Jump to content

Windows Command Processor Virus


Recommended Posts

the Windows Command Processor keeps pooping up on my desktop and will not go away. Unfortunately my sister opened this without knowing don't know if this changes anything.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Harry at 19:35:09 on 2012-03-18

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.44.1033.18.3326.2010 [GMT 0:00]

.

AV: Sophos Anti-Virus *Enabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Sophos Anti-Virus *Enabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Windows\vVX3000.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Users\Harry\AppData\Local\sbrkkemb\csmjdrin.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Program Files\Tunngle\TnglCtrl.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\consent.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.ask.com/?l=dis&o=15179

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Comrade.exe] c:\program files\gamespy\comrade\Comrade.exe

uRun: [KPeerNexonEU] c:\nexon\nexon_eu_downloader\nxEULauncher.exe

uRun: [spyware Doctor with AntiVirus] c:\users\harry\desktop\sdasetup_revwire207.exe -min

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [CsmJdrin] c:\users\harry\appdata\local\sbrkkemb\csmjdrin.exe

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\harry\appdata\roaming\microsoft\windows\start menu\programs\startup\csmjdrin.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BEE347AC-1584-4D8E-A3EC-BFB84FA4AD6D} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\363\g2ax_winlogon.dll

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\harry\appdata\roaming\mozilla\firefox\profiles\m2z3qakm.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com/?l=dis&o=15179

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - component: c:\users\harry\appdata\roaming\mozilla\firefox\profiles\m2z3qakm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\users\harry\appdata\roaming\mozilla\firefox\profiles\m2z3qakm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\battlelog web plugins\1.104.0\npesnlaunch.dll

FF - plugin: c:\program files\battlelog web plugins\1.110.0\npesnlaunch.dll

FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\program files\bf3 alpha trial web plugins\npesnlaunch.dll

FF - plugin: c:\program files\bf3 alpha trial web plugins\sonar\npesnsonar.dll

FF - plugin: c:\program files\gamespy\comrade\npcomrade.dll

FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\harry\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Greek Spelling dictionary: el-GR@dictionaries.addons.mozilla.org - %profile%\extensions\el-GR@dictionaries.addons.mozilla.org

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-10-3 121848]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-31 2253120]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-8-16 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-14 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-6-14 222448]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-9-22 381248]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-9-10 1541360]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-9 2886528]

R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-8-19 741224]

R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-7 918880]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-8-19 27136]

S2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-3 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]

S3 gel90xne;gel90xne;c:\users\harry\appdata\local\temp\gel90xne.sys [2011-6-26 29696]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\363\g2ax_service.exe [2012-1-8 609144]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-4 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-10-3 22536]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-03-18 10:49:12 -------- d-----w- c:\users\harry\appdata\local\{FA9FE39B-C0B3-4C9F-82D1-668FAEFD191C}

2012-03-18 10:48:47 -------- d-----w- c:\users\harry\appdata\local\{6DD7B3BB-5433-4C21-8FE0-85C96ADA6E1D}

2012-03-17 20:16:16 -------- d-----w- c:\users\harry\appdata\local\{84F5980A-C89F-4F83-8138-6CAEDD59B62A}

2012-03-17 20:16:02 -------- d-----w- c:\users\harry\appdata\local\{DCB1BD86-1125-43C8-90AF-18B8D41A19D7}

2012-03-17 20:01:13 -------- d-----w- c:\users\harry\appdata\local\{6DA60324-4714-4F97-9331-9472A013BC31}

2012-03-17 20:00:51 -------- d-----w- c:\users\harry\appdata\local\{76706F5E-7076-491D-8A4F-352BB312F23F}

2012-03-17 12:32:45 -------- d-----w- c:\users\harry\appdata\local\{BBD23AEB-DE3B-4131-BD42-E82AB3F6C9F2}

2012-03-17 12:32:24 -------- d-----w- c:\users\harry\appdata\local\{00C3A765-67D8-4B43-BDE2-CBD5D06C2C66}

2012-03-16 15:43:18 -------- d-----w- c:\users\harry\appdata\local\{D0AEEF20-E0CC-4C18-B4C5-7E6CE090387E}

2012-03-16 15:42:47 -------- d-----w- c:\users\harry\appdata\local\{3E07A1D6-E484-4BFF-ABA6-CED37E9366B4}

2012-03-15 13:39:23 -------- d-----w- c:\users\harry\appdata\local\{D21C57E4-A199-45D6-8251-FC03924A6C0B}

2012-03-15 13:38:54 -------- d-----w- c:\users\harry\appdata\local\{DB5B920D-A2F4-4013-BE27-48A167D93636}

2012-03-15 03:00:36 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:00:35 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 21:56:19 -------- d-----w- c:\users\harry\appdata\local\{DA8C3E98-868D-4404-A3B4-FFA195A2A768}

2012-03-14 21:56:03 -------- d-----w- c:\users\harry\appdata\local\{C64E3434-A136-449E-9F1C-C28CFB82CF30}

2012-03-14 18:23:21 -------- d-----w- c:\users\harry\appdata\roaming\SUPERAntiSpyware.com

2012-03-14 18:23:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-14 18:23:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-14 17:34:37 -------- d-----w- c:\users\harry\appdata\roaming\Uniblue

2012-03-14 17:34:35 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-03-14 17:34:35 -------- d-----w- c:\program files\Uniblue

2012-03-14 17:34:28 -------- d-----w- c:\users\harry\appdata\local\PackageAware

2012-03-14 17:21:36 -------- d-----w- c:\users\harry\appdata\local\{E954D52D-EF64-4488-864F-8798F0A85F09}

2012-03-14 17:21:20 -------- d-----w- c:\users\harry\appdata\local\{C6AAC1F7-7B5A-4467-AF50-5FDFFC514BF7}

2012-03-14 15:10:46 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 15:10:44 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 15:10:44 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 15:10:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 15:10:44 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 15:10:44 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 15:10:36 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 15:10:36 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 15:10:36 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 15:10:29 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 15:10:29 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 15:10:29 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 15:05:28 -------- d-----w- c:\users\harry\appdata\local\{A3F810A1-E0D7-4F75-A225-568D05B4FF43}

2012-03-14 15:05:11 -------- d-----w- c:\users\harry\appdata\local\{3848E79A-C860-4817-9523-DEA83270C75B}

2012-03-14 15:04:43 -------- d-----w- c:\users\harry\appdata\local\sbrkkemb

2012-03-14 14:54:52 -------- d-----w- c:\users\harry\appdata\local\{E8DF708D-BC34-4CA6-8757-A4F1DB770B4A}

2012-03-14 14:54:37 -------- d-----w- c:\users\harry\appdata\local\{0E5F3CB6-CE40-44C3-A197-C5161C8118BB}

2012-03-14 14:09:33 -------- d-----w- c:\users\harry\appdata\local\{AD1F02F4-BEFD-4496-9913-6FD3D2EA96B2}

2012-03-14 14:09:20 -------- d-----w- c:\users\harry\appdata\local\{75F5DB4E-C44C-4108-BB44-D94F4DD4515F}

2012-03-14 13:03:18 -------- d-----w- c:\users\harry\appdata\local\{F33D162B-DA2A-4E08-926C-4CE6873D0441}

2012-03-14 13:03:01 -------- d-----w- c:\users\harry\appdata\local\{08E3F4F0-5460-4C6E-B6BB-E19CEC33E34F}

2012-03-14 12:27:01 -------- d-----w- c:\users\harry\appdata\local\{88071307-DBE9-44CC-8766-7565821440CB}

2012-03-14 12:26:43 -------- d-----w- c:\users\harry\appdata\local\{DE4CD46E-0911-45BC-9A59-E6540BF99B15}

2012-03-13 23:31:24 -------- d-----w- c:\users\harry\appdata\local\{93987229-A5EA-4710-BEE3-70330CC58092}

2012-03-13 15:44:49 -------- d-----w- c:\users\harry\appdata\local\{BEC62BA9-6C72-4482-8C83-A9E248DBCBCE}

2012-03-13 15:44:24 -------- d-----w- c:\users\harry\appdata\local\{4C1194DE-1AEB-4965-A13B-150429F25DFD}

