Infected Windows 7 64 bit Machine, BSOD's upon using DDS

Inactive
By liam499
Dec 12, 2010
Topic Status:
Not open for further replies.
  1. Computer is infected quite badly I think
    It will not BSOD if not booted in Safe Mode
    It also BSOD's if I try and use DDS
    GMER returned no results

    and here is my MBAM log

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    8/12/2010 12:12:40 PM
    mbam-log-2010-12-08 (12-12-40).txt

    Scan type: Quick scan
    Objects scanned: 149604
    Time elapsed: 2 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 19
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6CD48497-A88A-4647-8169-71CB056CC0A9} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\chkazcichst.chkazcichst.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\chkazcichst.chkazcichst (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adfazcicpr.adfazcicpr.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adfazcicpr.adfazcicpr (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\brumazcicgrm.brumazcicgrm.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\brumazcicgrm.brumazcicgrm (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\$ntuninstallmtf197$\jcdyr.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\Windows\$ntuninstallmtf197$\vscpi.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

    and

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5302

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    13/12/2010 9:57:31 AM
    mbam-log-2010-12-13 (09-57-31).txt

    Scan type: Quick scan
    Objects scanned: 167244
    Time elapsed: 2 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\Fonts\18XF5r.com (Malware.Generic) -> Quarantined and deleted successfully.
  2. Broni

    Broni Malware Annihilator Posts: 45,195   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. liam499

    liam499 Newcomer, in training Topic Starter

    Scanned and rootkit was found
    Whats the next step?

    2010/12/13 11:21:01.0623 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/13 11:21:01.0623 ================================================================================
    2010/12/13 11:21:01.0623 SystemInfo:
    2010/12/13 11:21:01.0623
    2010/12/13 11:21:01.0623 OS Version: 6.1.7600 ServicePack: 0.0
    2010/12/13 11:21:01.0623 Product type: Workstation
    2010/12/13 11:21:01.0623 ComputerName: OMARAL-BASHIR
    2010/12/13 11:21:01.0623 UserName: Omar al-Bashir
    2010/12/13 11:21:01.0623 Windows directory: C:\Windows
    2010/12/13 11:21:01.0623 System windows directory: C:\Windows
    2010/12/13 11:21:01.0623 Running under WOW64
    2010/12/13 11:21:01.0623 Processor architecture: Intel x64
    2010/12/13 11:21:01.0623 Number of processors: 2
    2010/12/13 11:21:01.0623 Page size: 0x1000
    2010/12/13 11:21:01.0623 Boot type: Safe boot with network
    2010/12/13 11:21:01.0623 ================================================================================
    2010/12/13 11:21:01.0623 Utility is running under WOW64
    2010/12/13 11:21:02.0122 Initialize success
    2010/12/13 11:21:04.0431 ================================================================================
    2010/12/13 11:21:04.0431 Scan started
    2010/12/13 11:21:04.0431 Mode: Manual;
    2010/12/13 11:21:04.0431 ================================================================================
    2010/12/13 11:21:05.0351 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/12/13 11:21:05.0414 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/12/13 11:21:05.0445 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/12/13 11:21:05.0492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/12/13 11:21:05.0523 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/12/13 11:21:05.0570 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/12/13 11:21:05.0632 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2010/12/13 11:21:05.0679 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2010/12/13 11:21:05.0710 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2010/12/13 11:21:05.0757 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2010/12/13 11:21:05.0788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/12/13 11:21:05.0819 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/12/13 11:21:05.0866 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/12/13 11:21:05.0897 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/12/13 11:21:05.0929 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/12/13 11:21:05.0991 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2010/12/13 11:21:06.0053 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2010/12/13 11:21:06.0085 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/12/13 11:21:06.0147 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/13 11:21:06.0178 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2010/12/13 11:21:06.0225 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
    2010/12/13 11:21:06.0272 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
    2010/12/13 11:21:06.0334 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2010/12/13 11:21:06.0381 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2010/12/13 11:21:06.0459 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2010/12/13 11:21:06.0506 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/12/13 11:21:06.0568 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/13 11:21:06.0599 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/12/13 11:21:06.0631 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/12/13 11:21:06.0677 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2010/12/13 11:21:06.0709 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/12/13 11:21:06.0740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/12/13 11:21:06.0771 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/12/13 11:21:06.0818 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/12/13 11:21:06.0865 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/13 11:21:06.0911 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/13 11:21:06.0958 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2010/12/13 11:21:07.0005 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2010/12/13 11:21:07.0099 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/13 11:21:07.0145 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/12/13 11:21:07.0364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2010/12/13 11:21:07.0395 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/13 11:21:07.0442 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/12/13 11:21:07.0489 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/12/13 11:21:07.0567 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/13 11:21:07.0613 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2010/12/13 11:21:07.0660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2010/12/13 11:21:07.0738 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/13 11:21:07.0801 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/13 11:21:07.0941 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2010/12/13 11:21:08.0097 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/12/13 11:21:08.0144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2010/12/13 11:21:08.0222 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2010/12/13 11:21:08.0253 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2010/12/13 11:21:08.0300 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/13 11:21:08.0347 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/13 11:21:08.0378 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2010/12/13 11:21:08.0409 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/13 11:21:08.0456 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/13 11:21:08.0518 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2010/12/13 11:21:08.0596 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    2010/12/13 11:21:08.0627 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/13 11:21:08.0705 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/12/13 11:21:08.0737 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/12/13 11:21:08.0799 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/13 11:21:08.0861 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2010/12/13 11:21:08.0908 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/13 11:21:08.0955 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/13 11:21:08.0986 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/12/13 11:21:09.0033 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/12/13 11:21:09.0049 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2010/12/13 11:21:09.0095 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/13 11:21:09.0158 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/12/13 11:21:09.0220 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2010/12/13 11:21:09.0267 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2010/12/13 11:21:09.0314 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/13 11:21:09.0361 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/12/13 11:21:09.0423 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/12/13 11:21:09.0470 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2010/12/13 11:21:09.0517 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/13 11:21:09.0563 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/13 11:21:09.0595 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/12/13 11:21:09.0626 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2010/12/13 11:21:09.0688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2010/12/13 11:21:09.0719 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/12/13 11:21:09.0751 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/13 11:21:09.0797 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/13 11:21:09.0844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/13 11:21:09.0875 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/13 11:21:09.0907 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/12/13 11:21:09.0953 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2010/12/13 11:21:10.0047 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/13 11:21:10.0125 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/12/13 11:21:10.0141 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/12/13 11:21:10.0187 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/12/13 11:21:10.0219 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/12/13 11:21:10.0265 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2010/12/13 11:21:10.0312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2010/12/13 11:21:10.0343 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/12/13 11:21:10.0437 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2010/12/13 11:21:10.0468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/13 11:21:10.0531 MotioninJoyXFilter (df59d849426bf9ab7f4cf3e63c4d6643) C:\Windows\system32\DRIVERS\MijXfilt.sys
