Comodo found something in an app I've used before

Hello! I was hoping you guys could check something out for me?

Yesterday my Comodo firewall detected a trojan when I tried to run a game mod. A little while back, I ran another download/copy of the same file, same version afaik, on the same system, only with windows defender. It didn't detect anything back then. That has gotten me a little suspicious, and I was hoping you could give an all-clear, just to be safe. According to Comodo, the name of the trojan is "TrojWare.Win32.Hupigon.ogkx@1", and the application I tried to run was the launcher program for Rise of the Reds, a mod for C&C Generals: ZH (fun game btw!)

PS. Thanks again for helping me about a year ago!

Here's the OTL.txt log file. No extras.txt was generated.

OTL logfile created on: 18-11-2012 19:11:29 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arashmickey\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,50 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 70,33% Memory free
8,74 Gb Paging File | 7,65 Gb Available in Paging File | 87,53% Paging File free
Paging file location(s): c:\pagefile.sys 5368 7158 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,21 Gb Total Space | 120,66 Gb Free Space | 61,81% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 417,42 Gb Free Space | 56,70% Space Free | Partition Type: NTFS
Drive E: | 423,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ARASHMICKEY-PC | User Name: Arashmickey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-18 18:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arashmickey\Desktop\OTL.com
PRC - [2012-11-18 12:59:49 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Arashmickey\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012-11-15 15:21:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012-11-13 14:35:34 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-11-07 23:37:38 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012-11-07 23:37:12 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012-11-01 08:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
PRC - [2012-11-01 08:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit.exe
PRC - [2012-11-01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2012-10-31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012-10-30 10:46:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-10-30 10:46:07 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-10-02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012-10-02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-09-19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012-08-30 18:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- d:\Hi-Rez Studios\HiPatchService.exe
PRC - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011-08-26 17:02:00 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-02-08 17:46:04 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009-10-14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009-07-08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009-05-04 18:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009-02-23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-18 12:59:51 | 000,592,896 | ---- | M] () -- C:\Users\Arashmickey\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0015\~de6248.tmp
MOD - [2012-11-18 12:59:49 | 000,697,884 | ---- | M] () -- C:\Users\Arashmickey\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0015\~df394b.tmp
MOD - [2011-05-28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\software\WinRAR\RarExt.dll
MOD - [2009-10-14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009-04-20 10:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009-02-06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Services (SafeList) ==========