2012-03-12 15:33:46 -------- d-----w- c:\users\harry\appdata\local\{D0DA8468-C813-42C5-8005-FE6C983F6234}

2012-03-12 15:33:34 -------- d-----w- c:\users\harry\appdata\local\{BAB833FF-2209-4126-B080-4B95E8A97C15}

2012-03-11 17:01:59 -------- d-----w- c:\program files\PFPortChecker

2012-03-11 16:02:00 -------- d-----w- c:\programdata\Citrix

2012-03-11 16:01:32 103784 ----a-w- c:\users\harry\GoToAssistDownloadHelper.exe

2012-03-11 14:59:06 -------- d-----w- c:\users\harry\appdata\local\{14F87595-F8C8-4C1C-B01A-43425A4F38FC}

2012-03-11 11:29:17 -------- d-----w- c:\users\harry\appdata\local\{2B0B01A3-F149-4800-9AAA-F1964F871716}

2012-03-11 11:29:06 -------- d-----w- c:\users\harry\appdata\local\{926DA058-47B1-43F2-B245-308DF7A704D0}

2012-03-10 17:19:11 -------- d-----w- c:\users\harry\appdata\local\{1899EE0C-859B-4FFF-9E0A-FB67E9B31231}

2012-03-10 17:18:46 -------- d-----w- c:\users\harry\appdata\local\{DAC7695F-E786-4EEE-B328-9D65D279764B}

2012-03-10 11:58:06 -------- d-----w- c:\users\harry\appdata\local\{30B4454A-66A5-435C-B369-05EE167D9ACA}

2012-03-10 11:57:54 -------- d-----w- c:\users\harry\appdata\local\{2A1677C6-84FC-4564-AFEC-3542E8827444}

2012-03-09 21:47:50 -------- d-----w- C:\.minecraft

2012-03-09 21:13:16 -------- d-----w- c:\users\harry\appdata\roaming\.techniclauncher

2012-03-09 15:43:38 -------- d-----w- c:\users\harry\appdata\local\{E626250C-8896-42C7-98A5-E3E2A7814045}

2012-03-09 15:43:26 -------- d-----w- c:\users\harry\appdata\local\{ABBC5C2D-8E83-4E0F-B943-FE685CF34078}

2012-03-08 11:50:46 -------- d-----w- c:\users\harry\appdata\local\{868EB58D-ADDC-4A6F-B72D-51C0E25E27EC}

2012-03-08 11:50:33 -------- d-----w- c:\users\harry\appdata\local\{315C9233-34E8-4ABF-B423-8FF45542DCE4}

2012-03-07 15:51:41 -------- d-----w- c:\users\harry\appdata\local\{10B90341-4227-4541-921B-2F113D5BF5D7}

2012-03-07 15:51:27 -------- d-----w- c:\users\harry\appdata\local\{B8DFC8D4-95AE-4721-915F-91448C52DFA1}

2012-03-07 12:21:28 -------- d-----w- c:\users\harry\appdata\local\{51C17B0D-C6FF-442E-A2A1-0D4FA89CCE60}

2012-03-07 12:21:17 -------- d-----w- c:\users\harry\appdata\local\{ABDDB113-1B11-41C3-A7AF-7908D0CC21C5}

2012-03-06 17:25:06 -------- d-----w- c:\users\harry\appdata\local\{585DD089-9178-48CE-9FC3-C94725F568D0}

2012-03-06 17:24:53 -------- d-----w- c:\users\harry\appdata\local\{5201ABD5-5AE0-462C-9D80-AB0CA21C9CC3}

2012-03-05 15:45:04 -------- d-----w- c:\users\harry\appdata\local\{BE3319CC-DA95-44F2-A5A9-01F96505DF6F}

2012-03-05 15:44:52 -------- d-----w- c:\users\harry\appdata\local\{A084736C-4375-4583-8586-9F45B526A65F}

2012-03-04 12:34:00 -------- d-----w- c:\users\harry\appdata\local\{559870AD-9128-448B-900E-D9E09CB34150}

2012-03-04 12:33:49 -------- d-----w- c:\users\harry\appdata\local\{12C2C649-2D23-47A7-9CE3-84A692BCDBA3}

2012-03-03 17:13:42 -------- d-----w- c:\users\harry\appdata\local\{BE8D4749-6177-4C20-AF54-5342E9118694}

2012-03-03 17:13:30 -------- d-----w- c:\users\harry\appdata\local\{9119F8A8-968A-4E90-B930-7D9634348209}

2012-03-03 12:45:36 -------- d-----w- c:\users\harry\appdata\local\{E641B2FB-DAEF-4EEC-B8E4-544E3E1E98BF}

2012-03-03 12:45:21 -------- d-----w- c:\users\harry\appdata\local\{54AFCCD2-E613-46B8-A8F8-0D34846F5561}

2012-03-02 21:10:01 -------- d-----w- c:\program files\GTactix

2012-03-02 20:34:20 -------- d-----w- c:\program files\Advanced Tactical Center

2012-03-02 17:47:55 -------- d-----w- c:\users\harry\appdata\roaming\Lyyt

2012-03-02 17:47:55 -------- d-----w- c:\users\harry\appdata\roaming\Kayxoc

2012-03-02 15:58:03 -------- d-----w- c:\users\harry\appdata\local\{E4A52EE6-26C6-4E39-9456-3E328103B3D5}

2012-03-02 15:57:35 -------- d-----w- c:\users\harry\appdata\local\{AE63A95F-DFAB-4ADD-AE37-E57885E8CD73}

2012-03-01 13:44:25 -------- d-----w- c:\users\harry\appdata\local\{4BAEDAB1-8A14-40DD-A28B-8C8B7483519F}

2012-02-29 12:22:36 -------- d-----w- c:\users\harry\appdata\local\{8AF82BFF-826E-4E50-9915-ADDB9A2455D6}

2012-02-29 12:22:14 -------- d-----w- c:\program files\LogMeIn Hamachi

2012-02-29 12:22:08 -------- d-----w- c:\users\harry\appdata\local\{4C49B392-DCD6-4ED1-8D28-0FC29477C6A7}

2012-02-28 15:41:01 -------- d-----w- c:\users\harry\appdata\local\{36BCEEE9-9FC5-4959-BB9B-C836FD4E73D5}

2012-02-28 15:40:44 -------- d-----w- c:\users\harry\appdata\local\{4FD2730C-017D-4CA7-801C-47F31039CD4B}

2012-02-27 16:22:13 -------- d-----w- c:\users\harry\appdata\local\{F118E16E-9163-4C1F-8FF0-8047D35E1A0F}

2012-02-27 16:21:59 -------- d-----w- c:\users\harry\appdata\local\{F1822AB0-50C9-4388-8D05-430AA01D245E}

2012-02-26 22:15:30 -------- d-----r- c:\program files\Skype

2012-02-26 10:23:13 -------- d-----w- c:\users\harry\appdata\local\{8E213D86-4FEF-4CD5-AC58-58D19CC29846}

2012-02-26 10:22:49 -------- d-----w- c:\users\harry\appdata\local\{EAEDADF0-B0F7-4ED4-A103-D9DD1E8AC8C7}

2012-02-25 16:29:48 -------- d-----w- c:\users\harry\appdata\local\{0FEA2853-A9AD-41E2-8EEF-50FFA923D6A3}

2012-02-25 16:29:34 -------- d-----w- c:\users\harry\appdata\local\{CDBD78FA-A866-4CF5-87D5-A574BF6413A1}

2012-02-24 14:32:24 -------- d-----w- c:\users\harry\appdata\local\{7F89F8AD-E321-4517-9EF1-0555C88845F2}

2012-02-24 14:32:10 -------- d-----w- c:\users\harry\appdata\local\{669E2E9E-6286-4D34-8520-D09A37683A37}

2012-02-23 16:46:36 -------- d-----w- C:\Temp

2012-02-23 13:45:57 -------- d-----w- c:\users\harry\appdata\local\{6FCC6789-6830-49CB-BAE9-C59185055876}

