TechSpot

Redirected when Browsing on net

By JJ1
Oct 29, 2010
  1. Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4993

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/29/2010 5:50:48 PM
    mbam-log-2010-10-29 (17-50-48).txt

    Scan type: Quick scan
    Objects scanned: 138728
    Time elapsed: 4 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-29 17:44:39
    Windows 6.1.7600
    Running: 5s08s842.exe; Driver: C:\Users\GARYBU~1\AppData\Local\Temp\awliypoc.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A89599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9123A000, 0x2D5378, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[3524] ntdll.dll!LdrLoadDll 7772F625 5 Bytes JMP 002B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3676] USER32.dll!TrackPopupMenu 75BB4B3B 5 Bytes JMP 6C105CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 91F 7638B9EC 4 Bytes [89, 92, 4A, 6A]
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 927 7638B9F4 4 Bytes [A4, 91, 4A, 6A]
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 943 7638BA10 4 Bytes [89, 92, 4A, 6A]
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 94C 7638BA19 3 Bytes [91, 4A, 6A]
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 95F 7638BA2C 4 Bytes [0E, 67, 49, 6A]
    .text ...
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!SHCreateDirectoryExW + E08 763DDFB0 4 Bytes [89, 92, 4A, 6A]
    .text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!SHCreateDirectoryExW + E10 763DDFB8 8 Bytes [A4, 91, 4A, 6A, 2C, 93, 4A, ...]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 862D9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-4 862D9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 862D9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 862D9AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 862D9AEA
    Device \Device\Ide\IdeDeviceP3T0L0-3 -> \??\IDE#DiskST3160023A______________________________8.01____#5&2819fc14&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Gary Buriani at 17:53:54.61 on Fri 10/29/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2196 [GMT -7:00]

    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\CtHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe
    C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe
    C:\Windows\system32\conhost.exe
    C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\Gary Buriani\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = <local>
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\users\garybu~1\appdata\local\temp\ixp000.tmp\"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\garybu~1\appdata\roaming\mozilla\firefox\profiles\zndw0ill.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - HiddenExtension: XULRunner: {E1C89B07-1D7F-4846-9B4F-EFCE33EE95A3} - c:\users\gary buriani\appdata\local\{e1c89b07-1d7f-4846-9b4f-efce33ee95a3}\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-9 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-9 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-9 60936]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    =============== Created Last 30 ================

    2010-10-30 00:17:24 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0ee410d9-e87c-4a67-8088-e5d73119bf9f}\mpengine.dll
    2010-10-26 17:28:31 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-10-26 17:28:31 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-10-26 17:28:30 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-10-26 17:28:30 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-10-26 17:28:00 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-10-20 14:01:08 469256 ----a-w- c:\program files\common files\windows live\.cache\3d8452181cb705f2d\InstallManager_WLE_WLE.exe
    2010-10-20 14:00:53 15712 ----a-w- c:\program files\common files\windows live\.cache\351450c71cb705f22\MeshBetaRemover.exe
    2010-10-20 14:00:39 94040 ----a-w- c:\program files\common files\windows live\.cache\2cd9b81f1cb705f1a\DSETUP.dll
    2010-10-20 14:00:39 525656 ----a-w- c:\program files\common files\windows live\.cache\2cd9b81f1cb705f1a\DXSETUP.exe
    2010-10-20 14:00:39 1691480 ----a-w- c:\program files\common files\windows live\.cache\2cd9b81f1cb705f1a\dsetup32.dll
    2010-10-20 14:00:38 94040 ----a-w- c:\program files\common files\windows live\.cache\2c0cc82f1cb705f19\DSETUP.dll
    2010-10-20 14:00:38 525656 ----a-w- c:\program files\common files\windows live\.cache\2c0cc82f1cb705f19\DXSETUP.exe
    2010-10-20 14:00:38 1691480 ----a-w- c:\program files\common files\windows live\.cache\2c0cc82f1cb705f19\dsetup32.dll
    2010-10-20 14:00:17 6260088 ----a-w- c:\program files\common files\windows live\.cache\1f01d0bb1cb705f0e\Silverlight.4.0.exe
    2010-10-20 13:59:47 -------- d-----w- c:\users\garybu~1\appdata\local\Windows Live
    2010-10-20 13:59:22 3181568 ----a-w- c:\windows\system32\mf.dll
    2010-10-20 13:59:22 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-10-20 13:59:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-20 01:17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-10-20 01:06:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 01:06:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-18 21:28:30 388096 ----a-r- c:\users\garybu~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-10-14 04:56:59 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 04:56:59 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 04:56:59 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-14 04:56:59 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 04:56:59 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 04:56:58 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-14 04:56:57 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-07 14:24:37 674280 ----a-w- c:\windows\system32\thescarecrow_3264060.scr
    2010-10-07 14:22:17 674280 ----a-w- c:\windows\system32\thethanksgivingfeast_3264061.scr
    2010-09-30 21:25:16 30376 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-09-30 11:18:24 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
    2010-09-30 04:21:51 190976 ----a-w- c:\windows\system32\drivers\ks.sys