SRV - [2012-11-15 15:21:16 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012-11-07 23:37:38 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012-11-01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012-10-31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012-10-30 10:46:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-10-30 10:46:07 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-08-30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-08-30 18:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- d:\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011-08-26 17:28:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-08-26 17:02:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-08-26 17:02:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-08-26 17:02:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-09-10 15:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-10-07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-02-23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2012-11-13 14:35:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012-11-13 14:35:42 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-11-13 14:35:42 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012-11-07 23:37:58 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012-11-07 23:37:56 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012-11-07 23:37:56 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-08-27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012-07-03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011-02-08 06:30:51 | 000,052,352 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011-02-08 06:30:50 | 000,032,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-24 10:55:51 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-06-11 13:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2009-12-22 01:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009-10-07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009-10-07 09:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009-10-07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009-10-07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-07-14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-05-05 02:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 C2 EE DE E6 7E CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://nl.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{A194EED6-32B2-46f3-B4CE-6460C5BD02AE}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=nl&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\Software\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arashmickey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arashmickey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Arashmickey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2012-04-18 00:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arashmickey\AppData\Roaming\Mozilla\Extensions
[2012-04-18 00:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arashmickey\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011-10-16 18:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-10-16 05:15:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Arashmickey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Arashmickey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\
CHR - Extension: Sexy Undo Close Tab = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.3_0\
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.89_0\
CHR - Extension: YouTube = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.12_0\
CHR - Extension: Google Search = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: YouTube\u2122 Volume Controller = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpdfhppnpohebiolcppdpegkmlfkjgm\7.6_0\
CHR - Extension: Dislike It! = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpopaadgfkgmgkklbcifkhikgcajfebn\4.1.0_0\
CHR - Extension: Comment Snob = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnmebccmipejnnlcaenkhfhniaielg\6_0\
CHR - Extension: AdBlock = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Social Fixer = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.201_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: Gmail = C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [StereoLinksInstall] C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [Dxtory Update Checker 2.0] d:\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - Startup: C:\Users\Arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DAF0BE6-4D6B-4313-811F-B86A713BDD4F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DAF0BE6-4D6B-4313-811F-B86A713BDD4F}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003-09-01 00:01:11 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003-09-01 00:01:28 | 001,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003-08-31 04:15:46 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003-08-31 04:15:25 | 000,001,214 | R--- | M] () - E:\autorun.str -- [ CDFS ]
O33 - MountPoints2\{8a01c2c1-0610-11e1-abcd-002522e04ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{8a01c2c1-0610-11e1-abcd-002522e04ca9}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{c0b6e84b-cf6d-11e0-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b6e84b-cf6d-11e0-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2003-09-01 00:01:28 | 001,101,824 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - State: "bootini" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {DB9A9172-4874-3138-3667-8B7A8912A82E} - Java (Sun)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.x264 - C:\Program Files\software\codecs\x264vfw\x264vfw.dll ()
Drivers32: vidc.xtor - C:\Windows\System32\DxtoryCodec.dll (Dxtory Software)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-11-18 19:01:07 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012-11-18 18:57:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arashmickey\Desktop\OTL.com
[2012-11-16 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\AppData\Roaming\.minecraft
[2012-11-16 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\Desktop\LP memo stuff
[2012-11-15 02:18:39 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012-11-15 02:18:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012-11-15 02:18:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012-11-15 02:18:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012-11-15 02:18:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012-11-15 02:18:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-11-15 02:18:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-11-15 02:18:02 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012-11-15 02:18:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-11-15 02:18:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-11-15 02:18:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-11-15 02:18:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-11-15 02:18:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-11-15 02:15:24 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012-11-15 02:15:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012-11-15 02:15:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012-11-15 02:15:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012-11-15 02:15:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-11-15 02:15:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012-11-15 02:15:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012-11-13 08:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
[2012-11-13 08:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012-11-13 08:27:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012-11-12 20:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012-11-12 20:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012-11-12 20:10:21 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\AppData\Local\Comodo
[2012-11-12 20:10:19 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2012-11-12 20:10:12 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012-11-12 20:10:12 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2012-11-12 20:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012-11-12 16:42:05 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\AppData\Local\My_MP4Box_GUI
[2012-11-12 16:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My MP4Box GUI
[2012-11-11 01:34:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012-11-07 23:37:58 | 000,082,952 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2012-11-07 23:37:56 | 000,494,416 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2012-11-07 23:37:56 | 000,036,072 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2012-11-07 23:37:54 | 000,019,632 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2012-11-07 23:37:36 | 000,301,264 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2012-11-07 23:37:36 | 000,034,024 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2012-11-03 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\AppData\Local\GameStop
[2012-10-25 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\3079Saves
[2012-10-25 16:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3079
[2012-10-22 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-10-22 16:14:42 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012-10-22 16:14:42 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012-10-22 16:14:42 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012-10-21 20:38:02 | 000,000,000 | ---D | C] -- C:\Windows\Symbols
[2012-10-21 01:40:46 | 000,000,000 | ---D | C] -- C:\Users\Arashmickey\AppData\Local\SCE
[2012-10-21 01:40:46 | 000,000,000 | ---D | C] -- C:\Crash
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-18 18:59:25 | 000,543,531 | ---- | M] () -- C:\Users\Arashmickey\Desktop\adwcleaner.exe
[2012-11-18 18:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arashmickey\Desktop\OTL.com
[2012-11-18 17:36:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3777501677-1383824960-427032563-1000UA.job
[2012-11-18 13:07:13 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-18 13:07:13 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-18 13:04:45 | 000,594,766 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-11-18 13:04:45 | 000,099,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-11-18 12:59:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-18 12:59:32 | 2815,143,936 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-15 22:34:59 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2012-11-15 20:16:41 | 000,007,667 | ---- | M] () -- C:\Users\Arashmickey\AppData\Local\Resmon.ResmonCfg
[2012-11-15 09:53:54 | 000,289,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-11-13 14:35:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012-11-13 14:35:42 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012-11-13 14:35:42 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012-11-13 11:04:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012-11-13 08:29:44 | 000,002,013 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012-11-12 20:10:27 | 000,001,222 | ---- | M] () -- C:\Users\Arashmickey\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012-11-12 20:10:12 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012-11-12 20:10:12 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2012-11-12 03:36:02 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3777501677-1383824960-427032563-1000Core.job
[2012-11-11 01:34:22 | 305,295,706 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-11-09 15:38:18 | 000,002,519 | ---- | M] () -- C:\Users\Arashmickey\Desktop\Google Chrome.lnk
[2012-11-08 22:35:53 | 012,448,690 | ---- | M] () -- C:\Users\Arashmickey\Desktop\Freedomain_Radio_Intro_Philosophy_2.mp3
[2012-11-07 23:37:58 | 000,082,952 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2012-11-07 23:37:56 | 000,494,416 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2012-11-07 23:37:56 | 000,036,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2012-11-07 23:37:54 | 000,019,632 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2012-11-07 23:37:36 | 000,301,264 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2012-11-07 23:37:36 | 000,034,024 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2012-11-05 00:29:41 | 009,236,990 | ---- | M] () -- C:\Users\Arashmickey\Desktop\FDR_podcast_zero.mp3