2012-02-22 16:37:20 -------- d-----w- c:\users\harry\appdata\local\Focus Home Interactive

2012-02-22 15:44:18 -------- d-----w- c:\users\harry\appdata\local\{BD076E15-1F96-4CA7-AA76-37CFFDA9A016}

2012-02-22 15:44:02 -------- d-----w- c:\users\harry\appdata\local\{2F888606-6EE7-4002-80B8-F6D12F262DB2}

2012-02-21 16:41:24 -------- d-----w- c:\users\harry\appdata\local\{CE4B6A5F-3BB3-45D2-8322-634A15A69FE8}

2012-02-21 16:41:08 -------- d-----w- c:\users\harry\appdata\local\{0AED428F-6737-4698-ACEC-3795B89D187B}

2012-02-20 15:39:12 -------- d-----w- c:\users\harry\appdata\local\{500AAD5C-7340-4D7A-A485-78EB16F082AA}

2012-02-20 15:38:57 -------- d-----w- c:\users\harry\appdata\local\{DD323128-A243-43F8-8F19-80EEF18C8088}

2012-02-19 12:50:40 -------- d-----w- c:\users\harry\appdata\local\{0661718F-E35F-4B55-A8F1-2A57E9C09AE8}

2012-02-19 12:50:28 -------- d-----w- c:\users\harry\appdata\local\{FBEFE742-6D32-4473-B7DC-0617AF5354D3}

2012-02-18 17:18:59 -------- d-----w- c:\users\harry\appdata\local\{3DF61EB1-FFB6-48F1-8FC7-760E106D889D}

2012-02-18 17:18:45 -------- d-----w- c:\users\harry\appdata\local\{F76FC911-2253-4B05-8E85-2A31F3F32925}

.

==================== Find3M ====================

.

2012-03-11 17:30:28 139176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-03-11 17:30:19 282864 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-03-11 17:30:19 282864 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-03-11 17:30:07 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-03-10 20:27:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-25 23:12:01 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-02-25 23:10:03 138056 ----a-w- c:\users\harry\appdata\roaming\PnkBstrK.sys

2012-02-25 16:34:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-08 17:28:47 110456 ----a-w- c:\users\harry\g2ax_customer_downloadhelper_win32_x86.exe

2012-01-04 09:03:07 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-03 05:44:24 478208 ----a-w- c:\windows\system32\timedate.cpl

.

============= FINISH: 19:36:02.58 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 03/10/2010 16:49:57

System Uptime: 18/03/2012 10:47:32 (9 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A78LT-M

Processor: AMD Athlon II X2 250 Processor | AM3 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 90.649 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\5&21616667&0&1

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\5&21616667&0&1

Service:

.

==== System Restore Points ===================

.

RP525: 14/03/2012 17:59:41 - OTL Restore Point - 14/03/2012 17:59:41

RP526: 15/03/2012 03:00:19 - Windows Update

.

==== Installed Programs ======================

.

Ace of Spades

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader 9.3

Advanced Tactical Center™ 1.0

Age of Chivalry

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArmA 2 Free Uninstall

AVG 2012

Battlefield 2142

Battlefield 3™

Battlefield 3™ Open Beta

Battlelog Web Plugins

BattlEye (A2Free) Uninstall

BattlEye Uninstall

Bing Bar

BioShock 2

Black Hawk Down Map Pack v0.22b

Blackhawk Down Mod v0.22b

Bonjour

Breach

Brink

Brytenwalda 1.31 version 1.31

Call of Duty: Black Ops - Multiplayer

Cities XL 2012

Clear Sky Complete

Commandos 2: Men of Courage

Company of Heroes Online Launcher (THQ)

Conduit Engine

D3DX10

Darkspore Beta

DarthMod Ultimate Commander Edition

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

E.Y.E: Divine Cybermancy

Empires

ESN Sonar

Faction Fronts Clear Sky 1.2.3

Fallen Earth

First Strike Mod

Galactic Civilizations II - Ultimate Edition

GamersFirst LIVE!

GameSpy Comrade

GangLand Singleplayer Demo

Garry's Mod

GoToManage Customer 1.6.0.363

GTA4 Mod Installer 0.4.0B

GTactix

Half-Life

Half-Life 2

Homeworld2

Homeworld2 Demo

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)

Impulse

Insurgency

iTunes

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Lead and Gold - Gangs of the Wild West

LogMeIn Hamachi

MabinogiEU

Malwarebytes Anti-Malware version 1.60.0.1800

Mandate Of Heaven for Crysis

Medieval II Total War

Men of War: Assault Squad ver. 0.9.60 (1.60.2) patch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Corporation

Microsoft Game Studios Common Redistributables Pack 1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files (English)

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server VSS Writer

Microsoft Visual C# 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Visual J# 2.0 Redistributable Package - SE

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft XML Parser

Microsoft XNA Framework Redistributable 3.0

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio 3.1

Microsoft XNA Game Studio 3.1 (ARP entry)

Microsoft XNA Game Studio 3.1 (Platformer)

Microsoft XNA Game Studio 3.1 (Redists)

Microsoft XNA Game Studio 3.1 (Shared Components)

Microsoft XNA Game Studio 3.1 (VCSExpress)

Microsoft XNA Game Studio 3.1 (XnaLiveProxy)

Microsoft XNA Game Studio 3.1 Documentation

Microsoft XNA Game Studio Platform Tools

Monday Night Combat

MountMusket Battalion

Mozilla Firefox (3.6.10)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NehrimUninstaller

Nexus Mod Manager

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 285.38

NVIDIA 3D Vision Driver 285.38

NVIDIA Control Panel 285.38

NVIDIA Display Control Panel

NVIDIA Graphics Driver 285.38

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.11.0621

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.5.20

NVIDIA Update Components

Oblivion mod manager 1.1.12

Origin

Overwatch Mod 1.2.0

Pando Media Booster

PAYDAY: The Heist

PFPortChecker 1.0.39

Predator v0.2 alpha

PunkBuster Services

QuickTime

Red Orchestra 2: Heroes of Stalingrad

Renegade-X v0.55 Beta

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487)

Sid Meier's Civilization V

Skype Click to Call

Skype™ 5.8

Sophos Anti-Virus

Sophos AutoUpdate

Source SDK Base 2007

Spring 0.82.7

Sql Server Customer Experience Improvement Program

SQL Server System CLR Types

Stalker Complete 2009 v1.4.4

Star Trek Continuum Release ALPHA

Star Trek Online

Steam

SUPERAntiSpyware

System Requirements Lab

TeamSpeak 3 Client

TeamViewer 7

The Elder Scrolls V: Skyrim

The Lord of the Rings Online™ v03.02.05.8032

The Sims 3

TortoiseSVN 1.6.8.19260 (32 bit)

Total War: SHOGUN 2

Trojan Killer 2.1

TuneUp Companion 1.9.0

Tunngle beta

Ubisoft Game Launcher

Uniblue RegistryBooster

Uninstall MEC2

Unity Web Player

Universe Sandbox

Unreal Tournament 3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Ventrilo Client

Vuze

Vuze Remote Toolbar

Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR archiver

World in Conflict MW Mod 2.0 Open Beta R8

WWI Source 1.13b

X-Universe Plugin Manager V1.30 by Cycrow

X3: Albion Prelude

X3: Terran Conflict

Zero-K

Zombie Panic Source

.

==== Event Viewer Messages From Past Week ========

.

18/03/2012 10:48:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 prohlp02 sfhlp01

18/03/2012 10:47:38, Error: Application Popup [875] - Driver prodrv06.sys has been blocked from loading.

18/03/2012 10:47:35, Error: Application Popup [875] - Driver sfhlp01.sys has been blocked from loading.

18/03/2012 10:47:35, Error: Application Popup [875] - Driver prohlp02.sys has been blocked from loading.

17/03/2012 12:33:11, Error: Service Control Manager [7034] - The Sophos AutoUpdate Service service terminated unexpectedly. It has done this 1 time(s).

17/03/2012 12:33:11, Error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).

