTP\Appz\DVD.Apps.Pack-Torrentleech\DVD.Audio.Extractor.v4.5.5.Incl.KeyGen-F4CG\f4cg.rar probably a variant of Win32/Agent.JCMPKEV trojan deleted - quarantined
G:\FTP\Appz\DVDCopy\DVDFab Platinum 4.0.5.5 -FULL Personalized\DVDFab.Platinum.4.0.5.5.exe probably a variant of Win32/TrojanDownloader.Agent.FSSJMAE trojan cleaned by deleting - quarantined
G:\FTP\Appz\DVDCopy\DVDPack 2007-07-20 -DNM\1Click DVD Copy Pro v3.0.0.0\ICU Patch\All.LG.Software.Innovations.Generic.Patch-ICU.exe probably a variant of Win32/Autorun.CPLKURV worm cleaned by deleting - quarantined
G:\FTP\Appz\DVDCopy\DVDPack 2007-07-20 -DNM\DVDFab Platinum v3.1.5.0\DVDFabPlatinum3150.exe probably a variant of Win32/IRCBot.FMZTXBZ trojan cleaned by deleting - quarantined
G:\FTP\Appz\DVDCopy\DVDPack 2007-07-20 -DNM\DVDInfoPro v4.635\keygen.rar probably a variant of Win32/Agent.NWQDGXY trojan deleted - quarantined
G:\FTP\Appz\ForGames\CureROM_2033_Setup.rar probably a variant of Win32/Agent.LTYFKIZ trojan deleted - quarantined
G:\FTP\Appz\ForGames\SecuROM_Loader_v7.26.rar probably a variant of Win32/Agent.TBQIGY trojan deleted - quarantined
G:\FTP\Appz\Internet\Uniblue Performans Programs\SpyEraser V2\spyeraser.exe a variant of Win32/UbSpyEraser application cleaned by deleting - quarantined

I guess it found a lot of my applications, but they are not dangerous right?

Thank you for the answer with comodo.

Any other steps?

Broni · Aug 9, 2012

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

=====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

DamianN7 · Aug 9, 2012

OTL Log:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Damian
->Temp folder emptied: 100761 bytes
->Temporary Internet Files folder emptied: 568610 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 119888133 bytes
->Opera cache emptied: 22137958 bytes
->Flash cache emptied: 1753 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1262140494 bytes

Total Files Cleaned = 1,340.00 mb

[EMPTYFLASH]

User: All Users

User: Damian
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Damian
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_180213

Files\Folders moved on Reboot...
C:\Users\Damian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Damian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Is it all good? Computer feels really fast. It's reborn.

Broni · Aug 9, 2012

Way to go!!
Good luck and stay safe

DamianN7 · Aug 9, 2012

Thank you so much man. Sending a small thank you to your paypal as yinyangsuperfoods.

something strange happen with windows update. after installing 51 updates (I was behind) my windows could not start. it was stuck on the windows logo screen. I had to restore. Ill try again with just the security updates, unless you think its a bad idea?

Solved Windows shut down in 1 minute. Nasty Virus?

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Attachments

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Similar threads