[2012-11-04 20:59:58 | 011,796,476 | ---- | M] () -- C:\Users\Arashmickey\Desktop\Freedomain_Radio_Intro_Philosophy_1.mp3
[2012-11-04 09:46:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-11-04 09:46:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-10-28 23:08:57 | 032,589,669 | ---- | M] () -- C:\Users\Arashmickey\Desktop\RAP NEWS 11 - 'Australia Day' (with Ken Oathcarn).flv
[2012-10-28 10:53:51 | 023,636,251 | ---- | M] () -- C:\Users\Arashmickey\Desktop\I HAVE A DRONE Barack Obama vs Mitt Romney (RAP NEWS 16).flv
[2012-10-25 11:31:17 | 000,290,825 | ---- | M] () -- C:\Users\Arashmickey\Desktop\Download Deus Ex- Game of the Year Edition.exe
[2012-10-25 11:31:13 | 000,290,825 | ---- | M] () -- C:\Users\Arashmickey\Desktop\Download Deus Ex Invisible War.exe
[2012-10-21 01:40:33 | 000,000,682 | ---- | M] () -- C:\Users\Arashmickey\Desktop\PlanetSide 2 Beta.lnk
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-18 18:59:25 | 000,543,531 | ---- | C] () -- C:\Users\Arashmickey\Desktop\adwcleaner.exe
[2012-11-15 02:18:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-15 02:18:25 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-11-13 08:29:44 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012-11-12 20:10:27 | 000,001,222 | ---- | C] () -- C:\Users\Arashmickey\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012-11-11 01:34:22 | 305,295,706 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-11-08 22:35:47 | 012,448,690 | ---- | C] () -- C:\Users\Arashmickey\Desktop\Freedomain_Radio_Intro_Philosophy_2.mp3
[2012-11-05 00:29:34 | 009,236,990 | ---- | C] () -- C:\Users\Arashmickey\Desktop\FDR_podcast_zero.mp3
[2012-11-04 20:59:51 | 011,796,476 | ---- | C] () -- C:\Users\Arashmickey\Desktop\Freedomain_Radio_Intro_Philosophy_1.mp3
[2012-10-28 23:06:08 | 032,589,669 | ---- | C] () -- C:\Users\Arashmickey\Desktop\RAP NEWS 11 - 'Australia Day' (with Ken Oathcarn).flv
[2012-10-28 10:50:40 | 023,636,251 | ---- | C] () -- C:\Users\Arashmickey\Desktop\I HAVE A DRONE Barack Obama vs Mitt Romney (RAP NEWS 16).flv
[2012-10-25 11:31:17 | 000,290,825 | ---- | C] () -- C:\Users\Arashmickey\Desktop\Download Deus Ex- Game of the Year Edition.exe
[2012-10-25 11:31:13 | 000,290,825 | ---- | C] () -- C:\Users\Arashmickey\Desktop\Download Deus Ex Invisible War.exe
[2012-10-21 01:40:33 | 000,000,682 | ---- | C] () -- C:\Users\Arashmickey\Desktop\PlanetSide 2 Beta.lnk
[2012-10-21 01:40:33 | 000,000,682 | ---- | C] () -- C:\Users\Arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Beta.lnk
[2012-09-03 00:00:05 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012-08-20 02:04:33 | 000,000,600 | ---- | C] () -- C:\Users\Arashmickey\PUTTY.RND
[2012-05-01 00:04:02 | 000,007,667 | ---- | C] () -- C:\Users\Arashmickey\AppData\Local\Resmon.ResmonCfg
[2012-04-11 22:06:40 | 000,000,379 | ---- | C] () -- C:\Users\Arashmickey\dubman.cfg
[2012-02-23 13:17:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012-02-18 17:15:05 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012-01-31 02:38:29 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012-01-18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012-01-18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011-12-04 20:16:37 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2011-10-12 03:38:59 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-10-12 03:38:59 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-10-08 20:23:47 | 000,101,864 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011-09-27 22:24:05 | 000,000,985 | ---- | C] () -- C:\Windows\eReg.dat
[2011-09-06 03:39:25 | 000,140,624 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011-09-06 03:39:21 | 000,266,752 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011-09-06 03:38:54 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011-08-26 17:03:03 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011-08-26 17:03:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011-08-26 17:03:03 | 000,005,037 | ---- | C] () -- C:\Windows\System32\cfgfx.ini
[2011-08-26 17:03:03 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011-08-26 17:03:03 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011-08-26 17:03:03 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010-11-20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --hide-icons [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --show-icons [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\shell\open\command\\: "C:\Program Files\Comodo\Dragon\dragon.exe" [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-08-26 17:35:55 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-08-26 17:35:55 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-08-26 17:35:55 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012-10-08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012-10-08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --hide-icons [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\Dragon\dragon.exe" --show-icons [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Dragon\shell\open\command\\: "C:\Program Files\Comodo\Dragon\dragon.exe" [2012-11-15 15:21:16 | 001,758,864 | ---- | M] (Comodo)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-08-26 17:35:55 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-08-26 17:35:55 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-08-26 17:35:55 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012-10-08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012-10-08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012-11-13 14:35:42 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\system32\drivers\avgntflt.sys
[2012-11-13 14:35:42 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\system32\drivers\avipbb.sys
[2012-11-13 14:35:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\system32\drivers\avkmgr.sys
[2012-11-07 23:37:54 | 000,019,632 | ---- | M] (COMODO) -- C:\Windows\system32\drivers\cmderd.sys
[2012-11-07 23:37:56 | 000,494,416 | ---- | M] (COMODO) -- C:\Windows\system32\drivers\cmdGuard.sys
[2012-11-07 23:37:56 | 000,036,072 | ---- | M] (COMODO) -- C:\Windows\system32\drivers\cmdhlp.sys
[2012-08-22 18:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\FWPKCLNT.SYS
[2012-11-07 23:37:58 | 000,082,952 | ---- | M] (COMODO) -- C:\Windows\system32\drivers\inspect.sys
[2012-08-22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndis.sys
[2012-08-22 18:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netio.sys
[2012-08-31 18:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2012-10-10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys
[2012-08-27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\system32\drivers\ssmdrv.sys
[2012-10-03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2012-10-03 16:21:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2011-11-07 19:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\Achron
[2012-01-27 05:55:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011-08-26 16:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2011-08-26 17:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\ASRock Utility
[2011-08-26 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2011-08-26 16:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2012-10-17 00:42:05 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2012-11-13 08:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012-11-15 22:34:54 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2011-08-26 17:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2011-08-26 16:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011-04-12 03:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012-10-03 21:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2011-08-26 16:59:47 | 000,000,000 | ---D | M] -- C:\Program Files\Etron Technology
[2012-09-23 21:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\GOG.com
[2011-09-05 22:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\Indie Games
[2012-02-11 22:40:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012-11-15 09:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012-10-22 16:14:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012-02-22 21:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2012-02-19 19:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011-12-13 02:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2011-10-04 11:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011-10-10 12:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011-10-16 18:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009-07-14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012-11-18 19:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2011-10-04 00:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2011-09-16 21:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2012-10-03 18:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Origin Games
[2011-09-05 11:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2012-04-18 11:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2011-10-07 18:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009-07-14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012-08-20 20:33:43 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012-11-12 16:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\software
[2011-09-05 19:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2011-10-07 18:57:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2009-07-14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011-04-12 03:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011-10-04 11:41:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011-04-12 03:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011-04-12 03:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009-07-14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011-04-12 03:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2010-11-20 22:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011-04-12 03:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011-10-12 03:39:04 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2010-11-20 22:29:19 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011-04-25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011-04-25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011-04-25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012-06-02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012-04-24 05:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012-04-24 05:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012-06-02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\System32\cryptsvc.dll
[2012-06-02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2010-11-20 22:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010-11-20 22:29:20 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011-03-03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011-03-03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011-03-03 06:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012-10-31 23:14:04 | 000,008,728 | ---- | M] () MD5=07C0EEFCED87271FD2844DA8EE8B6042 -- C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\23.0.1271.64\Locales\es.dll
[2012-08-17 23:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2012-10-10 11:05:14 | 000,008,728 | ---- | M] () MD5=543EC1FF66953631A17477AEC9C7A111 -- C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\22.0.1229.94\Locales\es.dll
[2012-10-04 02:14:58 | 000,008,728 | ---- | M] () MD5=CA2C5AA0DAC841157AE8680A48700073 -- C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\22.0.1229.92\Locales\es.dll
[2012-08-30 03:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2009-07-14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\Arashmickey\AppData\Local\Temp\es.dll
[2009-07-14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009-07-14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
[2012-09-25 10:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Users\Arashmickey\AppData\Local\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