15/03/2012 13:38:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

15/03/2012 13:38:57, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

14/03/2012 20:41:53, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

14/03/2012 20:40:16, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

14/03/2012 20:40:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

14/03/2012 20:40:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

14/03/2012 20:40:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

14/03/2012 20:40:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

14/03/2012 20:40:01, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache prodrv06 prohlp02 SASDIFSV SASKUTIL SAVOnAccess sfhlp01 spldr Wanarpv6

14/03/2012 18:20:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache prodrv06 prohlp02 SAVOnAccess sfhlp01 spldr Wanarpv6

14/03/2012 15:04:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.

14/03/2012 07:29:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Games for Windows Software 3.5.

14/03/2012 02:14:28, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

13/03/2012 23:36:26, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {24DC0815-9D82-47FD-81B3-11DE033EF7A3}. The error: "740" Happened while starting this command: "C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe" -Embedding

12/03/2012 15:33:28, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831

.

==== End Of File ===========================

Also i have scanned it some stuff came up but it still keeps coming back

Edited by Maurice Naggar
Merged into 1 post
Link to post
Share on other sites

Hello,

These steps are for madlew34 only. If you are a casual viewer, do NOT try this on your system!

If you are not madlew34 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

The reports show you have 3 antivirus apps on this system?? That will lead to serious conflicts and less security.:excl:

Sophos antivirus

AVG Internet Security 2012

Spyware Doctor with AntiVirus

Whichever you do not have a current license for, then de-install. :excl:

Trim it down to just only 1 antivirus and tell me which one you kept.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 4
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Copy & Paste contents of RogueKiller log & Checkup.txt .

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: Harry [Admin rights]

Mode: Scan -- Date: 03/18/2012 20:42:27

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] csmjdrin.exe -- C:\Users\Harry\AppData\Local\sbrkkemb\csmjdrin.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Harry\Desktop\sdasetup_revwire207.exe -min) -> FOUND

[sUSP PATH] HKCU\[...]\Run : CsmJdrin (C:\Users\Harry\AppData\Local\sbrkkemb\csmjdrin.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3804439859-2242649139-759338674-1001[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Harry\Desktop\sdasetup_revwire207.exe -min) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3804439859-2242649139-759338674-1001[...]\Run : CsmJdrin (C:\Users\Harry\AppData\Local\sbrkkemb\csmjdrin.exe) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++

--- User ---

[MBR] 9ee31b4cddafdc7431b7ca820187bee2

[bSP] c36a85400f80193ca468591fe724b767 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.31

Windows 7 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

Sophos Anti-Virus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

TuneUp Companion 1.9.0

Java 6 Update 31

Adobe Flash Player 11.1.102.62

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (3.6.10) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgnsx.exe