    2010/12/13 11:21:10.0593 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/13 11:21:10.0640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/13 11:21:10.0702 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/13 11:21:10.0749 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2010/12/13 11:21:10.0811 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/13 11:21:10.0858 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/13 11:21:10.0889 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/13 11:21:10.0921 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/13 11:21:10.0967 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/13 11:21:10.0999 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2010/12/13 11:21:11.0030 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/12/13 11:21:11.0108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2010/12/13 11:21:11.0139 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/12/13 11:21:11.0170 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/12/13 11:21:11.0233 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/13 11:21:11.0264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/13 11:21:11.0295 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/13 11:21:11.0342 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/13 11:21:11.0389 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/13 11:21:11.0435 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/13 11:21:11.0467 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/12/13 11:21:11.0513 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    2010/12/13 11:21:11.0576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2010/12/13 11:21:11.0638 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/13 11:21:11.0716 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2010/12/13 11:21:11.0779 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/12/13 11:21:11.0825 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/13 11:21:11.0857 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/13 11:21:11.0888 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/13 11:21:11.0919 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/13 11:21:11.0981 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/13 11:21:12.0028 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/13 11:21:12.0106 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/12/13 11:21:12.0153 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2010/12/13 11:21:12.0200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/13 11:21:12.0278 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/13 11:21:12.0340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2010/12/13 11:21:12.0902 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/12/13 11:21:13.0183 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/12/13 11:21:13.0229 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/12/13 11:21:13.0276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/12/13 11:21:13.0307 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/12/13 11:21:13.0417 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2010/12/13 11:21:13.0448 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2010/12/13 11:21:13.0510 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
    2010/12/13 11:21:13.0557 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2010/12/13 11:21:13.0588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2010/12/13 11:21:13.0635 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/12/13 11:21:13.0666 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2010/12/13 11:21:13.0713 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2010/12/13 11:21:13.0885 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/13 11:21:13.0916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2010/12/13 11:21:13.0963 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/13 11:21:14.0025 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/12/13 11:21:14.0087 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/12/13 11:21:14.0134 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/13 11:21:14.0165 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/13 11:21:14.0212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/12/13 11:21:14.0243 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/13 11:21:14.0290 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/13 11:21:14.0321 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/13 11:21:14.0368 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/13 11:21:14.0415 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/12/13 11:21:14.0462 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/13 11:21:14.0509 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/13 11:21:14.0555 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2010/12/13 11:21:14.0587 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/13 11:21:14.0633 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2010/12/13 11:21:14.0743 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/13 11:21:14.0821 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    2010/12/13 11:21:14.0852 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    2010/12/13 11:21:14.0883 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/12/13 11:21:14.0945 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
    2010/12/13 11:21:14.0977 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/12/13 11:21:15.0055 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2010/12/13 11:21:15.0117 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2010/12/13 11:21:15.0148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2010/12/13 11:21:15.0179 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/12/13 11:21:15.0242 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/12/13 11:21:15.0273 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/12/13 11:21:15.0304 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/12/13 11:21:15.0335 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/12/13 11:21:15.0398 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
    2010/12/13 11:21:15.0429 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/12/13 11:21:15.0460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/12/13 11:21:15.0507 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/13 11:21:15.0569 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2010/12/13 11:21:15.0632 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/13 11:21:15.0679 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/13 11:21:15.0725 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/13 11:21:15.0788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/12/13 11:21:15.0819 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/13 11:21:15.0959 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2010/12/13 11:21:16.0069 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/13 11:21:16.0115 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/13 11:21:16.0162 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/13 11:21:16.0193 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/13 11:21:16.0240 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/13 11:21:16.0271 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/13 11:21:16.0349 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/13 11:21:16.0412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/13 11:21:16.0490 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/12/13 11:21:16.0552 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/13 11:21:16.0615 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/12/13 11:21:16.0661 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/13 11:21:16.0693 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2010/12/13 11:21:16.0771 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
    2010/12/13 11:21:16.0802 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/13 11:21:16.0849 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/12/13 11:21:16.0864 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/13 11:21:16.0927 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/13 11:21:16.0958 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/12/13 11:21:16.0989 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/13 11:21:17.0036 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/13 11:21:17.0067 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/13 11:21:17.0083 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/13 11:21:17.0145 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/12/13 11:21:17.0192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/13 11:21:17.0223 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2010/12/13 11:21:17.0270 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/12/13 11:21:17.0301 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2010/12/13 11:21:17.0332 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/12/13 11:21:17.0363 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/13 11:21:17.0410 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/12/13 11:21:17.0457 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/12/13 11:21:17.0504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2010/12/13 11:21:17.0551 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/12/13 11:21:17.0597 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/13 11:21:17.0629 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/13 11:21:17.0707 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2010/12/13 11:21:17.0753 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/13 11:21:17.0847 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/12/13 11:21:17.0878 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2010/12/13 11:21:18.0019 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2010/12/13 11:21:18.0065 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/13 11:21:18.0143 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/13 11:21:18.0221 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2010/12/13 11:21:18.0268 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/13 11:21:18.0362 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
    2010/12/13 11:21:18.0424 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/13 11:21:18.0440 ================================================================================
    2010/12/13 11:21:18.0440 Scan finished
    2010/12/13 11:21:18.0440 ================================================================================
    2010/12/13 11:21:18.0471 Detected object count: 1
    2010/12/13 11:21:25.0819 \HardDisk0 - will be cured after reboot
    2010/12/13 11:21:25.0819 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/13 11:21:29.0173 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 45,195   +242