< MD5 for: EXPLORER.EXE >
[2011-02-26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2011-12-25 21:35:57 | 000,004,608 | ---- | M] () MD5=181066E31AD20869CF049262A0DB0BC2 -- C:\Users\Arashmickey\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v049D98E1\Native\STUBEXE\@WINDIR@\explorer.exe
[2010-11-20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009-07-14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009-07-14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010-11-20 22:29:08 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010-11-20 22:29:08 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys

< MD5 for: NETMAN.DLL >
[2009-07-14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009-07-14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2010-11-20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010-11-20 22:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010-11-20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010-11-20 22:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011-06-21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2012-08-22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011-04-25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010-11-20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011-09-29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011-09-29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011-04-25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012-03-30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012-03-30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012-08-22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2012-10-03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2011-06-21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012-10-03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\System32\drivers\tcpip.sys
[2012-10-03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys

< MD5 for: TDX.SYS >
[2010-11-20 22:29:07 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010-11-20 22:29:07 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys

< MD5 for: USERINIT.EXE >
[2010-11-20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010-11-20 22:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010-11-20 22:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010-11-20 22:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009-07-14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009-07-14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009-07-14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009-07-14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll

< End of report >

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 19:23:35
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Arashmickey - ARASHMICKEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Arashmickey\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
Folder Deleted : C:\Users\Arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Software

***** [Registry] *****

Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Arashmickey\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [946 octets] - [18/11/2012 19:23:35]

########## EOF - C:\AdwCleaner[S1].txt - [1005 octets] ##########

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Arashmickey :: ARASHMICKEY-PC [administrator]