Sophos Sophos Anti-Virus SavService.exe

Sophos Sophos Anti-Virus SAVAdminService.exe

Sophos Sophos Anti-Virus Web Intelligence swi_service.exe

``````````End of Log````````````

Link to post
Share on other sites

No, we cannot proceed until you remove one or 2 of the following antivirus apps!

AVG 2012 or

Sophos Anti-Virus

IF you have a license for Sophos, then de-install AVG 2012.

If you do not have a license for Sophos, then un-install Sophos.

De-install Spyware Doctor if you do not have a current license.

Let me know after you have this cleared up & confirm.

Having more than 1 antivirus program active will cause much conflicts and grief for you :excl:

Edited by Maurice Naggar
Link to post
Share on other sites

Step 2

If you have a prior copy of Combofix, delete it now :excl:

Disable (turn off) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Link to post
Share on other sites

ComboFix 12-03-17.01 - Harry 18/03/2012 21:57:34.1.2 - x86

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.44.1033.18.3326.2073 [GMT 0:00]

Running from: c:\users\Harry\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\INSTALL.LOG

c:\users\Harry\AppData\Local\cinduhka.log

c:\users\Harry\AppData\Local\ektowquj.log

c:\users\Harry\AppData\Local\eykgolrq.log

c:\users\Harry\AppData\Local\ldkvgmeh.log

c:\users\Harry\AppData\Local\pmnfujya.log

c:\users\Harry\AppData\Local\rfhyhidd.log

c:\users\Harry\AppData\Local\sbrkkemb\csmjdrin.exe

c:\users\Harry\AppData\Local\vtwomrab.log

c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csmjdrin.exe

c:\users\Harry\Desktop\Setup.exe

c:\users\Harry\Documents\~WRL1964.tmp

c:\users\Harry\g2ax_customer_downloadhelper_win32_x86.exe

c:\users\Harry\GoToAssistDownloadHelper.exe

.

c:\windows\system32\grpconv.exe was missing

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_a25e7b019f016e70\grpconv.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MICORSOFT_WINDOWS_SERVICE

.

.

((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))

.

.

2012-03-18 22:08 . 2012-03-18 22:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-18 22:08 . 2012-03-18 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-18 22:08 . 2009-07-14 01:14 16384 ----a-w- c:\windows\system32\grpconv.exe

2012-03-18 21:50 . 2012-03-18 22:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{453F116D-3EFC-49EC-88A5-40DBAECB730F}\offreg.dll

2012-03-18 21:18 . 2012-03-18 21:18 97616 ---ha-w- c:\windows\system32\zGCBlkl

2012-03-18 20:24 . 2012-03-18 20:24 -------- d-----w- c:\program files\ERUNT

2012-03-15 03:00 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:00 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 18:23 . 2012-03-14 18:23 -------- d-----w- c:\users\Harry\AppData\Roaming\SUPERAntiSpyware.com

2012-03-14 17:34 . 2012-03-14 17:34 -------- d-----w- c:\users\Harry\AppData\Roaming\Uniblue

2012-03-14 17:34 . 2012-03-14 17:34 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-03-14 17:34 . 2012-03-14 17:34 -------- d-----w- c:\program files\Uniblue

2012-03-14 17:34 . 2012-03-14 17:34 -------- d-----w- c:\users\Harry\AppData\Local\PackageAware

2012-03-14 15:10 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 15:10 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 15:10 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 15:10 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 15:10 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 15:10 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 15:10 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 15:10 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 15:10 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 15:10 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 15:10 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 15:10 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 15:04 . 2012-03-18 22:08 -------- d-----w- c:\users\Harry\AppData\Local\sbrkkemb

2012-03-13 23:32 . 2012-03-13 23:32 -------- d-----w- c:\windows\Sun

2012-03-11 17:01 . 2012-03-11 17:01 -------- d-----w- c:\program files\PFPortChecker

2012-03-11 16:02 . 2012-03-11 16:02 -------- d-----w- c:\programdata\Citrix

2012-03-10 20:28 . 2012-03-10 20:28 -------- d-----w- c:\program files\Common Files\Java

2012-03-09 21:47 . 2012-03-09 21:48 -------- d-----w- C:\.minecraft

2012-03-09 21:13 . 2012-03-14 22:07 -------- d-----w- c:\users\Harry\AppData\Roaming\.techniclauncher

2012-03-02 21:10 . 2012-03-02 21:20 -------- d-----w- c:\program files\GTactix

2012-03-02 20:34 . 2012-03-02 20:34 -------- d-----w- c:\program files\Advanced Tactical Center

2012-03-02 17:47 . 2012-03-03 00:20 -------- d-----w- c:\users\Harry\AppData\Roaming\Kayxoc

2012-03-02 17:47 . 2012-03-02 21:17 -------- d-----w- c:\users\Harry\AppData\Roaming\Lyyt

2012-02-29 12:22 . 2012-02-29 12:22 -------- d-----w- c:\program files\LogMeIn Hamachi

2012-02-26 22:15 . 2012-03-14 22:26 -------- d-----w- c:\users\Harry\AppData\Roaming\Skype

2012-02-26 22:15 . 2012-02-26 22:16 -------- d-----r- c:\program files\Skype

2012-02-26 22:15 . 2012-02-26 22:15 -------- d-----w- c:\program files\Common Files\Skype

2012-02-26 22:15 . 2012-02-26 22:15 -------- d-----w- c:\programdata\Skype

2012-02-23 16:46 . 2012-02-23 19:47 -------- d-----w- C:\Temp

2012-02-22 16:37 . 2012-02-22 16:37 -------- d-----w- c:\users\Harry\AppData\Local\Focus Home Interactive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-11 17:30 . 2010-12-05 09:51 139176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-03-11 17:30 . 2010-12-05 13:34 282864 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-03-11 17:30 . 2010-12-05 09:51 282864 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-03-11 17:30 . 2010-12-05 09:51 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-03-10 20:27 . 2010-12-27 21:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-25 23:12 . 2010-12-05 09:51 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-02-25 23:10 . 2010-12-05 09:51 138056 ----a-w- c:\users\Harry\AppData\Roaming\PnkBstrK.sys

2012-02-25 16:34 . 2011-05-16 14:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 00:32 . 2012-02-15 00:32 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-15 00:32 . 2012-02-15 00:32 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-15 00:32 . 2012-02-15 00:32 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-15 00:32 . 2012-02-15 00:32 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-15 00:32 . 2012-02-15 00:32 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-15 00:32 . 2012-02-15 00:32 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-15 00:32 . 2012-02-15 00:32 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-15 00:32 . 2012-02-15 00:32 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-15 00:32 . 2012-02-15 00:32 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-15 00:32 . 2012-02-15 00:32 367104 ----a-w- c:\windows\system32\html.iec

2012-02-15 00:32 . 2012-02-15 00:32 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-15 00:32 . 2012-02-15 00:32 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-15 00:32 . 2012-02-15 00:32 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-15 00:32 . 2012-02-15 00:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-15 00:32 . 2012-02-15 00:32 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-15 00:32 . 2012-02-15 00:32 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-15 00:32 . 2012-02-15 00:32 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-15 00:32 . 2012-02-15 00:32 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-15 00:32 . 2012-02-15 00:32 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-15 00:32 . 2012-02-15 00:32 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-02-15 00:32 . 2012-02-15 00:32 101888 ----a-w- c:\windows\system32\admparse.dll

2012-01-04 09:03 . 2012-02-15 11:56 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-03 05:44 . 2012-02-15 11:56 478208 ----a-w- c:\windows\system32\timedate.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-03 10:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-01-03 10:16 175400 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 08:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2011-03-17 1204640]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-10-23 536576]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]

"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2012-03-02 67968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-06-14 439536]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-2 2586736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]

2012-01-08 17:29 608632 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 gel90xne;gel90xne;c:\users\Harry\AppData\Local\Temp\gel90xne.sys [x]

R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe Start=service [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-04 1343400]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-03-02 22536]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-03-02 121848]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-08-16 163056]

S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-14 97520]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-09-10 1541360]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2011-08-09 741224]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-18 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-03-14 15:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://uk.ask.com/?l=dis&o=15179

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\m2z3qakm.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com/?l=dis&o=15179

FF - prefs.js: network.proxy.type - 0

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Greek Spelling dictionary: el-GR@dictionaries.addons.mozilla.org - %profile%\extensions\el-GR@dictionaries.addons.mozilla.org

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-CsmJdrin - c:\users\Harry\AppData\Local\sbrkkemb\csmjdrin.exe

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL

AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye A2 Free - c:\program files\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe

AddRemove-Homeworld2 Demo - c:\program files\Sierra\Homeworld2 Demo\uninstall.exe

AddRemove-Oblivion mod manager_is1 - c:\program files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe

AddRemove-{3E4097DA-F6B7-4B3A-86B8-8F64D87650A7}_is1 - c:\program files\Mount&Blade Warband\Modules\mm prussia5\unins000.exe

AddRemove-{74271BBB-B5A8-4FA3-B324-6E41B5249DBD}_is1 - c:\program files\Mount&Blade Warband\Modules\mm russia2\unins000.exe

AddRemove-{90E2862C-5B70-418E-B98C-4AA412485D2E}_is1 - c:\program files\Mount&Blade Warband\Modules\Brytenwalda 1.31\unins000.exe

AddRemove-{C8F3F9A3-5FD9-463A-939D-946C87B26A75}_is1 - c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\gamedata\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3804439859-2242649139-759338674-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3804439859-2242649139-759338674-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3804439859-2242649139-759338674-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:7a,89,aa,ef,a5,b8,43,2a,70,72,f5,22,06,ff,a1,e3,37,5e,e1,b8,29,29,f0,