    Good :)

    See, if you can boot in normaL mode and run DDS.
  5. liam499

    liam499 Newcomer, in training Topic Starter

    DDS ran perfectly

    y
    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Omar al-Bashir at 14:18:25.29 on Mon 13/12/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2047.1195 [GMT 11:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
    C:\Users\Omar al-Bashir\AppData\Local\Apps\2.0\7JDTX0YC.WRH\YL1JQJKV.ROT\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SndVol.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Admin.Omaral-Bashir\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [EA Core] "D:\Games\FIFA 11\EADM\Core.exe" -silent
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask .exe" -atboottime
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    dRun: [Wxumimelumor] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\necsev.dll",Startup
    StartupFolder: C:\Users\Omar al-Bashir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\OMARAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERA~1.LNK - C:\Users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-30 128752]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-18 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-18 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-18 83120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-13 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-10-18 90112]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-11-19 19544]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 135664]
    S4 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2010-12-4 2560]
    S4 ReduceTheLag-v3;ReduceTheLag-v3;C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [2010-12-6 174080]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2010-12-12 23:45:11 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
    2010-12-12 23:08:53 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\SUPERAntiSpyware.com
    2010-12-12 23:08:53 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2010-12-12 23:08:49 -------- d-----w- C:\PROGRA~3\!SASCORE
    2010-12-12 23:08:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-12-12 22:54:40 81922 ----a-w- C:\PROGRA~3\GQIhgV73.exe
    2010-12-12 22:38:50 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-12-12 22:36:22 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Temp
    2010-12-12 01:03:39 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{54BC2105-53B8-4E80-9D45-7B9C4E5E6147}\mpengine.dll
    2010-12-09 05:33:40 -------- d-----w- C:\Program Files (x86)\Conduit
    2010-12-09 05:33:38 -------- d-----w- C:\Program Files (x86)\ConduitEngine
    2010-12-09 05:33:35 -------- d-----w- C:\Program Files (x86)\uTorrentBar
    2010-12-09 05:33:32 -------- d-----w- C:\extensions
    2010-12-09 01:04:40 -------- d-----w- C:\Program Files (x86)\MegaDev
    2010-12-08 05:34:06 -------- d-----w- C:\Windows\pss
    2010-12-07 11:23:11 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2010-12-07 10:48:44 -------- d-----w- C:\Program Files (x86)\Turbine
    2010-12-07 05:48:26 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
    2010-12-07 05:46:36 -------- d-----w- C:\NVIDIA
    2010-12-07 04:04:48 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Apps
    2010-12-07 04:04:47 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Deployment
    2010-12-07 03:56:56 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
    2010-12-07 03:53:59 -------- d-----w- C:\Program Files (x86)\ReducetheLag
    2010-12-05 23:00:02 -------- d-----w- C:\PROGRA~3\EA Core
    2010-12-05 19:02:51 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2010-12-05 14:11:41 -------- d-----w- C:\PROGRA~3\Solidshield
    2010-12-05 13:44:10 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\Malwarebytes
    2010-12-05 13:44:04 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-05 13:44:02 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-05 13:43:59 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-05 13:43:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-04 08:26:03 -------- d-----w- C:\Program Files (x86)\Reality Pump
    2010-12-04 08:24:04 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2010-12-04 08:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2010-12-04 07:01:57 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\Childish Things
    2010-12-04 07:01:08 126976 ----a-w- C:\Windows\lcmmfu.cpl
    2010-12-04 07:01:07 681 --sha-w- C:\Windows\SysWow64\mmf.sys
    2010-12-04 07:01:04 48640 ----a-w- C:\Windows\mmfs.dll
    2010-12-04 07:01:04 2560 ----a-w- C:\Windows\Runservice.exe
    2010-12-04 06:59:34 348160 ----a-w- C:\Windows\msvcr71.dll
    2010-12-04 06:59:20 -------- d-----w- C:\Program Files (x86)\Childish Things
    2010-12-02 20:23:10 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\My Battle for Middle-earth(tm) II Files
    2010-12-02 08:41:29 -------- d-----w- C:\Program Files\iPod
    2010-12-02 08:41:28 -------- d-----w- C:\Program Files\iTunes
    2010-12-02 08:41:28 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-12-02 03:53:16 -------- d-----w- C:\Program Files (x86)\EA GAMES
    2010-12-01 05:06:16 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2010-11-29 20:31:27 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
    2010-11-25 06:53:37 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\Mount&Blade Warband
    2010-11-25 01:27:42 -------- d-----w- C:\Program Files (x86)\Click Photobooks
    2010-11-23 20:32:34 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-23 20:32:34 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-19 06:16:44 -------- d-----w- C:\Program Files\PeerBlock
    2010-11-15 12:30:28 -------- d-----w- C:\Users\Omar al-Bashir\.thumbnails
    2010-11-15 12:22:00 -------- d-----w- C:\Users\Omar al-Bashir\.gimp-2.6
    2010-11-15 12:16:20 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
    2010-11-15 08:06:52 -------- d-----w- C:\Program Files (x86)\Real Alternative
    2010-11-14 16:00:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-11-13 23:41:59 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-11-13 12:00:54 -------- d-----w- C:\Users\Omar al-Bashir\Tracing
    2010-11-13 11:56:14 -------- d-----w- C:\Windows\en
    2010-11-13 11:55:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2010-11-13 11:53:44 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2010-11-13 11:52:26 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
    2010-11-13 11:52:17 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
    2010-11-13 11:50:04 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
    2010-11-13 11:50:04 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
    2010-11-13 11:50:03 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
    2010-11-13 11:50:03 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
    2010-11-13 11:49:21 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-11-13 11:49:21 206848 ----a-w- C:\Windows\System32\mfps.dll
    2010-11-13 11:49:20 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2010-11-13 11:49:20 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2010-11-13 11:49:20 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2010-11-13 11:49:19 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cbd69e031cb832807\InstallManager_WLE_WLE.exe
    2010-11-13 11:49:19 4068864 ----a-w- C:\Windows\System32\mf.dll
    2010-11-13 11:49:19 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
    2010-11-13 11:49:04 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c542b6ab1cb832806\MeshBetaRemover.exe
    2010-11-13 11:49:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c21cb2bd1cb832805\DXSETUP.exe
    2010-11-13 11:48:59 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c21cb2bd1cb832805\DSETUP.dll
    2010-11-13 11:48:59 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c21cb2bd1cb832805\dsetup32.dll
    2010-11-13 11:48:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc0fb09f1cb832804\DSETUP.dll
    2010-11-13 11:48:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc0fb09f1cb832804\DXSETUP.exe
    2010-11-13 11:48:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc0fb09f1cb832804\dsetup32.dll
    2010-11-13 11:48:47 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b863d8ec1cb832803\Silverlight.4.0.exe
    2010-11-13 11:48:10 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Windows Live
    2010-11-13 11:48:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

    ==================== Find3M ====================

    2010-11-22 21:53:41 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-10-18 23:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-18 20:25:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-10-18 08:57:02 419840 ----a-w- C:\Windows\System32\systemcpl.dll
    2010-10-18 08:57:02 14848 ----a-w- C:\Windows\System32\slwga.dll
    2010-10-18 08:57:02 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-10-16 02:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
    2010-10-16 02:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
    2010-10-16 02:13:34 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2010-10-16 02:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
    2010-10-16 02:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
    2010-10-01 23:50:12 90112 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
    2010-09-28 04:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 04:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2010-09-22 13:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-09-22 13:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-09-21 03:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2010-09-21 03:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

    ============= FINISH: 14:19:12.34 ===============

    MSVCRT
    MSVCRT_amd64
    NVIDIA PhysX
    PowerISO
    QuickTime
    Real Alternative 2.0.2
    Reducethelag
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    SPORE™
    SPORE™ Galactic Adventures
    Street-Ads Browser Enhancer
    The Battle for Middle-earth (tm)
    The Battle for Middle-earth (tm) II
    The Lord of the Rings Online™ v03.02.03.8013
    The Lord of the Rings, The Rise of the Witch-king
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Fast Lane Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 World Adventures
    TVersity Codec Pack 1.4
    TVersity Media Server 1.9.2
    Two Worlds II
    uTorrentBar Toolbar
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World of Warcraft
    Worms Reloaded with update 6

    ==== Event Viewer Messages From Past Week ========

    9/12/2010 9:49:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/12/2010 9:47:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab87e7, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-90964-01.
    9/12/2010 9:37:35 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/12/2010 4:09:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a60d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-28906-01.
    9/12/2010 10:07:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    9/12/2010 10:07:49 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/12/2010 10:07:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/12/2010 10:05:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a62d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-101759-01.
    8/12/2010 4:27:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/12/2010 4:27:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/12/2010 4:27:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dc272a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120810-88670-01.
    8/12/2010 4:27:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
    8/12/2010 4:14:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a68d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120810-90308-01.
    8/12/2010 12:09:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/12/2010 12:06:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    8/12/2010 12:05:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00001f80010100cc, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa12b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120810-19266-01.
    8/12/2010 11:19:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    8/12/2010 11:19:59 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/12/2010 11:19:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    7/12/2010 5:59:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000090, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ad2995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-29842-01.
    7/12/2010 5:35:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa0d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-20514-01.
    7/12/2010 5:31:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002adb448, 0xfffff880038f4820, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-25880-01.
    7/12/2010 4:55:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002acb0ad, 0xfffff8800472dd40, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-23977-01.
    7/12/2010 4:06:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa0436). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-31808-01.
    7/12/2010 3:36:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff88007ac7750, 0x0000000000000002, 0x0000000000000000, 0xfffff88000dd0c50). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-33119-01.
    7/12/2010 2:54:00 PM, Error: Service Control Manager [7030] - The ReduceTheLag-v3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/12/2010 2:50:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/12/2010 11:25:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a57d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-31418-01.
    6/12/2010 12:36:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002aa35a1, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-28657-01.
    6/12/2010 12:33:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002af6448, 0xfffff88008c15a20, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-25880-01.
    6/12/2010 12:22:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00002b99041d1620, 0x00002b992ddfa232, 0xffffd466d2205dcd, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-26504-01.
    13/12/2010 9:47:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SCDEmu spldr Wanarpv6
    13/12/2010 9:47:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
    13/12/2010 9:47:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001e615a1, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
    13/12/2010 9:38:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80001ea4d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-68890-01.
    13/12/2010 11:17:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    13/12/2010 11:17:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    13/12/2010 10:48:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    13/12/2010 10:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    13/12/2010 10:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    13/12/2010 10:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    13/12/2010 10:48:11 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:48:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6
    13/12/2010 10:48:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a98d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-25724-01.
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx Wanarpv6 WfpLwf
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:37:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a92436). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-20139-01.
    13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    13/12/2010 10:28:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80001ef02b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-90449-01.
    13/12/2010 10:20:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    13/12/2010 1:10:00 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{4206c08f-da91-11df-bd7d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7A0BC8F6-EEA7-479B-AE2E-FE2B0414C73E}' was corrupted and it has been recovered. Some data might have been lost.
    13/12/2010 1:09:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{4206c08f-da91-11df-bd7d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2A2E3645-52E3-4B8B-8410-F5D1B281DB6F}' was corrupted and it has been recovered. Some data might have been lost.
    12/12/2010 4:24:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa8d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121210-29187-01.
    12/12/2010 4:19:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa0d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121210-26535-01.
    12/12/2010 2:38:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002a4ff5e, 0xfffff88007a26a60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121210-27783-01.
    10/12/2010 5:49:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a5cd29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121010-26208-01.
    10/12/2010 4:20:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a9e7e7, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121010-90308-01.