    ==================== Find3M ====================

    2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-21 21:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
    2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-05 02:29:16 87608 ----a-w- c:\users\garybu~1\appdata\roaming\inst.exe
    2010-09-05 02:29:16 47360 ----a-w- c:\users\garybu~1\appdata\roaming\pcouffin.sys
    2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-26 21:22:44 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 17:54:32.45 ===============
     
  2. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/5/2010 1:55:00 AM
    System Uptime: 10/29/2010 5:12:07 PM (0 hours ago)

    Motherboard: BIOSTAR Group | | A780L
    Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2800/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 105.993 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP53: 10/19/2010 8:26:33 AM - Windows Update
    RP54: 10/20/2010 6:59:11 AM - Windows Update
    RP55: 10/20/2010 7:33:56 AM - Windows Update
    RP56: 10/20/2010 6:22:16 PM - Windows Update
    RP57: 10/22/2010 7:46:46 AM - Windows Update
    RP58: 10/26/2010 10:27:58 AM - Windows Update
    RP59: 10/27/2010 12:37:06 AM - Windows Update
    RP60: 10/28/2010 1:26:21 AM - Windows Update
    RP61: 10/29/2010 5:16:35 PM - Windows Update

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    AnyDVD
    Avira AntiVir Personal - Free Antivirus
    CCleaner
    CloneDVD2
    Collectorz.com Movie Collector
    ConvertXtoDVD 4.0.3.312
    D3DX10
    DVD Shrink 3.2
    HiJackThis
    HijackThis 2.0.0
    ImgBurn
    Java(TM) 6 Update 15
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.12)
    MSVCRT
    OGA Notifier 2.0.0048.0
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SUPERAntiSpyware
    thescarecrow_3264060 Screen Saver
    thethanksgivingfeast_3264061 Screen Saver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2410711)
    Veetle TV 0.9.18
    Vuze
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    10/29/2010 9:52:05 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 6 time(s).
    10/29/2010 9:32:11 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
    10/29/2010 9:32:11 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s).
    10/29/2010 8:45:35 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
    10/29/2010 8:35:11 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
    10/29/2010 8:27:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    10/29/2010 8:25:52 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
    10/29/2010 5:12:22 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    10/29/2010 5:12:22 PM, Error: atikmdag [43029] - Display is not active
    10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
    10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 5:01:39 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/29/2010 4:54:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82c52050, 0x8d98752c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102910-17581-01.
    10/29/2010 12:58:57 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 96 time(s).
    10/29/2010 12:57:23 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 95 time(s).
    10/29/2010 12:55:49 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 94 time(s).
    10/29/2010 12:54:15 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 93 time(s).
    10/29/2010 12:52:30 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 92 time(s).
    10/29/2010 12:52:30 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 22 time(s).
    10/29/2010 12:51:07 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 91 time(s).
    10/29/2010 12:49:33 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 90 time(s).
    10/29/2010 12:47:58 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 89 time(s).
    10/29/2010 12:46:24 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 88 time(s).
    10/29/2010 12:44:38 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 87 time(s).
    10/29/2010 12:44:38 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 21 time(s).
    10/29/2010 12:43:16 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 86 time(s).
    10/29/2010 12:41:42 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 85 time(s).
    10/29/2010 12:40:08 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 84 time(s).
    10/29/2010 12:38:33 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 83 time(s).
    10/29/2010 12:36:48 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 82 time(s).
    10/29/2010 12:36:48 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 20 time(s).
    10/29/2010 12:35:25 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 81 time(s).
    10/29/2010 12:33:51 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 80 time(s).
    10/29/2010 12:32:17 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 79 time(s).
    10/29/2010 12:30:43 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 78 time(s).
    10/29/2010 12:28:56 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 77 time(s).
    10/29/2010 12:28:56 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 19 time(s).
    10/29/2010 12:27:35 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 76 time(s).