18-11-2012 21:01:08
mbam-log-2012-11-18 (21-01-08).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495833
Time elapsed: 1 hour(s), 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ComboFix 12-11-16.02 - Arashmickey 18-11-2012 22:14:29.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3580.2226 [GMT 1:00]
Gestart vanuit: c:\users\Arashmickey\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\tmp4153.tmp
c:\windows\system32\tmp4154.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))
.
.
2012-11-18 21:19 . 2012-11-18 21:21 -------- d-----w- c:\users\Arashmickey\AppData\Local\temp
2012-11-18 20:00 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-18 20:00 . 2012-11-18 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-18 19:54 . 2012-11-18 20:54 -------- d-----w- c:\program files\Everything
2012-11-18 19:49 . 2012-11-18 19:50 -------- d-----w- c:\program files\Recuva
2012-11-16 21:48 . 2012-11-16 22:06 -------- d-----w- c:\users\Arashmickey\AppData\Roaming\.minecraft
2012-11-15 01:15 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 01:15 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 01:15 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 01:15 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 01:15 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 01:15 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 01:15 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 01:15 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 01:15 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 01:15 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 01:15 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 01:15 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-13 07:29 . 2012-11-13 07:29 -------- d-----w- c:\program files\Common Files\Comodo
2012-11-13 07:28 . 2012-11-13 07:29 -------- d-----w- c:\programdata\CPA_VA
2012-11-12 19:10 . 2012-11-13 07:28 -------- d-----w- c:\programdata\Comodo
2012-11-12 19:10 . 2012-11-12 19:10 -------- d-----w- c:\users\Arashmickey\AppData\Local\Comodo
2012-11-12 19:10 . 2012-11-15 21:34 42760 ----a-w- c:\windows\system32\certsentry.dll
2012-11-12 19:10 . 2012-11-12 19:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-12 19:10 . 2012-11-12 19:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-11-12 19:10 . 2012-11-12 19:10 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-11-12 19:10 . 2012-11-15 21:34 -------- d-----w- c:\program files\COMODO
2012-11-12 15:42 . 2012-11-12 15:42 -------- d-----w- c:\users\Arashmickey\AppData\Local\My_MP4Box_GUI
2012-11-07 22:37 . 2012-11-07 22:37 82952 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 22:37 . 2012-11-07 22:37 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 22:37 . 2012-11-07 22:37 36072 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 22:37 . 2012-11-07 22:37 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 22:37 . 2012-11-07 22:37 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 22:37 . 2012-11-07 22:37 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-03 18:59 . 2012-11-03 18:59 -------- d-----w- c:\users\Arashmickey\AppData\Local\GameStop
2012-10-25 15:12 . 2012-10-25 15:15 -------- d-----w- c:\users\Arashmickey\3079Saves
2012-10-22 15:25 . 2012-10-22 15:25 -------- d-----w- c:\program files\Common Files\Java
2012-10-21 19:38 . 2012-10-21 19:38 -------- d-----w- c:\windows\Symbols
2012-10-21 00:40 . 2012-10-21 00:40 -------- d-----w- c:\users\Arashmickey\AppData\Local\SCE
2012-10-21 00:40 . 2012-10-21 00:40 -------- d-----w- C:\Crash
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 13:35 . 2012-10-16 23:42 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-13 13:35 . 2012-10-16 23:42 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-13 13:35 . 2012-10-16 23:42 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-04 08:46 . 2012-04-18 08:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-04 08:46 . 2011-08-27 00:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 20:15 . 2012-02-09 20:43 831848 ----a-w- c:\windows\system32\nvumdshim.dll
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2012-09-14 17:26 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2011-05-21 04:01 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-09-14 17:26 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2011-09-05 18:28 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 202600 ----a-w- c:\windows\system32\nvinit.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2011-09-05 18:28 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29 . 2010-12-27 09:22 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2011-08-26 16:30 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2010-12-27 09:22 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2010-12-27 09:22 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2010-12-27 09:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2010-12-27 09:23 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-24 13:32 . 2012-05-26 21:46 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2011-08-27 00:25 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28 . 2012-10-10 04:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 04:40 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 04:40 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 04:40 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 13:18 . 2012-08-30 13:18 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-24 16:57 . 2012-10-10 04:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-22 17:16 . 2012-09-12 09:50 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 09:50 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 09:50 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 11:06 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Dxtory Update Checker 2.0"="d:\dxtory software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncService"="c:\program files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 14848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-08 8505888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-13 384800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
.
c:\users\Arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\software\PowerMenu\PowerMenu.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe [2012-11-1 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3777501677-1383824960-427032563-1000Core.job
- c:\users\Arashmickey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 17:29]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3777501677-1383824960-427032563-1000UA.job
- c:\users\Arashmickey\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 17:29]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{9DAF0BE6-4D6B-4313-811F-B86A713BDD4F}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-ASRockXTU - (no file)
HKCU-Run-zASRockInstantBoot - (no file)
HKLM-Run-tvncontrol - c:\program files\Common Files\Comodo\tvnserver.exe
AddRemove-8461-7759-5462-8226 - c:\program files\software\Vuze\uninstall.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - c:\program files\software\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-FFmpeg for Audacity_is1 - c:\program files\software\software\Ffmpeg For Audacity\unins000.exe
AddRemove-HyperCam 2 - c:\program files\software\Hypercam\HcUnInst.exe
AddRemove-KLiteCodecPack_is1 - c:\program files\software\K-Lite Codec Pack\unins000.exe
AddRemove-VLC media player - c:\program files\Software\VLC\uninstall.exe
AddRemove-Winamp - c:\program files\software\Winamp\UninstWA.exe
AddRemove-WinRAR archiver - c:\program files\software\WinRAR\uninstall.exe
AddRemove-x264vfw - c:\program files\software\codecs\x264vfw\x264vfw-uninstall.exe
AddRemove-{470F4A33-DA87-4CF5-9E5A-42BD4F218B39}_is1 - c:\program files\software\My MP4Box GUI\unins000.exe
AddRemove-{FD9C31B6-F572-414D-81E3-89368C97A125}_is1 - c:\program files\software\CamStudio 2.6b\unins000.exe
AddRemove-Winamp Detect - c:\program files\software\Winamp Detect\UninstWaDetect.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3777501677-1383824960-427032563-1000\Software\SecuROM\License information*]
"datasecu"=hex:05,29,2e,b0,3a,81,48,d5,4b,90,09,eb,e9,1c,80,10,16,a3,ac,00,76,
8d,26,20,0e,a2,41,10,47,7d,93,ca,00,28,2c,af,da,d9,73,76,d9,31,88,68,bb,3b,\
"rkeysecu"=hex:ee,c9,df,1a,a6,38,0f,57,c6,91,1d,23,c0,cd,2e,df
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5428)
c:\windows\system32\guard32.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
d:\hi-rez studios\HiPatchService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\rundll32.exe
c:\users\ARASHM~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\COMODO\GeekBuddy\unit_manager.exe
c:\program files\COMODO\GeekBuddy\unit.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-11-18 22:24:27 - machine werd herstart
ComboFix-quarantined-files.txt 2012-11-18 21:24
.
Pre-Run: 131.048.894.464 bytes free
Post-Run: 134.629.892.096 bytes free
.
- - End Of File - - 9A5566AD11AC4A1F01E2D8AFD23E22A7

Thanks for helping me Dave.