    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 45,195   +242

    Good :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. liam499

    liam499 Newcomer, in training Topic Starter

    MBRCHECK
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x000003d5

    Kernel Drivers (total 184):
    0x02A4B000 \SystemRoot\system32\ntoskrnl.exe
    0x02A02000 \SystemRoot\system32\hal.dll
    0x00BD2000 \SystemRoot\system32\kdcom.dll
    0x00C2C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C70000 \SystemRoot\system32\PSHED.dll
    0x00C84000 \SystemRoot\system32\CLFS.SYS
    0x00CE2000 \SystemRoot\system32\CI.dll
    0x00EA6000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F4A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F59000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FB0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FB9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FC3000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E93000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00DA2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00DB2000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E9A000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00DCC000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00C00000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0108E000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010DA000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x010EE000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013B8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0114C000 \SystemRoot\System32\Drivers\cng.sys
    0x013D2000 \SystemRoot\System32\drivers\pcw.sys
    0x013E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01499000 \SystemRoot\system32\drivers\ndis.sys
    0x0158B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01602000 \SystemRoot\System32\drivers\tcpip.sys
    0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01475000 \SystemRoot\System32\Drivers\spldr.sys
    0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0147D000 \SystemRoot\System32\Drivers\mup.sys
    0x0148F000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x011BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x00C0B000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01813000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01879000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x018A3000 \SystemRoot\System32\Drivers\Null.SYS
    0x018AC000 \SystemRoot\System32\Drivers\Beep.SYS
    0x018B3000 \SystemRoot\System32\drivers\vga.sys
    0x018C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x018E6000 \SystemRoot\System32\drivers\watchdog.sys
    0x018F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x018FF000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01908000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01911000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0191C000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0192D000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0194B000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01958000 \SystemRoot\system32\drivers\afd.sys
    0x02C15000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02C5A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02C63000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C89000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C98000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02CB5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02CD0000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02CE4000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x02CFE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x02D08000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x02D12000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02D63000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02D6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02D7A000 \SystemRoot\System32\drivers\discache.sys
    0x02D89000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02DA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02DB8000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x02DDA000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x019E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0481B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x053F5000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03CDA000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03C46000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x03C52000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x03C5F000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03C7C000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x03C84000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03CA2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03CB1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03CC0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03CCD000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0407C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x040D2000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x040E3000 \SystemRoot\system32\DRIVERS\SiSG664.sys
    0x040F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0411A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x0412A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04140000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04164000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04170000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0419F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x041BA000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x041DB000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x041F5000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04000000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04043000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04055000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x03EB8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03F12000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x03F27000 \SystemRoot\system32\drivers\HdAudio.sys
    0x03F83000 \SystemRoot\system32\drivers\portcls.sys
    0x03FC0000 \SystemRoot\system32\drivers\drmk.sys
    0x03FE2000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00060000 \SystemRoot\System32\win32k.sys
    0x03FE8000 \SystemRoot\System32\drivers\Dxapi.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x03E1D000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03E2B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x03E37000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x03E40000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x03E53000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x03E6E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03E70000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004F0000 \SystemRoot\System32\TSDDD.dll
    0x006D0000 \SystemRoot\System32\cdd.dll
    0x03E7E000 \SystemRoot\system32\drivers\luafv.sys
    0x03DCE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x01843000 \SystemRoot\system32\drivers\WudfPf.sys
    0x03EA1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04060000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x03478000 \SystemRoot\system32\drivers\HTTP.sys
    0x03540000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0355E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03576000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x035A3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x04695000 \SystemRoot\system32\drivers\peauth.sys
    0x0473B000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x04746000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x04773000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x04785000 \SystemRoot\system32\drivers\spsys.sys
    0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x056EF000 \SystemRoot\System32\DRIVERS\srv.sys
    0x05785000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x057B6000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x77310000 \Windows\System32\ntdll.dll
    0x47830000 \Windows\System32\smss.exe
    0xFF630000 \Windows\System32\apisetschema.dll
    0xFFFF0000 \Windows\System32\autochk.exe
    0xFF510000 \Windows\System32\msctf.dll
    0xFF4E0000 \Windows\System32\imm32.dll
    0xFF4C0000 \Windows\System32\sechost.dll
    0xFF4A0000 \Windows\System32\imagehlp.dll
    0x77210000 \Windows\System32\user32.dll
    0xFF420000 \Windows\System32\shlwapi.dll
    0xFF1C0000 \Windows\System32\iertutil.dll
    0x770F0000 \Windows\System32\kernel32.dll
    0xFEFE0000 \Windows\System32\setupapi.dll
    0xFEEB0000 \Windows\System32\rpcrt4.dll
    0xFEE10000 \Windows\System32\clbcatq.dll
    0xFED70000 \Windows\System32\msvcrt.dll
    0xFED20000 \Windows\System32\ws2_32.dll
    0xFDF90000 \Windows\System32\shell32.dll
    0xFDF10000 \Windows\System32\difxapi.dll
    0xFDE70000 \Windows\System32\comdlg32.dll
    0xFDD40000 \Windows\System32\wininet.dll
    0x774E0000 \Windows\System32\normaliz.dll
    0xFDCF0000 \Windows\System32\Wldap32.dll
    0xFDB70000 \Windows\System32\urlmon.dll
    0x774D0000 \Windows\System32\psapi.dll
    0xFDA90000 \Windows\System32\oleaut32.dll
    0xFD880000 \Windows\System32\ole32.dll
    0xFD7A0000 \Windows\System32\advapi32.dll
    0xFD6D0000 \Windows\System32\usp10.dll
    0xFD6C0000 \Windows\System32\lpk.dll
    0xFD6B0000 \Windows\System32\nsi.dll
    0xFD640000 \Windows\System32\gdi32.dll
    0xFD4D0000 \Windows\System32\crypt32.dll
    0xFD490000 \Windows\System32\cfgmgr32.dll
    0xFD420000 \Windows\System32\KernelBase.dll
    0xFD380000 \Windows\System32\comctl32.dll
    0xFD360000 \Windows\System32\devobj.dll
    0xFD320000 \Windows\System32\wintrust.dll
    0xFD310000 \Windows\System32\msasn1.dll
    0x75440000 \Windows\SysWOW64\normaliz.dll