    10/29/2010 12:26:00 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 75 time(s).
    10/29/2010 12:24:26 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 74 time(s).
    10/29/2010 12:22:52 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 73 time(s).
    10/29/2010 12:21:06 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 72 time(s).
    10/29/2010 12:21:06 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 18 time(s).
    10/29/2010 12:19:44 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 71 time(s).
    10/29/2010 12:18:10 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 70 time(s).
    10/29/2010 12:16:35 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 69 time(s).
    10/29/2010 12:15:01 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 68 time(s).
    10/29/2010 12:13:16 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 67 time(s).
    10/29/2010 12:13:16 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 17 time(s).
    10/29/2010 12:11:53 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 66 time(s).
    10/29/2010 12:10:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 65 time(s).
    10/29/2010 12:08:45 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 64 time(s).
    10/29/2010 12:07:11 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 63 time(s).
    10/29/2010 12:05:24 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 62 time(s).
    10/29/2010 12:05:24 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 16 time(s).
    10/29/2010 12:04:02 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 61 time(s).
    10/29/2010 12:02:28 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 60 time(s).
    10/29/2010 12:00:54 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 59 time(s).
    10/29/2010 11:59:20 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 58 time(s).
    10/29/2010 11:57:34 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 57 time(s).
    10/29/2010 11:57:34 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 15 time(s).
    10/29/2010 11:56:12 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 56 time(s).
    10/29/2010 11:54:38 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 55 time(s).
    10/29/2010 11:53:03 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 54 time(s).
    10/29/2010 11:51:29 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 53 time(s).
    10/29/2010 11:49:44 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 52 time(s).
    10/29/2010 11:49:44 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 14 time(s).
    10/29/2010 11:48:21 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 51 time(s).
    10/29/2010 11:46:47 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 50 time(s).
    10/29/2010 11:45:13 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 49 time(s).
    10/29/2010 11:43:39 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 48 time(s).
    10/29/2010 11:41:53 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 47 time(s).
    10/29/2010 11:41:53 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 13 time(s).
    10/29/2010 11:40:30 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 46 time(s).
    10/29/2010 11:38:56 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 45 time(s).
    10/29/2010 11:37:22 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 44 time(s).
    10/29/2010 11:35:48 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 43 time(s).
    10/29/2010 11:34:01 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 42 time(s).
    10/29/2010 11:34:01 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 12 time(s).
    10/29/2010 11:32:40 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 41 time(s).
    10/29/2010 11:31:06 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 40 time(s).
    10/29/2010 11:29:31 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 39 time(s).
    10/29/2010 11:27:57 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 38 time(s).
    10/29/2010 11:26:11 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 37 time(s).
    10/29/2010 11:26:11 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 11 time(s).
    10/29/2010 11:24:49 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 36 time(s).
    10/29/2010 11:23:15 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 35 time(s).
    10/29/2010 11:21:41 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 34 time(s).
    10/29/2010 11:20:06 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 33 time(s).
    10/29/2010 11:18:21 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 32 time(s).
    10/29/2010 11:18:21 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 10 time(s).
    10/29/2010 11:16:58 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 31 time(s).
    10/29/2010 11:15:24 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 30 time(s).
    10/29/2010 11:13:50 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 29 time(s).
    10/29/2010 11:12:16 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 28 time(s).
    10/29/2010 11:10:29 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 27 time(s).
    10/29/2010 11:10:29 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 9 time(s).
    10/29/2010 11:09:08 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 26 time(s).