One more thing while this has been happening: My directory structure isn't as neat as I would like it to be, but I try to organize stuff until I can't be bothered. That means I installled a whole bunch of software to c:/program files/software.

I just noticed that the entire software folder is gone. I can't recall having deleted that myself, but I suppose I might have inadvertently. Anyway, I thought I'd put that out there.

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
  
  Firefox::
  
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  DDS::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• I don't need to see the log from this script.
  

***********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 01:35:28
-----------------------------
01:35:28.891 OS Version: Windows 6.1.7601 Service Pack 1
01:35:28.891 Number of processors: 4 586 0x403
01:35:28.891 ComputerName: ARASHMICKEY-PC UserName: Arashmickey
01:35:37.565 Initialize success
01:35:44.803 AVAST engine defs: 12111801
01:35:48.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
01:35:48.485 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
01:35:48.500 Disk 0 MBR read successfully
01:35:48.500 Disk 0 MBR scan
01:35:48.516 Disk 0 Windows 7 default MBR code
01:35:48.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:35:48.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
01:35:48.563 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753868 MB offset 409600000
01:35:48.578 Disk 0 scanning sectors +1953521664
01:35:48.687 Disk 0 scanning C:\Windows\system32\drivers
01:35:57.096 Service scanning
01:36:14.927 Modules scanning
01:36:22.274 Disk 0 trace - called modules:
01:36:22.290 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
01:36:22.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86949218]
01:36:22.290 3 CLASSPNP.SYS[8cd8359e] -> nt!IofCallDriver -> [0x8643a918]
01:36:22.305 5 ACPI.sys[8c8323d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8693e030]
01:36:22.602 AVAST engine scan C:\Windows
01:36:24.833 AVAST engine scan C:\Windows\system32
01:38:36.310 AVAST engine scan C:\Windows\system32\drivers
01:38:47.214 AVAST engine scan C:\Users\Arashmickey
01:48:10.016 AVAST engine scan C:\ProgramData
01:49:17.830 Scan finished successfully
01:50:21.765 Disk 0 MBR has been saved successfully to "C:\Users\Arashmickey\Desktop\MBR.dat"
01:50:21.769 The log file has been saved successfully to "C:\Users\Arashmickey\Desktop\aswMBR.txt"

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

**********************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

*****************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Arashmickey [Admin rights]
Mode : Scan -- Date : 11/19/2012 10:05:05

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Sound_Blaster_X-Fi_MB_Cleanup.0001 -- C:\Users\Arashmickey\AppData\Local\temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 -> KILLED [TermProc]
[RESIDUE][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Windows\system32\AmbRunE.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : UpdReg (C:\Windows\Updreg.EXE) -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{9DAF0BE6-4D6B-4313-811F-B86A713BDD4F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{9DAF0BE6-4D6B-4313-811F-B86A713BDD4F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8347206D -> HOOKED (Unknown @ 0x92370C66)
SSDT[299] : NtRequestWaitReplyPort @ 0x8348CA63 -> HOOKED (Unknown @ 0x92370C70)
SSDT[316] : NtSetContextThread @ 0x8352C745 -> HOOKED (Unknown @ 0x92370C6B)
SSDT[347] : NtSetSecurityObject @ 0x83450742 -> HOOKED (Unknown @ 0x92370C75)
SSDT[368] : NtSystemDebugControl @ 0x834D46BC -> HOOKED (Unknown @ 0x92370C7A)
SSDT[370] : NtTerminateProcess @ 0x834A9BFB -> HOOKED (Unknown @ 0x92370C07)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] dfaa4539d580ef34d1e18848275151b5
[BSP] 902a334320e02ed335b1ea24edbce380 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600000 | Size: 753868 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11192012_02d1005.txt >>
RKreport[1]_S_11192012_02d1005.txt

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Arashmickey\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A60CF000
Module End: A60DA000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8324D000
Module End: 83660000
Hidden: No

Module Name: C:\Windows\system32\halmacpi.dll
Service Name: ---
Module Base: 83216000
Module End: 8324D000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80BB0000
Module End: 80BB8000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_AuthenticAMD.dll
Service Name: ---
Module Base: 8C61F000
Module End: 8C62A000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8C62A000
Module End: 8C63B000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 8C63B000
Module End: 8C643000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8C643000
Module End: 8C685000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8C685000
Module End: 8C730000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8C730000
Module End: 8C7B1000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8C7B1000
Module End: 8C7BF000
Hidden: No

Module Name: C:\Windows\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: 8C826000
Module End: 8C86E000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 8C86E000
Module End: 8C877000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 8C877000
Module End: 8C87F000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 8C87F000
Module End: 8C8A9000
Hidden: No