    Processes (total 65):
    0 System Idle Process
    4 System
    360 C:\Windows\System32\smss.exe
    452 csrss.exe
    512 C:\Windows\System32\wininit.exe
    524 csrss.exe
    576 C:\Windows\System32\winlogon.exe
    616 C:\Windows\System32\services.exe
    624 C:\Windows\System32\lsass.exe
    632 C:\Windows\System32\lsm.exe
    748

    ComboFix

    ComboFix 10-12-11.06 - Omar al-Bashir 13/12/2010 14:36:05.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2047.1157 [GMT 11:00]
    Running from: c:\users\Omar al-Bashir\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\program files (x86)\iTunes\iTunesHelper.exe
    c:\program files (x86)\PowerISO\PWRISOVM.EXE
    c:\program files (x86)\QuickTime\QTTask.exe
    c:\programdata\GQIhgV73.exe
    c:\programdata\GQIhgV73.exe_
    c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe . . . . Failed to delete

    Code:
     <pre>
    c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe ---^> c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe ---^> c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe ---^> c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    c:\program files (x86)\Common Files\Java\Java Update\jusched .exe ---^> c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    </pre> 
    .
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
    .

    2010-12-12 23:45 . 2010-12-12 23:45 -------- d-----w- c:\windows\SysWow64\wbem\Logs
    2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\SUPERAntiSpyware.com
    2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\!SASCORE
    2010-12-12 23:08 . 2010-12-12 23:09 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-12-12 22:36 . 2010-12-13 03:55 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Temp
    2010-12-12 01:03 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54BC2105-53B8-4E80-9D45-7B9C4E5E6147}\mpengine.dll
    2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\Conduit
    2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\uTorrentBar
    2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- C:\extensions
    2010-12-09 01:04 . 2010-12-09 01:04 -------- d-----w- c:\program files (x86)\MegaDev
    2010-12-08 05:45 . 2010-12-12 22:20 -------- d-----w- c:\users\Admin
    2010-12-07 11:23 . 2010-12-07 11:23 -------- d-----w- c:\windows\SysWow64\URTTEMP
    2010-12-07 10:48 . 2010-12-07 10:48 -------- d-----w- c:\program files (x86)\Turbine
    2010-12-07 05:49 . 2010-12-13 03:44 -------- d-----w- c:\programdata\NVIDIA
    2010-12-07 05:48 . 2010-12-07 05:48 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-12-07 05:46 . 2010-12-07 05:46 -------- d-----w- C:\NVIDIA
    2010-12-07 04:04 . 2010-12-07 04:04 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Apps
    2010-12-07 04:04 . 2010-12-13 03:05 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Deployment
    2010-12-07 03:56 . 2010-12-07 04:04 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-12-07 03:53 . 2010-12-07 03:54 -------- d-----w- c:\program files (x86)\ReducetheLag
    2010-12-05 23:00 . 2010-12-05 23:00 -------- d-----w- c:\programdata\EA Core
    2010-12-05 19:02 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2010-12-05 14:11 . 2010-12-05 14:11 -------- d-----w- c:\programdata\Solidshield
    2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Malwarebytes
    2010-12-05 13:44 . 2010-11-29 06:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-05 13:43 . 2010-12-12 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-12-05 13:43 . 2010-11-29 06:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-04 08:26 . 2010-12-04 08:26 -------- d-----w- c:\program files (x86)\Reality Pump
    2010-12-04 08:24 . 2010-12-07 05:49 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2010-12-04 08:23 . 2010-12-04 08:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2010-12-04 07:01 . 2010-12-04 07:01 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Childish Things
    2010-12-04 07:01 . 2010-12-04 07:01 126976 ----a-w- c:\windows\lcmmfu.cpl
    2010-12-04 07:01 . 2010-12-08 05:21 681 --sha-w- c:\windows\SysWow64\mmf.sys
    2010-12-04 07:01 . 2010-12-04 07:01 48640 ----a-w- c:\windows\mmfs.dll
    2010-12-04 07:01 . 2010-12-04 07:01 2560 ----a-w- c:\windows\Runservice.exe
    2010-12-04 06:59 . 2008-03-04 09:38 348160 ----a-w- c:\windows\msvcr71.dll
    2010-12-04 06:59 . 2010-12-04 06:59 -------- d-----w- c:\program files (x86)\Childish Things
    2010-12-02 20:23 . 2010-12-07 09:00 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My Battle for Middle-earth(tm) II Files
    2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iPod
    2010-12-02 08:41 . 2010-12-13 03:41 -------- d-----w- c:\program files (x86)\iTunes
    2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iTunes
    2010-12-02 08:38 . 2010-12-02 08:38 -------- d-----w- c:\program files (x86)\Safari
    2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\program files (x86)\EA GAMES
    2010-12-01 05:06 . 2010-12-01 10:13 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2010-11-29 20:31 . 2010-12-02 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
    2010-11-25 06:53 . 2010-11-25 06:53 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Mount&Blade Warband
    2010-11-25 01:27 . 2010-11-25 01:27 -------- d-----w- c:\program files (x86)\Click Photobooks
    2010-11-23 20:32 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-23 20:32 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    2010-11-19 06:16 . 2010-12-07 03:57 -------- d-----w- c:\program files\PeerBlock
    2010-11-15 12:30 . 2010-12-07 12:43 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\gtk-2.0
    2010-11-15 12:30 . 2010-11-15 12:30 -------- d-----w- c:\users\Omar al-Bashir\.thumbnails
    2010-11-15 12:22 . 2010-12-07 16:21 -------- d-----w- c:\users\Omar al-Bashir\.gimp-2.6
    2010-11-15 12:16 . 2010-11-15 12:16 -------- d-----w- c:\program files (x86)\GIMP-2.0
    2010-11-15 08:06 . 2010-11-15 08:06 -------- d-----w- c:\program files (x86)\Real Alternative
    2010-11-14 16:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-11-13 23:41 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-11-13 12:00 . 2010-12-13 03:55 -------- d-----w- c:\users\Omar al-Bashir\Tracing
    2010-11-13 11:56 . 2010-11-13 11:56 -------- d-----w- c:\windows\en
    2010-11-13 11:55 . 2010-11-13 11:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2010-11-13 11:53 . 2010-11-13 11:56 -------- d-----w- c:\program files (x86)\Windows Live
    2010-11-13 11:53 . 2010-09-22 13:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-11-13 11:52 . 2010-11-13 11:53 -------- d-----w- c:\program files\Windows Live
    2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\MSN Toolbar
    2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\Bing Bar Installer
    2010-11-13 11:50 . 2010-11-13 23:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2010-11-13 11:50 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2010-11-13 11:50 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2010-11-13 11:50 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
    2010-11-13 11:50 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
    2010-11-13 11:49 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-11-13 11:49 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
    2010-11-13 11:49 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2010-11-13 11:49 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2010-11-13 11:49 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-11-13 11:49 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
    2010-11-13 11:49 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
    2010-11-13 11:48 . 2010-12-13 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Windows Live
    2010-11-13 11:48 . 2010-11-13 11:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-22 21:53 . 2010-10-18 09:28 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-18 23:41 . 2010-10-18 09:13 270720 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 20:25 . 2010-10-18 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-10-18 08:57 . 2010-10-18 08:57 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2010-10-18 08:57 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll
    2010-10-18 08:57 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2010-10-16 18:55 . 2009-07-13 21:59 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2010-10-16 18:55 . 2009-07-13 21:59 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2010-10-16 18:55 . 2009-06-10 20:37 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2010-10-16 02:13 . 2010-10-16 02:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
    2010-10-16 02:13 . 2010-10-16 02:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-10-16 02:13 . 2010-10-16 02:13 61032 ----a-w- c:\windows\system32\nvshext.dll
    2010-10-16 02:13 . 2010-10-16 02:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
    2010-10-16 02:13 . 2010-10-16 02:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
    2010-10-01 23:50 . 2010-10-18 08:41 90112 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2010-09-28 04:44 . 2010-09-28 04:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2010-09-28 04:44 . 2010-09-28 04:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 03:49 . 2010-09-21 03:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
    2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
    .
    Code:
    <pre>
    c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
    c:\program files (x86)\iTunes\iTunesHelper .exe
    c:\program files (x86)\PowerISO\PWRISOVM .exe
    c:\program files (x86)\QuickTime\QTTask .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
    "EA Core"="d:\games\FIFA 11\EADM\Core.exe" [N/A]
    "DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2988784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [N/A]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [N/A]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 42500]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Wxumimelumor"="c:\windows\system32\config\systemprofile\AppData\Local\necsev.dll" [N/A]