    10/29/2010 11:07:33 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 25 time(s).
    10/29/2010 11:05:59 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 24 time(s).
    10/29/2010 11:04:25 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 23 time(s).
    10/29/2010 11:02:39 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 22 time(s).
    10/29/2010 11:02:39 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 8 time(s).
    10/29/2010 11:01:17 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 21 time(s).
    10/29/2010 10:59:43 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 20 time(s).
    10/29/2010 10:58:09 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 19 time(s).
    10/29/2010 10:56:34 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 18 time(s).
    10/29/2010 10:54:49 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 17 time(s).
    10/29/2010 10:54:49 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 7 time(s).
    10/29/2010 10:53:26 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 16 time(s).
    10/29/2010 10:51:52 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 15 time(s).
    10/29/2010 10:50:18 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 14 time(s).
    10/29/2010 10:48:44 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 13 time(s).
    10/29/2010 10:46:57 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 12 time(s).
    10/29/2010 10:46:57 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 6 time(s).
    10/29/2010 10:45:35 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 11 time(s).
    10/29/2010 10:44:01 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 10 time(s).
    10/29/2010 10:32:37 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 9 time(s).
    10/29/2010 10:21:13 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 8 time(s).
    10/29/2010 10:21:13 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 5 time(s).
    10/29/2010 10:03:29 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 7 time(s).
    10/29/2010 1:42:53 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 124 time(s).
    10/29/2010 1:41:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 123 time(s).
    10/29/2010 1:39:34 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 122 time(s).
    10/29/2010 1:39:34 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 28 time(s).
    10/29/2010 1:38:11 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 121 time(s).
    10/29/2010 1:36:37 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 120 time(s).
    10/29/2010 1:35:03 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 119 time(s).
    10/29/2010 1:33:29 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 118 time(s).
    10/29/2010 1:31:42 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 117 time(s).
    10/29/2010 1:31:42 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 27 time(s).
    10/29/2010 1:30:20 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 116 time(s).
    10/29/2010 1:28:46 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 115 time(s).
    10/29/2010 1:27:12 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 114 time(s).
    10/29/2010 1:25:38 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 113 time(s).
    10/29/2010 1:23:52 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 112 time(s).
    10/29/2010 1:23:52 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 26 time(s).
    10/29/2010 1:22:30 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 111 time(s).
    10/29/2010 1:20:55 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 110 time(s).
    10/29/2010 1:19:21 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 109 time(s).
    10/29/2010 1:17:47 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 108 time(s).
    10/29/2010 1:16:02 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 107 time(s).
    10/29/2010 1:16:02 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 25 time(s).
    10/29/2010 1:14:39 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 106 time(s).
    10/29/2010 1:13:05 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 105 time(s).
    10/29/2010 1:11:30 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 104 time(s).
    10/29/2010 1:09:56 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 103 time(s).
    10/29/2010 1:08:10 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 102 time(s).
    10/29/2010 1:08:10 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 24 time(s).
    10/29/2010 1:06:48 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 101 time(s).
    10/29/2010 1:05:14 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 100 time(s).
    10/29/2010 1:03:40 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 99 time(s).
    10/29/2010 1:02:06 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 98 time(s).
    10/29/2010 1:00:20 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 97 time(s).
    10/29/2010 1:00:20 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 23 time(s).
    10/28/2010 11:50:07 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    10/28/2010 1:32:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
    10/27/2010 12:37:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 (KB2249857).