Module Name: C:\Windows\system32\drivers\vdrvroot.sys
Service Name: vdrvroot
Module Base: 8C8A9000
Module End: 8C8B4000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8C8B4000
Module End: 8C8C5000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 8C8C5000
Module End: 8C8D5000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 8C8D5000
Module End: 8C920000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 8C920000
Module End: 8C927000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 8C927000
Module End: 8C935000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: mountmgr
Module Base: 8C935000
Module End: 8C94B000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 8C94B000
Module End: 8C954000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8C954000
Module End: 8C977000
Hidden: No

Module Name: C:\Windows\system32\drivers\amdxata.sys
Service Name: amdxata
Module Base: 8C977000
Module End: 8C980000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8C980000
Module End: 8C9B4000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8C9B4000
Module End: 8C9C5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: ---
Module Base: 8CA10000
Module End: 8CB3F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\msrpc.sys
Service Name: ---
Module Base: 8CB3F000
Module End: 8CB6A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8CB6A000
Module End: 8CB7D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\cng.sys
Service Name: CNG
Module Base: 8CB7D000
Module End: 8CBDA000
Hidden: No

Module Name: C:\Windows\System32\drivers\pcw.sys
Service Name: pcw
Module Base: 8CBDA000
Module End: 8CBE8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.sys
Service Name: ---
Module Base: 8CBE8000
Module End: 8CBF1000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8CC36000
Module End: 8CCED000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8CCED000
Module End: 8CD2B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecpkg.sys
Service Name: KSecPkg
Module Base: 8CD2B000
Module End: 8CD50000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8CE33000
Module End: 8CF7F000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8CF7F000
Module End: 8CFB0000
Hidden: No

Module Name: C:\Windows\system32\drivers\vmstorfl.sys
Service Name: storflt
Module Base: 8CFB0000
Module End: 8CFB9000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8CFB9000
Module End: 8CFF8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: ---
Module Base: 8CFF8000
Module End: 8D000000
Hidden: No

Module Name: C:\Windows\System32\drivers\rdyboost.sys
Service Name: rdyboost
Module Base: 8CE00000
Module End: 8CE2D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8CD50000
Module End: 8CD60000
Hidden: No

Module Name: C:\Windows\System32\drivers\hwpolicy.sys
Service Name: hwpolicy
Module Base: 8CD60000
Module End: 8CD68000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\fvevol.sys
Service Name: fvevol
Module Base: 8CD68000
Module End: 8CD9A000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: Disk
Module Base: 8CD9A000
Module End: 8CDAB000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8CDAB000
Module End: 8CDD0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AtiPcie.sys
Service Name: AtiPcie
Module Base: 8CDD0000
Module End: 8CDD8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8CC11000
Module End: 8CC30000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\cmdguard.sys
Service Name: cmdGuard
Module Base: 91231000
Module End: 912AC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: ---
Module Base: 912AC000
Module End: 912B3000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: ---
Module Base: 912B3000
Module End: 912BA000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 912BA000
Module End: 912C6000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 912C6000
Module End: 912E7000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 912E7000
Module End: 912F4000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 912F4000
Module End: 912FC000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 912FC000
Module End: 91304000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdprefmp.sys
Service Name: RDPREFMP
Module Base: 91304000
Module End: 9130C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: ---
Module Base: 9130C000
Module End: 91317000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: ---
Module Base: 91317000
Module End: 91325000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 91325000
Module End: 9133C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 9133C000
Module End: 91348000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\cmdhlp.sys
Service Name: cmdHlp
Module Base: 91348000
Module End: 91352000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 91352000
Module End: 913AC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: 913AC000
Module End: 913DE000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 913DE000
Module End: 913E7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wfplwf.sys
Service Name: WfpLwf
Module Base: 913E7000
Module End: 913EE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: Psched
Module Base: 91200000
Module End: 9121F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\inspect.sys
Service Name: inspect
Module Base: 8C9C5000
Module End: 8C9DB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 9121F000
Module End: 9122D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: 8C9DB000
Module End: 8C9F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: WANARP
Module Base: 8C800000
Module End: 8C813000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 913EE000
Module End: 913FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: 8CE2D000
Module End: 8CE33000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8C7BF000
Module End: 8C800000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8CBF1000
Module End: 8CBFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8CA00000
Module End: 8CA0A000
Hidden: No

Module Name: C:\Windows\System32\drivers\discache.sys
Service Name: discache
Module Base: 8C813000
Module End: 8C81F000
Hidden: No

Module Name: C:\Windows\system32\drivers\csc.sys
Service Name: CSC
Module Base: 92027000
Module End: 9208B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 9208B000
Module End: 920A3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\blbdrive.sys
Service Name: blbdrive
Module Base: 920A3000
Module End: 920B1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avkmgr.sys
Service Name: avkmgr
Module Base: 920B1000
Module End: 920BD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: 920BD000
Module End: 920E0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AsrAppCharger.sys
Service Name: AsrAppCharger
Module Base: 920E0000
Module End: 920E7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 920E7000
Module End: 92108000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 92E30000
Module End: 938A4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\nvBridge.kmd
Service Name: ---
Module Base: 938A4000
Module End: 938A6000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 938A6000
Module End: 9395D000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgmms1.sys
Service Name: ---
Module Base: 9395D000
Module End: 93996000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 93996000
Module End: 939B5000
Hidden: No