    c:\users\Omar al-Bashir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-12-7 0]
    GameRanger.lnk - c:\users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-9-30 1248992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 51456888]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-01 90112]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 19544]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
    R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-12-04 2560]
    R4 ReduceTheLag-v3;ReduceTheLag-v3;c:\program files (x86)\ReducetheLag\reducethelag_v3_service.exe [2010-12-06 174080]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.au/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    AddRemove-$NtUninstallMTF197$ - c:\windows\$NtUninstallMTF197$\apUninstall.exe
    AddRemove-Fallout New Vegas_is1 - d:\games\Fallout New Vegas\unins000.exe
    AddRemove-Worms Reloaded_is1 - d:\games\Worms Reloaded\unins000.exe
    AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files (x86)\Electronic Arts\The Lord of the Rings


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
    "1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f9,
    10,0a,f2,16,5c,a8,1c,4f,a3
    "2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1d,
    04,36,ee,2f,8d,a7,5c,96,01
    "3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,bb,
    5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
    "1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
    d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
    "2"=hex:5c,c7,46,22,af,0f,12,bb
    "3"=hex:81,20,8f,ab,28,6a,52,9c
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
    28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
    "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
    cb,1c,f8,37,0e,ea,aa,49,b6,53,77,3f,7e,31,6c,61,29,60,86,bb,06,4b,cb,4a,be,\
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:81,20,8f,ab,28,6a,52,9c
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    c:\program files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-13 15:00:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-13 04:00

    Pre-Run: 53,181,263,872 bytes free
    Post-Run: 52,872,437,760 bytes free

    - - End Of File - - A06D2422B929454E0D1BA0DDE1AD6EBB
  8. Broni

    Broni Malware Annihilator Posts: 45,195   +242

    MBRCheck log is incomplete.
    Please, redo.
  9. liam499

    liam499 Newcomer, in training Topic Starter

    sorry about that

    MBRCHECK

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x000003d5

    Kernel Drivers (total 185):
    0x02A53000 \SystemRoot\system32\ntoskrnl.exe
    0x02A0A000 \SystemRoot\system32\hal.dll
    0x00BCE000 \SystemRoot\system32\kdcom.dll
    0x00CF2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D36000 \SystemRoot\system32\PSHED.dll
    0x00D4A000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E3E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EE2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EF1000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F48000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F51000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F5B000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F8E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F9B000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FB0000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x010B5000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01111000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x01118000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x01128000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01142000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x0114B000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01175000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01180000 \SystemRoot\system32\drivers\fltmgr.sys
    0x011CC000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0124F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0147B000 \SystemRoot\System32\Drivers\cng.sys
    0x014EE000 \SystemRoot\System32\drivers\pcw.sys
    0x014FF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01509000 \SystemRoot\system32\drivers\ndis.sys
    0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0121A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01601000 \SystemRoot\System32\drivers\tcpip.sys
    0x0105E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x00DA8000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01460000 \SystemRoot\System32\Drivers\spldr.sys
    0x00FC5000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01468000 \SystemRoot\System32\Drivers\mup.sys
    0x01245000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x00E00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x011E0000 \SystemRoot\system32\DRIVERS\disk.sys
    0x00CC0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02A41000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02A6B000 \SystemRoot\System32\Drivers\Null.SYS
    0x02A74000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02A7B000 \SystemRoot\System32\drivers\vga.sys
    0x02A89000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02AAE000 \SystemRoot\System32\drivers\watchdog.sys
    0x02ABE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02AC7000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02AD0000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02AD9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02AE4000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02AF5000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02B13000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02B20000 \SystemRoot\system32\drivers\afd.sys
    0x02BAA000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02BEF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03CD6000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03CE5000 \SystemRoot\system32\DRIVERS\serial.sys
    0x03D02000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03D1D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03D31000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x03D4B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x03D55000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x03D5F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03DB0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03DBC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03DC7000 \SystemRoot\System32\drivers\discache.sys
    0x03DD6000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03C11000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x03C33000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03C59000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04603000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x051DD000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03A6D000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03B61000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03BA7000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x03BB3000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x03BC0000 \SystemRoot\system32\DRIVERS\parport.sys
    0x03BDD000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03A1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03A2D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03A3C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03A49000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03C6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03A54000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03BE5000 \SystemRoot\system32\DRIVERS\SiSG664.sys
    0x03E1A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03E3E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03E4E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03E64000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03E88000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03E94000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03EC3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03EDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03EFF000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03F19000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03F1B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03F5E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03F70000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x03F7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03FD5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x042C7000 \SystemRoot\system32\drivers\HdAudio.sys
    0x04323000 \SystemRoot\system32\drivers\portcls.sys
    0x04360000 \SystemRoot\system32\drivers\drmk.sys
    0x04382000 \SystemRoot\system32\drivers\ksthunk.sys
    0x000D0000 \SystemRoot\System32\win32k.sys
    0x04388000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04394000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x043B1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x043BF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x043CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x043D4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04200000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x0421B000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0421D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005C0000 \SystemRoot\System32\TSDDD.dll
    0x00650000 \SystemRoot\System32\cdd.dll
    0x0422B000 \SystemRoot\system32\drivers\luafv.sys
    0x0424E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x0426B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x0428C000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x042A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x03600000 \SystemRoot\system32\drivers\HTTP.sys
    0x036C8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x036E6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x036FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0372B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03779000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x054F7000 \SystemRoot\system32\drivers\peauth.sys
    0x0559D000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x055A8000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x055D5000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x05400000 \SystemRoot\system32\drivers\spsys.sys
    0x05471000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x058C1000 \SystemRoot\System32\DRIVERS\srv.sys
    0x05957000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x05988000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x059BE000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
    0x773B0000 \Windows\System32\ntdll.dll
    0x48240000 \Windows\System32\smss.exe
    0xFF6D0000 \Windows\System32\apisetschema.dll
    0xFF6B0000 \Windows\System32\autochk.exe
    0xFF5B0000 \Windows\System32\msctf.dll
    0xFF4D0000 \Windows\System32\oleaut32.dll
    0xFF400000 \Windows\System32\usp10.dll
    0xFF220000 \Windows\System32\setupapi.dll
    0xFF1A0000 \Windows\System32\shlwapi.dll
    0x77580000 \Windows\System32\normaliz.dll
    0x77290000 \Windows\System32\kernel32.dll
    0xFF070000 \Windows\System32\rpcrt4.dll
    0xFF020000 \Windows\System32\ws2_32.dll
    0xFEF80000 \Windows\System32\clbcatq.dll
    0xFEF50000 \Windows\System32\imm32.dll
    0xFEDD0000 \Windows\System32\urlmon.dll
    0xFEDC0000 \Windows\System32\lpk.dll
    0xFEDA0000 \Windows\System32\imagehlp.dll
    0xFECC0000 \Windows\System32\advapi32.dll
    0xFECA0000 \Windows\System32\sechost.dll
    0xFEC90000 \Windows\System32\nsi.dll
    0xFEB60000 \Windows\System32\wininet.dll
    0xFEAF0000 \Windows\System32\gdi32.dll
    0xFEA50000 \Windows\System32\comdlg32.dll
    0x77570000 \Windows\System32\psapi.dll
    0xFE7F0000 \Windows\System32\iertutil.dll
    0xFE7A0000 \Windows\System32\Wldap32.dll
    0xFE720000 \Windows\System32\difxapi.dll
    0xFD990000 \Windows\System32\shell32.dll
    0xFD8F0000 \Windows\System32\msvcrt.dll
    0xFD6E0000 \Windows\System32\ole32.dll
    0x77190000 \Windows\System32\user32.dll
    0xFD6C0000 \Windows\System32\devobj.dll
    0xFD620000 \Windows\System32\comctl32.dll
    0xFD5B0000 \Windows\System32\KernelBase.dll
    0xFD440000 \Windows\System32\crypt32.dll
    0xFD400000 \Windows\System32\wintrust.dll
    0xFD3C0000 \Windows\System32\cfgmgr32.dll
    0xFD3B0000 \Windows\System32\msasn1.dll
    0x75560000 \Windows\SysWOW64\normaliz.dll