e2,ff,a9,38,a5,69,ba,c8,bd,61,4d,14,31,81,bb,ca,55,45,03,b5,ca,2a,4c,6c,4a,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

[HKEY_USERS\S-1-5-21-3804439859-2242649139-759338674-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:fe,e0,eb,17,00,6d,36,7f,6f,94,36,52,9b,00,e7,5d,13,55,e5,d9,8e,

73,b6,76,e0,b2,23,8f,46,0d,35,20,0a,4b,98,21,0d,e5,7d,a8,6e,3b,42,70,84,08,\

"rkeysecu"=hex:89,b0,3c,45,0f,2f,c7,ca,4a,5e,db,ea,16,b7,db,0c

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4048)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\taskhost.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

.

**************************************************************************

.

Completion time: 2012-03-18 22:16:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-18 22:16

.

Pre-Run: 98,200,932,352 bytes free

Post-Run: 109,635,678,208 bytes free

.

- - End Of File - - 71DB91672C06A735EEC5604095CA175A

Link to post
Share on other sites

Let's continue to check the system with some other tools.

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

The version you have of MBAM is out-dated. You need to remove the old version and get & setup the latest MBAM. Then run a scan with it.

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Run a FULL scan with MBAM

Step 4

Re-enable the anti-virus application that you turned off before.

Copy & Paste the contents of aswMBR log

TDSSKILLER log

the latest MBAM scan log

and tell me, How is your computer now ?

Edited by Maurice Naggar
Link to post
Share on other sites

20:37:04.0396 3828 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

20:37:04.0487 3828 ============================================================

20:37:04.0487 3828 Current date / time: 2012/03/19 20:37:04.0487

20:37:04.0487 3828 SystemInfo:

20:37:04.0487 3828

20:37:04.0487 3828 OS Version: 6.1.7600 ServicePack: 0.0

20:37:04.0487 3828 Product type: Workstation

20:37:04.0487 3828 ComputerName: HARRY-PC

20:37:04.0488 3828 UserName: Harry

20:37:04.0488 3828 Windows directory: C:\Windows

20:37:04.0488 3828 System windows directory: C:\Windows

20:37:04.0488 3828 Processor architecture: Intel x86

20:37:04.0488 3828 Number of processors: 2

20:37:04.0488 3828 Page size: 0x1000

20:37:04.0488 3828 Boot type: Normal boot

20:37:04.0488 3828 ============================================================

20:37:05.0380 3828 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:37:05.0382 3828 \Device\Harddisk0\DR0:

20:37:05.0382 3828 MBR used

20:37:05.0382 3828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

20:37:05.0416 3828 Initialize success

20:37:05.0416 3828 ============================================================

20:37:06.0822 3740 ============================================================

20:37:06.0822 3740 Scan started

20:37:06.0822 3740 Mode: Manual;

20:37:06.0822 3740 ============================================================

20:37:07.0754 3740 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

20:37:07.0757 3740 1394ohci - ok

20:37:07.0787 3740 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

20:37:07.0789 3740 ACPI - ok

20:37:07.0803 3740 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

20:37:07.0804 3740 AcpiPmi - ok

20:37:07.0851 3740 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

20:37:07.0855 3740 adp94xx - ok

20:37:07.0883 3740 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

20:37:07.0885 3740 adpahci - ok

20:37:07.0904 3740 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

20:37:07.0905 3740 adpu320 - ok

20:37:07.0969 3740 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

20:37:07.0975 3740 AFD - ok

20:37:07.0999 3740 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

20:37:08.0001 3740 agp440 - ok

20:37:08.0048 3740 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

20:37:08.0050 3740 aic78xx - ok

20:37:08.0092 3740 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

20:37:08.0092 3740 aliide - ok

20:37:08.0111 3740 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

20:37:08.0112 3740 amdagp - ok

20:37:08.0131 3740 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

20:37:08.0132 3740 amdide - ok

20:37:08.0141 3740 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

20:37:08.0142 3740 AmdK8 - ok

20:37:08.0160 3740 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

20:37:08.0161 3740 AmdPPM - ok

20:37:08.0224 3740 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

20:37:08.0226 3740 amdsata - ok

20:37:08.0253 3740 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

20:37:08.0256 3740 amdsbs - ok

20:37:08.0275 3740 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

20:37:08.0276 3740 amdxata - ok

20:37:08.0342 3740 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

20:37:08.0343 3740 AppID - ok

20:37:08.0438 3740 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

20:37:08.0439 3740 arc - ok

20:37:08.0456 3740 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

20:37:08.0457 3740 arcsas - ok

20:37:08.0558 3740 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

20:37:08.0560 3740 AsyncMac - ok

20:37:08.0581 3740 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

20:37:08.0582 3740 atapi - ok

20:37:08.0642 3740 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

20:37:08.0647 3740 atksgt - ok

20:37:08.0732 3740 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

20:37:08.0735 3740 b06bdrv - ok

20:37:08.0777 3740 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

20:37:08.0779 3740 b57nd60x - ok

20:37:08.0825 3740 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

20:37:08.0825 3740 Beep - ok

20:37:08.0863 3740 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

20:37:08.0864 3740 blbdrive - ok

20:37:08.0928 3740 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

20:37:08.0930 3740 bowser - ok

20:37:08.0953 3740 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:37:08.0954 3740 BrFiltLo - ok

20:37:08.0971 3740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:37:08.0972 3740 BrFiltUp - ok

20:37:09.0049 3740 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

20:37:09.0051 3740 BridgeMP - ok

20:37:09.0121 3740 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

20:37:09.0123 3740 Brserid - ok

20:37:09.0144 3740 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

20:37:09.0145 3740 BrSerWdm - ok

20:37:09.0166 3740 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:37:09.0167 3740 BrUsbMdm - ok

20:37:09.0188 3740 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

20:37:09.0188 3740 BrUsbSer - ok

20:37:09.0204 3740 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

20:37:09.0204 3740 BTHMODEM - ok

20:37:09.0327 3740 catchme - ok

20:37:09.0425 3740 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

20:37:09.0426 3740 cdfs - ok

20:37:09.0474 3740 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

20:37:09.0476 3740 cdrom - ok

20:37:09.0520 3740 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

20:37:09.0521 3740 circlass - ok

20:37:09.0548 3740 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

20:37:09.0551 3740 CLFS - ok

20:37:09.0605 3740 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

20:37:09.0605 3740 CmBatt - ok

20:37:09.0626 3740 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

20:37:09.0629 3740 cmdide - ok

20:37:09.0681 3740 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

20:37:09.0684 3740 CNG - ok

20:37:09.0700 3740 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

20:37:09.0700 3740 Compbatt - ok

20:37:09.0734 3740 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:37:09.0735 3740 CompositeBus - ok

20:37:09.0777 3740 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

20:37:09.0778 3740 crcdisk - ok

20:37:09.0823 3740 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

20:37:09.0826 3740 CSC - ok

20:37:09.0883 3740 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

20:37:09.0885 3740 DfsC - ok

20:37:09.0916 3740 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

20:37:09.0917 3740 discache - ok

20:37:09.0961 3740 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

20:37:09.0962 3740 Disk - ok

20:37:10.0008 3740 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

20:37:10.0009 3740 drmkaud - ok

20:37:10.0068 3740 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

20:37:10.0079 3740 DXGKrnl - ok

20:37:10.0161 3740 EagleNT - ok

20:37:10.0323 3740 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

20:37:10.0346 3740 ebdrv - ok

20:37:10.0382 3740 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

20:37:10.0385 3740 elxstor - ok

20:37:10.0402 3740 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

20:37:10.0402 3740 ErrDev - ok

20:37:10.0442 3740 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

20:37:10.0443 3740 exfat - ok

20:37:10.0460 3740 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

20:37:10.0461 3740 fastfat - ok

20:37:10.0479 3740 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

20:37:10.0479 3740 fdc - ok

20:37:10.0517 3740 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

20:37:10.0517 3740 FileInfo - ok

20:37:10.0527 3740 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

20:37:10.0528 3740 Filetrace - ok

20:37:10.0542 3740 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

20:37:10.0542 3740 flpydisk - ok

20:37:10.0580 3740 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

20:37:10.0581 3740 FltMgr - ok

20:37:10.0622 3740 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

20:37:10.0623 3740 FsDepends - ok

20:37:10.0705 3740 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

20:37:10.0706 3740 fssfltr - ok

20:37:10.0748 3740 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

20:37:10.0749 3740 Fs_Rec - ok

20:37:10.0793 3740 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

20:37:10.0797 3740 fvevol - ok

20:37:10.0838 3740 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:37:10.0839 3740 gagp30kx - ok

20:37:10.0883 3740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:37:10.0884 3740 GEARAspiWDM - ok

20:37:10.0951 3740 gel90xne - ok

20:37:11.0060 3740 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

20:37:11.0061 3740 hamachi - ok

20:37:11.0129 3740 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

20:37:11.0131 3740 hcw85cir - ok

20:37:11.0156 3740 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

20:37:11.0161 3740 HdAudAddService - ok

20:37:11.0206 3740 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:37:11.0208 3740 HDAudBus - ok

20:37:11.0222 3740 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

20:37:11.0222 3740 HidBatt - ok

20:37:11.0243 3740 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