Module Name: C:\Windows\System32\Drivers\EtronXHCI.sys
Service Name: EtronXHCI
Module Base: 939B5000
Module End: 939C2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbfilter.sys
Service Name: usbfilter
Module Base: 939C2000
Module End: 939C8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\L1C62x86.sys
Service Name: L1C
Module Base: 939C8000
Module End: 939DA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 939DA000
Module End: 939E4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 92108000
Module End: 92153000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 939E4000
Module End: 939F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: 939F3000
Module End: 939FD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394ohci.sys
Service Name: 1394ohci
Module Base: 92E00000
Module End: 92E2D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdppm.sys
Service Name: AmdPPM
Module Base: 92153000
Module End: 92164000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 92164000
Module End: 9216D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CompositeBus.sys
Service Name: CompositeBus
Module Base: 9216D000
Module End: 9217A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AgileVpn.sys
Service Name: RasAgileVpn
Module Base: 9217A000
Module End: 9218C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 9218C000
Module End: 921A4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 921A4000
Module End: 921AF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 921AF000
Module End: 921D1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 921D1000
Module End: 921E9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 921E9000
Module End: 92200000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 92000000
Module End: 92017000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdpbus.sys
Service Name: rdpbus
Module Base: 92017000
Module End: 92021000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8C600000
Module End: 8C60D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8C60D000
Module End: 8C61A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 92E2D000
Module End: 92E2F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 95229000
Module End: 9525D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 9525D000
Module End: 9526B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\EtronHub3.sys
Service Name: EtronHub3
Module Base: 9526B000
Module End: 95273000
Hidden: No

Module Name: C:\Windows\System32\Drivers\USBD.SYS
Service Name: ---
Module Base: 95273000
Module End: 95275000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 95275000
Module End: 952B9000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: ---
Module Base: 952B9000
Module End: 952CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvhda32v.sys
Service Name: NVHDA
Module Base: 952CA000
Module End: 952F2000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 952F2000
Module End: 95321000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 95321000
Module End: 9533A000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 98415000
Module End: 986F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 986F5000
Module End: 98700000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 98700000
Module End: 98713000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 98713000
Module End: 9871A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 9871A000
Module End: 98725000
Hidden: No

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 98725000
Module End: 9872F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 9872F000
Module End: 98745000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 98745000
Module End: 9875C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 9875C000
Module End: 98768000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 98768000
Module End: 98773000
Hidden: No

Module Name: C:\Windows\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: 98773000
Module End: 98787000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 98787000
Module End: 98794000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 98794000
Module End: 9879F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9879F000
Module End: 987A8000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 987A8000
Module End: 987B9000
Hidden: Yes

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 987B9000
Module End: 987D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: 987D4000
Module End: 987EF000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\mbam.sys
Service Name: MBAMProtector
Module Base: 987EF000
Module End: 987F3000
Hidden: No

Module Name: C:\Windows\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: 98400000
Module End: 98414000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9533A000
Module End: 9534A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9534A000
Module End: 9535D000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9535D000
Module End: 953E2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 953E2000
Module End: 953FB000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 95200000
Module End: 95212000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 8CDD8000
Module End: 8CDFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: A5235000
Module End: A5270000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: A5270000
Module End: A528B000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A52A3000
Module End: A533A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: ---
Module Base: A533A000
Module End: A5344000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: A5344000
Module End: A5365000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A5365000
Module End: A5372000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: A5372000
Module End: A53C2000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A6001000
Module End: A6053000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\LVPr2Mon.sys
Service Name: LVPr2Mon
Module Base: A6053000
Module End: A6058000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: A60C2000
Module End: A60CB000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\TrueSight.sys
Service Name: ---
Module Base: A60CB000
Module End: A60CF000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied

Also:
roguekiller asked if I should wanted to close roguekiller without deleting anything, to which I said OK.
Sysprot said there was an error when attempting to scan SSDT, to which I said OK again, and it continued the scan.

Just FYI

Is the computer working any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Thanks Dave! Maybe it's just me, but things do seem to run a bit more smoothly now. Before, my pc would freeze a couple times a day for 10 or 20 seconds, first the input, then sound & video. I tried updating drivers and scrubbing unnecessary programs & processes, but I had never figured out what actually caused it. In the past couple of days it has only happened once, so I'd call that an improvement at least. It's been there for almost as long as I remember though.

ESET took about 4 hours and came back with no infections at all I couldn't find the buttons to create the log file though.

Anything I ought to do next? I'll be happy to.

I'll get mbam through your affiliate link in a couple of weeks when I have some more money. That means I will have mbam, comodo, avira? Is that enough / too little / too much? Or should I use different firewall / antivirus?

Also, I already got the ebook in June last year, but I still wanted to send a 5 or 10 bucks - is there a way to do that, maybe a direct paypal donation? Otherwise, I suppose I could just buy the ebook again in a few months. I don't have much money but I do want to show my appreciation and help keep GeekPolice alive. You guys are tops!

That means I will have mbam, comodo, avira? Is that enough / too little / too much? Or should I use different firewall / antivirus?

That sounds like a good combination. If Comodo starts acting up, just dump it and get another firewall.

but I still wanted to send a 5 or 10 bucks - is there a way to do that, maybe a direct paypal donation?

I don't think there is any procedure for accepting money for our services.
Let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

I just finished cleanup, using the links next. Thanks again for everything!

Arashmickey wrote:

I just finished cleanup, using the links next. Thanks again for everything!

You're welcome. Stay safe.