    Processes (total 56):
    0 System Idle Process
    4 System
    360 C:\Windows\System32\smss.exe
    452 csrss.exe
    512 C:\Windows\System32\wininit.exe
    524 csrss.exe
    560 C:\Windows\System32\services.exe
    576 C:\Windows\System32\lsass.exe
    584 C:\Windows\System32\lsm.exe
    656 C:\Windows\System32\winlogon.exe
    748 C:\Windows\System32\svchost.exe
    832 C:\Windows\System32\nvvsvc.exe
    872 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    392 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1204 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1216 C:\Windows\System32\nvvsvc.exe
    1268 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\spoolsv.exe
    1472 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1496 C:\Windows\System32\svchost.exe
    1620 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1688 C:\Windows\System32\svchost.exe
    1752 C:\Windows\System32\sppsvc.exe
    1820 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1832 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1884 C:\Windows\System32\conhost.exe
    2436 C:\Windows\System32\svchost.exe
    2508 WUDFHost.exe
    2948 C:\Windows\System32\svchost.exe
    3020 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2088 C:\Windows\System32\SearchIndexer.exe
    2972 C:\Windows\System32\taskeng.exe
    1892 C:\Windows\System32\taskhost.exe
    1404 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    2816 C:\Windows\System32\dwm.exe
    2408 C:\Windows\explorer.exe
    2800 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    2344 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    1112 C:\Users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
    3656 C:\Windows\System32\svchost.exe
    3768 dllhost.exe
    3984 C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
    3920 C:\Windows\servicing\TrustedInstaller.exe
    3316 C:\Windows\System32\audiodg.exe
    3312 C:\Windows\System32\SearchProtocolHost.exe
    1148 C:\Windows\System32\SearchFilterHost.exe
    3900 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1768 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    4416 C:\Users\Omar al-Bashir\Desktop\MBRCheck.exe
    4428 C:\Windows\System32\conhost.exe
    4444 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200AAJS-00YFA0, Rev: 12.01C02

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  10. Broni

    Broni Malware Annihilator Posts: 45,195   +242

    That looks good :)

    We have some more serious stuff in Combofix log though....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RenV::
    c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
    c:\program files (x86)\iTunes\iTunesHelper .exe
    c:\program files (x86)\PowerISO\PWRISOVM .exe
    c:\program files (x86)\QuickTime\QTTask .exe
    
    File::
    c:\windows\system32\config\systemprofile\AppData\Local\necsev.dll
    
    Registry::
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Wxumimelumor"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  11. liam499

    liam499 Newcomer, in training Topic Starter

    ComboFix 10-12-12.02 - Omar al-Bashir 13/12/2010 17:27:04.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2047.1370 [GMT 11:00]
    Running from: c:\users\Omar al-Bashir\Desktop\ComboFix.exe
    Command switches used :: c:\users\Omar al-Bashir\Desktop\CFScript.txt
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\config\systemprofile\AppData\Local\necsev.dll"
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
    .