20:37:11.0244 3740 HidBth - ok

20:37:11.0290 3740 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

20:37:11.0292 3740 HidIr - ok

20:37:11.0340 3740 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

20:37:11.0341 3740 HidUsb - ok

20:37:11.0424 3740 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

20:37:11.0426 3740 HpSAMD - ok

20:37:11.0464 3740 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

20:37:11.0468 3740 HTTP - ok

20:37:11.0479 3740 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

20:37:11.0480 3740 hwpolicy - ok

20:37:11.0498 3740 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

20:37:11.0499 3740 i8042prt - ok

20:37:11.0566 3740 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

20:37:11.0571 3740 iaStorV - ok

20:37:11.0642 3740 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

20:37:11.0644 3740 iirsp - ok

20:37:11.0670 3740 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

20:37:11.0671 3740 intelide - ok

20:37:11.0705 3740 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

20:37:11.0706 3740 intelppm - ok

20:37:11.0720 3740 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:37:11.0721 3740 IpFilterDriver - ok

20:37:11.0772 3740 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

20:37:11.0773 3740 IPMIDRV - ok

20:37:11.0794 3740 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

20:37:11.0795 3740 IPNAT - ok

20:37:11.0849 3740 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

20:37:11.0850 3740 IRENUM - ok

20:37:11.0870 3740 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

20:37:11.0871 3740 isapnp - ok

20:37:11.0897 3740 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

20:37:11.0899 3740 iScsiPrt - ok

20:37:11.0937 3740 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:37:11.0938 3740 kbdclass - ok

20:37:11.0975 3740 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

20:37:11.0976 3740 kbdhid - ok

20:37:12.0055 3740 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

20:37:12.0057 3740 KSecDD - ok

20:37:12.0093 3740 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

20:37:12.0096 3740 KSecPkg - ok

20:37:12.0179 3740 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

20:37:12.0180 3740 lirsgt - ok

20:37:12.0230 3740 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

20:37:12.0231 3740 lltdio - ok

20:37:12.0289 3740 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:37:12.0290 3740 LSI_FC - ok

20:37:12.0300 3740 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:37:12.0301 3740 LSI_SAS - ok

20:37:12.0317 3740 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:37:12.0318 3740 LSI_SAS2 - ok

20:37:12.0332 3740 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:37:12.0334 3740 LSI_SCSI - ok

20:37:12.0373 3740 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

20:37:12.0374 3740 luafv - ok

20:37:12.0398 3740 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

20:37:12.0399 3740 megasas - ok

20:37:12.0437 3740 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

20:37:12.0439 3740 MegaSR - ok

20:37:12.0464 3740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

20:37:12.0465 3740 Modem - ok

20:37:12.0500 3740 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

20:37:12.0501 3740 monitor - ok

20:37:12.0542 3740 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

20:37:12.0544 3740 mouclass - ok

20:37:12.0562 3740 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

20:37:12.0564 3740 mouhid - ok

20:37:12.0598 3740 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

20:37:12.0599 3740 mountmgr - ok

20:37:12.0617 3740 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

20:37:12.0618 3740 mpio - ok

20:37:12.0646 3740 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

20:37:12.0647 3740 mpsdrv - ok

20:37:12.0667 3740 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

20:37:12.0668 3740 MRxDAV - ok

20:37:12.0707 3740 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:37:12.0708 3740 mrxsmb - ok

20:37:12.0752 3740 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:37:12.0754 3740 mrxsmb10 - ok

20:37:12.0769 3740 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:37:12.0771 3740 mrxsmb20 - ok

20:37:12.0792 3740 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

20:37:12.0793 3740 msahci - ok

20:37:12.0830 3740 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

20:37:12.0832 3740 msdsm - ok

20:37:12.0880 3740 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

20:37:12.0881 3740 Msfs - ok

20:37:12.0893 3740 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

20:37:12.0893 3740 mshidkmdf - ok

20:37:12.0908 3740 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

20:37:12.0909 3740 msisadrv - ok

20:37:12.0948 3740 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

20:37:12.0949 3740 MSKSSRV - ok

20:37:12.0961 3740 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

20:37:12.0962 3740 MSPCLOCK - ok

20:37:12.0980 3740 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

20:37:12.0980 3740 MSPQM - ok

20:37:12.0997 3740 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

20:37:12.0999 3740 MsRPC - ok

20:37:13.0018 3740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

20:37:13.0018 3740 mssmbios - ok

20:37:13.0081 3740 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

20:37:13.0081 3740 MSTEE - ok

20:37:13.0102 3740 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

20:37:13.0102 3740 MTConfig - ok

20:37:13.0147 3740 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys

20:37:13.0147 3740 MTsensor - ok

20:37:13.0159 3740 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

20:37:13.0160 3740 Mup - ok

20:37:13.0215 3740 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

20:37:13.0217 3740 NativeWifiP - ok

20:37:13.0243 3740 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

20:37:13.0248 3740 NDIS - ok

20:37:13.0268 3740 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

20:37:13.0268 3740 NdisCap - ok

20:37:13.0302 3740 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

20:37:13.0303 3740 NdisTapi - ok

20:37:13.0325 3740 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

20:37:13.0325 3740 Ndisuio - ok

20:37:13.0346 3740 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

20:37:13.0347 3740 NdisWan - ok

20:37:13.0365 3740 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

20:37:13.0366 3740 NDProxy - ok

20:37:13.0378 3740 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

20:37:13.0379 3740 NetBIOS - ok

20:37:13.0396 3740 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

20:37:13.0397 3740 NetBT - ok

20:37:13.0491 3740 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

20:37:13.0492 3740 nfrd960 - ok

20:37:13.0511 3740 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

20:37:13.0512 3740 Npfs - ok

20:37:13.0533 3740 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

20:37:13.0534 3740 nsiproxy - ok

20:37:13.0599 3740 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

20:37:13.0608 3740 Ntfs - ok

20:37:13.0621 3740 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

20:37:13.0622 3740 Null - ok

20:37:13.0867 3740 nvlddmkm (d739db285d03d4994a937d156df50966) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:37:13.0912 3740 nvlddmkm - ok

20:37:13.0958 3740 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

20:37:13.0960 3740 nvraid - ok

20:37:14.0000 3740 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

20:37:14.0003 3740 nvstor - ok

20:37:14.0057 3740 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

20:37:14.0058 3740 nv_agp - ok

20:37:14.0074 3740 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

20:37:14.0075 3740 ohci1394 - ok

20:37:14.0201 3740 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

20:37:14.0202 3740 Parport - ok

20:37:14.0215 3740 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

20:37:14.0216 3740 partmgr - ok

20:37:14.0228 3740 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

20:37:14.0229 3740 Parvdm - ok

20:37:14.0246 3740 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

20:37:14.0247 3740 pci - ok

20:37:14.0265 3740 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

20:37:14.0265 3740 pciide - ok

20:37:14.0301 3740 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

20:37:14.0303 3740 pcmcia - ok

20:37:14.0319 3740 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

20:37:14.0319 3740 pcw - ok

20:37:14.0354 3740 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

20:37:14.0358 3740 PEAUTH - ok

20:37:14.0447 3740 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

20:37:14.0448 3740 PptpMiniport - ok

20:37:14.0463 3740 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

20:37:14.0463 3740 Processor - ok

20:37:14.0522 3740 prodrv06 (0dfd0df9ab7a227cedf97fadee60f793) C:\Windows\System32\drivers\prodrv06.sys

20:37:14.0524 3740 prodrv06 - ok

20:37:14.0598 3740 prohlp02 (f2e44d17ea6334b39f35cc42251b2aca) C:\Windows\system32\drivers\prohlp02.sys

20:37:14.0600 3740 prohlp02 - ok

20:37:14.0659 3740 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

20:37:14.0661 3740 Psched - ok

20:37:14.0700 3740 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

20:37:14.0710 3740 ql2300 - ok

20:37:14.0727 3740 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

20:37:14.0728 3740 ql40xx - ok

20:37:14.0771 3740 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

20:37:14.0773 3740 QWAVEdrv - ok

20:37:14.0794 3740 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

20:37:14.0796 3740 RasAcd - ok

20:37:14.0863 3740 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:37:14.0864 3740 RasAgileVpn - ok

20:37:14.0886 3740 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:37:14.0887 3740 Rasl2tp - ok

20:37:14.0932 3740 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

20:37:14.0933 3740 RasPppoe - ok

20:37:14.0945 3740 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

20:37:14.0946 3740 RasSstp - ok

20:37:14.0961 3740 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

20:37:14.0963 3740 rdbss - ok

20:37:14.0977 3740 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

20:37:14.0977 3740 rdpbus - ok

20:37:14.0996 3740 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:37:14.0996 3740 RDPCDD - ok

20:37:15.0016 3740 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

20:37:15.0016 3740 RDPDR - ok

20:37:15.0036 3740 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

20:37:15.0037 3740 RDPENCDD - ok

20:37:15.0061 3740 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

20:37:15.0062 3740 RDPREFMP - ok

20:37:15.0108 3740 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys

20:37:15.0111 3740 RDPWD - ok

20:37:15.0160 3740 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

20:37:15.0164 3740 rdyboost - ok

20:37:15.0244 3740 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys

20:37:15.0246 3740 RsFx0102 - ok