    2010-12-13 06:32 . 2010-12-13 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-12 23:45 . 2010-12-12 23:45 -------- d-----w- c:\windows\SysWow64\wbem\Logs
    2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\SUPERAntiSpyware.com
    2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\!SASCORE
    2010-12-12 23:08 . 2010-12-12 23:09 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-12-12 22:36 . 2010-12-13 06:36 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Temp
    2010-12-12 01:03 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54BC2105-53B8-4E80-9D45-7B9C4E5E6147}\mpengine.dll
    2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\Conduit
    2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\uTorrentBar
    2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- C:\extensions
    2010-12-09 01:04 . 2010-12-09 01:04 -------- d-----w- c:\program files (x86)\MegaDev
    2010-12-08 05:45 . 2010-12-12 22:20 -------- d-----w- c:\users\Admin
    2010-12-07 11:23 . 2010-12-07 11:23 -------- d-----w- c:\windows\SysWow64\URTTEMP
    2010-12-07 10:48 . 2010-12-07 10:48 -------- d-----w- c:\program files (x86)\Turbine
    2010-12-07 05:49 . 2010-12-13 06:34 -------- d-----w- c:\programdata\NVIDIA
    2010-12-07 05:48 . 2010-12-07 05:48 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-12-07 05:46 . 2010-12-07 05:46 -------- d-----w- C:\NVIDIA
    2010-12-07 04:04 . 2010-12-07 04:04 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Apps
    2010-12-07 04:04 . 2010-12-13 03:05 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Deployment
    2010-12-07 03:56 . 2010-12-07 04:04 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-12-07 03:53 . 2010-12-07 03:54 -------- d-----w- c:\program files (x86)\ReducetheLag
    2010-12-05 23:00 . 2010-12-05 23:00 -------- d-----w- c:\programdata\EA Core
    2010-12-05 19:02 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2010-12-05 14:11 . 2010-12-05 14:11 -------- d-----w- c:\programdata\Solidshield
    2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Malwarebytes
    2010-12-05 13:44 . 2010-11-29 06:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-05 13:43 . 2010-12-12 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-12-05 13:43 . 2010-11-29 06:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-04 08:26 . 2010-12-04 08:26 -------- d-----w- c:\program files (x86)\Reality Pump
    2010-12-04 08:24 . 2010-12-07 05:49 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2010-12-04 08:23 . 2010-12-04 08:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2010-12-04 07:01 . 2010-12-04 07:01 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Childish Things
    2010-12-04 07:01 . 2010-12-04 07:01 126976 ----a-w- c:\windows\lcmmfu.cpl
    2010-12-04 07:01 . 2010-12-08 05:21 681 --sha-w- c:\windows\SysWow64\mmf.sys
    2010-12-04 07:01 . 2010-12-04 07:01 48640 ----a-w- c:\windows\mmfs.dll
    2010-12-04 07:01 . 2010-12-04 07:01 2560 ----a-w- c:\windows\Runservice.exe
    2010-12-04 06:59 . 2008-03-04 09:38 348160 ----a-w- c:\windows\msvcr71.dll
    2010-12-04 06:59 . 2010-12-04 06:59 -------- d-----w- c:\program files (x86)\Childish Things
    2010-12-02 20:23 . 2010-12-07 09:00 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My Battle for Middle-earth(tm) II Files
    2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iPod
    2010-12-02 08:41 . 2010-12-13 06:26 -------- d-----w- c:\program files (x86)\iTunes
    2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iTunes
    2010-12-02 08:38 . 2010-12-02 08:38 -------- d-----w- c:\program files (x86)\Safari
    2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\program files (x86)\EA GAMES
    2010-12-01 05:06 . 2010-12-01 10:13 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2010-11-29 20:31 . 2010-12-02 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
    2010-11-25 06:53 . 2010-11-25 06:53 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Mount&Blade Warband
    2010-11-25 01:27 . 2010-11-25 01:27 -------- d-----w- c:\program files (x86)\Click Photobooks
    2010-11-23 20:32 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-11-23 20:32 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    2010-11-19 06:16 . 2010-12-07 03:57 -------- d-----w- c:\program files\PeerBlock
    2010-11-15 12:30 . 2010-12-07 12:43 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\gtk-2.0
    2010-11-15 12:30 . 2010-11-15 12:30 -------- d-----w- c:\users\Omar al-Bashir\.thumbnails
    2010-11-15 12:22 . 2010-12-07 16:21 -------- d-----w- c:\users\Omar al-Bashir\.gimp-2.6
    2010-11-15 12:16 . 2010-11-15 12:16 -------- d-----w- c:\program files (x86)\GIMP-2.0
    2010-11-15 08:06 . 2010-11-15 08:06 -------- d-----w- c:\program files (x86)\Real Alternative
    2010-11-14 16:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-11-13 23:41 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-11-13 12:00 . 2010-12-13 06:36 -------- d-----w- c:\users\Omar al-Bashir\Tracing
    2010-11-13 11:56 . 2010-11-13 11:56 -------- d-----w- c:\windows\en
    2010-11-13 11:55 . 2010-11-13 11:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2010-11-13 11:53 . 2010-11-13 11:56 -------- d-----w- c:\program files (x86)\Windows Live
    2010-11-13 11:53 . 2010-09-22 13:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-11-13 11:52 . 2010-11-13 11:53 -------- d-----w- c:\program files\Windows Live
    2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\MSN Toolbar
    2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\Bing Bar Installer
    2010-11-13 11:50 . 2010-11-13 23:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2010-11-13 11:50 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2010-11-13 11:50 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2010-11-13 11:50 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
    2010-11-13 11:50 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
    2010-11-13 11:49 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-11-13 11:49 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
    2010-11-13 11:49 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2010-11-13 11:49 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2010-11-13 11:49 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-11-13 11:49 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
    2010-11-13 11:49 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
    2010-11-13 11:48 . 2010-12-13 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Windows Live
    2010-11-13 11:48 . 2010-11-13 11:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-22 21:53 . 2010-10-18 09:28 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-18 23:41 . 2010-10-18 09:13 270720 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 20:25 . 2010-10-18 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-10-18 08:57 . 2010-10-18 08:57 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2010-10-18 08:57 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll
    2010-10-18 08:57 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2010-10-16 18:55 . 2009-07-13 21:59 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2010-10-16 18:55 . 2009-07-13 21:59 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2010-10-16 18:55 . 2009-06-10 20:37 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2010-10-16 02:13 . 2010-10-16 02:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
    2010-10-16 02:13 . 2010-10-16 02:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-10-16 02:13 . 2010-10-16 02:13 61032 ----a-w- c:\windows\system32\nvshext.dll
    2010-10-16 02:13 . 2010-10-16 02:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
    2010-10-16 02:13 . 2010-10-16 02:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
    2010-10-01 23:50 . 2010-10-18 08:41 90112 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2010-09-28 04:44 . 2010-09-28 04:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2010-09-28 04:44 . 2010-09-28 04:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 03:49 . 2010-09-21 03:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
    2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
    .
    Code:
    <pre>
    c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
    </pre>
    ((((((((((((((((((((((((((((( SnapShot@2010-12-13_03.55.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-18 09:58 . 2010-12-13 06:37 30116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2010-12-13 06:36 34132 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-10-18 08:40 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-10-18 08:40 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-10-18 08:40 . 2010-12-13 06:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-10-18 08:40 . 2010-12-13 03:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-10-18 08:40 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-10-18 08:40 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-10-18 09:41 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-10-18 09:41 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-10-18 09:41 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-10-18 09:41 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-10-18 08:57 . 2010-12-13 06:36 8698 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3003097052-818712326-2118001154-1001_UserData.bin
    - 2010-12-13 03:44 . 2010-12-13 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-12-13 06:34 . 2010-12-13 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-12-13 06:34 . 2010-12-13 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2010-12-13 03:44 . 2010-12-13 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-10-21 18:47 . 2010-12-13 06:21 244306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 05:01 . 2010-12-13 06:33 396648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2010-12-13 03:43 396648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-11-13 12:57 . 2010-12-13 06:33 617858 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3003097052-818712326-2118001154-1001-12288.dat
    - 2010-11-13 12:57 . 2010-12-13 03:43 617858 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3003097052-818712326-2118001154-1001-12288.dat
    - 2009-07-14 02:34 . 2010-12-13 02:20 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2010-12-13 04:52 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
    "EA Core"="d:\games\FIFA 11\EADM\Core.exe" [N/A]
    "DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2988784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-17 421160]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 42500]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

    c:\users\Omar al-Bashir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-12-7 0]
    GameRanger.lnk - c:\users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-9-30 1248992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 51456888]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-01 90112]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 19544]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
    R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-12-04 2560]
    R4 ReduceTheLag-v3;ReduceTheLag-v3;c:\program files (x86)\ReducetheLag\reducethelag_v3_service.exe [2010-12-06 174080]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.au/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
    "1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f9,
    10,0a,f2,16,5c,a8,1c,4f,a3
    "2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1d,
    04,36,ee,2f,8d,a7,5c,96,01
    "3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,bb,
    5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
    "1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
    d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
    "2"=hex:5c,c7,46,22,af,0f,12,bb
    "3"=hex:81,20,8f,ab,28,6a,52,9c
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
    28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
    "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
    cb,1c,f8,37,0e,ea,aa,49,b6,53,77,3f,7e,31,6c,61,29,60,86,bb,06,4b,cb,4a,be,\
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:81,20,8f,ab,28,6a,52,9c
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-13 17:40:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-13 06:40
    ComboFix2.txt 2010-12-13 04:00

    Pre-Run: 52,919,193,600 bytes free
    Post-Run: 52,654,379,008 bytes free

    - - End Of File - - 7849C1E67E5F021AA67CDB3B6C450921
  12. Broni

    Broni Malware Annihilator Posts: 45,195   +242

    One "baddie" left...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RenV::
    c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.