20:37:15.0297 3740 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

20:37:15.0298 3740 rspndr - ok

20:37:15.0354 3740 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys

20:37:15.0357 3740 RTL8167 - ok

20:37:15.0385 3740 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

20:37:15.0386 3740 s3cap - ok

20:37:15.0437 3740 SAVOnAccess (12b6307ace60820b5e4ce3519adbe1b2) C:\Windows\system32\DRIVERS\savonaccess.sys

20:37:15.0438 3740 SAVOnAccess - ok

20:37:15.0478 3740 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

20:37:15.0479 3740 sbp2port - ok

20:37:15.0499 3740 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

20:37:15.0500 3740 scfilter - ok

20:37:15.0585 3740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:37:15.0587 3740 secdrv - ok

20:37:15.0640 3740 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

20:37:15.0641 3740 Serenum - ok

20:37:15.0666 3740 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

20:37:15.0667 3740 Serial - ok

20:37:15.0695 3740 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

20:37:15.0695 3740 sermouse - ok

20:37:15.0743 3740 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

20:37:15.0744 3740 sffdisk - ok

20:37:15.0756 3740 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

20:37:15.0757 3740 sffp_mmc - ok

20:37:15.0778 3740 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:37:15.0778 3740 sffp_sd - ok

20:37:15.0840 3740 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\Windows\system32\drivers\sfhlp01.sys

20:37:15.0842 3740 sfhlp01 - ok

20:37:15.0870 3740 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

20:37:15.0871 3740 sfloppy - ok

20:37:15.0910 3740 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

20:37:15.0911 3740 sisagp - ok

20:37:15.0979 3740 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:37:15.0980 3740 SiSRaid2 - ok

20:37:15.0999 3740 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

20:37:16.0000 3740 SiSRaid4 - ok

20:37:16.0048 3740 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

20:37:16.0049 3740 Smb - ok

20:37:16.0168 3740 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys

20:37:16.0170 3740 SophosBootDriver - ok

20:37:16.0197 3740 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

20:37:16.0198 3740 spldr - ok

20:37:16.0281 3740 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

20:37:16.0286 3740 srv - ok

20:37:16.0305 3740 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

20:37:16.0308 3740 srv2 - ok

20:37:16.0329 3740 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

20:37:16.0330 3740 srvnet - ok

20:37:16.0451 3740 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

20:37:16.0452 3740 stexstor - ok

20:37:16.0501 3740 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

20:37:16.0502 3740 storflt - ok

20:37:16.0530 3740 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

20:37:16.0532 3740 storvsc - ok

20:37:16.0553 3740 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

20:37:16.0554 3740 swenum - ok

20:37:16.0624 3740 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys

20:37:16.0625 3740 tap0901t - ok

20:37:16.0688 3740 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

20:37:16.0697 3740 Tcpip - ok

20:37:16.0755 3740 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

20:37:16.0764 3740 TCPIP6 - ok

20:37:16.0792 3740 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

20:37:16.0792 3740 tcpipreg - ok

20:37:16.0807 3740 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

20:37:16.0807 3740 TDPIPE - ok

20:37:16.0844 3740 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys

20:37:16.0844 3740 TDTCP - ok

20:37:16.0855 3740 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

20:37:16.0856 3740 tdx - ok

20:37:16.0904 3740 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

20:37:16.0905 3740 TermDD - ok

20:37:16.0952 3740 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:37:16.0952 3740 tssecsrv - ok

20:37:16.0995 3740 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

20:37:16.0998 3740 tunnel - ok

20:37:17.0040 3740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

20:37:17.0042 3740 uagp35 - ok

20:37:17.0074 3740 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

20:37:17.0078 3740 udfs - ok

20:37:17.0117 3740 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

20:37:17.0118 3740 uliagpkx - ok

20:37:17.0175 3740 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

20:37:17.0176 3740 umbus - ok

20:37:17.0196 3740 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

20:37:17.0196 3740 UmPass - ok

20:37:17.0263 3740 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

20:37:17.0265 3740 USBAAPL - ok

20:37:17.0315 3740 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

20:37:17.0317 3740 usbaudio - ok

20:37:17.0359 3740 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

20:37:17.0360 3740 usbccgp - ok

20:37:17.0379 3740 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

20:37:17.0381 3740 usbcir - ok

20:37:17.0414 3740 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

20:37:17.0415 3740 usbehci - ok

20:37:17.0465 3740 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

20:37:17.0468 3740 usbhub - ok

20:37:17.0505 3740 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys

20:37:17.0506 3740 usbohci - ok

20:37:17.0531 3740 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

20:37:17.0532 3740 usbprint - ok

20:37:17.0571 3740 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS

20:37:17.0572 3740 USBSTOR - ok

20:37:17.0613 3740 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys

20:37:17.0613 3740 usbuhci - ok

20:37:17.0659 3740 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

20:37:17.0660 3740 vdrvroot - ok

20:37:17.0679 3740 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

20:37:17.0680 3740 vga - ok

20:37:17.0714 3740 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

20:37:17.0715 3740 VgaSave - ok

20:37:17.0739 3740 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

20:37:17.0741 3740 vhdmp - ok

20:37:17.0775 3740 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

20:37:17.0775 3740 viaagp - ok

20:37:17.0792 3740 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

20:37:17.0793 3740 ViaC7 - ok

20:37:17.0819 3740 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

20:37:17.0820 3740 viaide - ok

20:37:17.0841 3740 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

20:37:17.0843 3740 vmbus - ok

20:37:17.0852 3740 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

20:37:17.0853 3740 VMBusHID - ok

20:37:17.0872 3740 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

20:37:17.0873 3740 volmgr - ok

20:37:17.0907 3740 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

20:37:17.0910 3740 volmgrx - ok

20:37:17.0929 3740 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

20:37:17.0930 3740 volsnap - ok

20:37:17.0966 3740 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

20:37:17.0967 3740 vsmraid - ok

20:37:17.0984 3740 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

20:37:17.0984 3740 vwifibus - ok

20:37:18.0078 3740 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\Windows\system32\DRIVERS\VX3000.sys

20:37:18.0101 3740 VX3000 - ok

20:37:18.0122 3740 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

20:37:18.0123 3740 WacomPen - ok

20:37:18.0165 3740 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

20:37:18.0168 3740 WANARP - ok

20:37:18.0176 3740 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

20:37:18.0178 3740 Wanarpv6 - ok

20:37:18.0242 3740 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

20:37:18.0242 3740 Wd - ok

20:37:18.0268 3740 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

20:37:18.0272 3740 Wdf01000 - ok

20:37:18.0332 3740 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

20:37:18.0333 3740 WfpLwf - ok

20:37:18.0355 3740 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

20:37:18.0356 3740 WIMMount - ok

20:37:18.0545 3740 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

20:37:18.0547 3740 WinUsb - ok

20:37:18.0599 3740 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:37:18.0600 3740 WmiAcpi - ok

20:37:18.0634 3740 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

20:37:18.0635 3740 ws2ifsl - ok

20:37:18.0662 3740 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

20:37:18.0663 3740 WudfPf - ok

20:37:18.0702 3740 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:37:18.0705 3740 WUDFRd - ok

20:37:18.0758 3740 XDva390 - ok

20:37:18.0866 3740 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys

20:37:18.0868 3740 xusb21 - ok

20:37:18.0923 3740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:37:18.0974 3740 \Device\Harddisk0\DR0 - ok

20:37:18.0981 3740 Boot (0x1200) (bb343b6375fecbac72f262a7dc05f835) \Device\Harddisk0\DR0\Partition0

20:37:18.0985 3740 \Device\Harddisk0\DR0\Partition0 - ok

20:37:18.0986 3740 ============================================================

20:37:18.0986 3740 Scan finished

20:37:18.0987 3740 ============================================================

20:37:19.0043 4984 Detected object count: 0

20:37:19.0043 4984 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-19 20:34:39

-----------------------------

20:34:39.286 OS Version: Windows 6.1.7600

20:34:39.286 Number of processors: 2 586 0x603

20:34:39.287 ComputerName: HARRY-PC UserName: Harry

20:35:00.146 Initialize success

20:35:09.256 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4

20:35:09.258 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3

20:35:09.270 Disk 0 MBR read successfully

20:35:09.272 Disk 0 MBR scan

20:35:09.274 Disk 0 Windows 7 default MBR code

20:35:09.278 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848

20:35:09.281 Disk 0 scanning sectors +976771072

20:35:09.332 Disk 0 scanning C:\Windows\system32\drivers

20:35:15.307 Service scanning

20:35:30.461 Modules scanning

20:35:37.310 Scan finished successfully

20:36:09.082 Disk 0 MBR has been saved successfully to "C:\Users\Harry\Desktop\MBR.dat"

20:36:09.088 The log file has been saved successfully to "C:\Users\Harry\Desktop\aswMBR.txt"

Link to post
Share on other sites

a) Please do NOT press the Quote button when starting a reply (unless it is absolutely critical)

that is because doing that repeats too much info

b) Go very slow and try just one more time to get a new & fresh MBAM

1) Turn off your anti-virus program and any other anti-malware you may have.

2)

Download and SAVE from >> here << to your DESKTOP

AFTER it is saved, then Run mbam-clean.exe

It will ask to restart your computer, please allow it to do so very important.

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

IF need be, Rename the mbam-setup.exe to something like GAMMA.EXE

Run the GAMMA (mbam-setup).

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Run a FULL scan with MBAM

Edited by Maurice Naggar
Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.