    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: BIOSTAR Group
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: BIOSTAR Group
    System Product Name: A780L
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 194):
    0x82A46000 \SystemRoot\system32\ntkrnlpa.exe
    0x82A0F000 \SystemRoot\system32\halmacpi.dll
    0x80BC6000 \SystemRoot\system32\kdcom.dll
    0x8B40C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x8B417000 \SystemRoot\system32\PSHED.dll
    0x8B428000 \SystemRoot\system32\BOOTVID.dll
    0x8B430000 \SystemRoot\system32\CLFS.SYS
    0x8B472000 \SystemRoot\system32\CI.dll
    0x8B51D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8B58E000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8B59C000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8B5E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8B5ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8B61C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8B646000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8B651000 \SystemRoot\System32\drivers\partmgr.sys
    0x8B662000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8B672000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8B6BD000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8B6C4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8B6D2000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8B6E8000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8B6F1000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8B714000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8B71D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B751000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B816000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B945000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8B970000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B983000 \SystemRoot\System32\Drivers\cng.sys
    0x8B9E0000 \SystemRoot\System32\drivers\pcw.sys
    0x8B9EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8BA2E000 \SystemRoot\system32\drivers\ndis.sys
    0x8BAE5000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8BB23000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8BC32000 \SystemRoot\System32\drivers\tcpip.sys
    0x8BD7B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8BDAC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8BDB5000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8BDF4000 \SystemRoot\System32\Drivers\spldr.sys
    0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8BB48000 \SystemRoot\System32\Drivers\mup.sys
    0x8BB58000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8BB60000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8BB92000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8BBA3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8BA1F000 \SystemRoot\System32\Drivers\Null.SYS
    0x8BA26000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8B800000 \SystemRoot\System32\drivers\vga.sys
    0x8B762000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8B783000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B80C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8B9F7000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B790000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8B798000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8B7A3000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B7B1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B7C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x90628000 \SystemRoot\system32\drivers\afd.sys
    0x90682000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x906B4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x906BB000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x906DA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x906E8000 \SystemRoot\system32\DRIVERS\serial.sys
    0x90702000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90715000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x90725000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x9072B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x9074D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x90753000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90794000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9079E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x907A8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x907B2000 \SystemRoot\System32\drivers\discache.sys
    0x9102B000 \SystemRoot\system32\drivers\csc.sys
    0x9108F000 \SystemRoot\System32\Drivers\dfsc.sys
    0x910A7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x910B5000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x910D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x910F8000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x91239000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x91109000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x9174E000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x91787000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x917A6000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x917CB000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x91803000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9184E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x9185D000 \SystemRoot\System32\Drivers\AnyDVD.sys
    0x91876000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x91881000 \SystemRoot\system32\DRIVERS\parport.sys
    0x91899000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x918B1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x918BE000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x918CB000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x918D5000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x91953000 \SystemRoot\system32\drivers\portcls.sys
    0x91982000 \SystemRoot\system32\drivers\drmk.sys
    0x9199B000 \SystemRoot\system32\drivers\ks.sys
    0x91200000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x919CF000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x919D7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x919E0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x919ED000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x917D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x917ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x911C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x911E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x91000000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x907BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x91017000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x907D5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x91800000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x907DF000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x93207000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x9324B000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x93255000 \SystemRoot\system32\drivers\hap17v2k.sys
    0x93287000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0x93391000 \SystemRoot\system32\drivers\emupia2k.sys
    0x933C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x933D1000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x93E24000 \SystemRoot\system32\drivers\HdAudio.sys
    0x93E74000 \SystemRoot\system32\COMMONFX.DLL
    0x93E8F000 \SystemRoot\system32\CTAUDFX.DLL
    0x93F1A000 \SystemRoot\system32\CTSBLFX.DLL
    0x82500000 \SystemRoot\System32\win32k.sys
    0x93FA8000 \SystemRoot\System32\drivers\Dxapi.sys
    0x93FB2000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x93FBF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x93FCA000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x93FD3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x93FE4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x82760000 \SystemRoot\System32\TSDDD.dll
    0x82790000 \SystemRoot\System32\cdd.dll
    0x93E00000 \SystemRoot\system32\drivers\luafv.sys
    0x90600000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x8BBC8000 \SystemRoot\system32\drivers\WudfPf.sys
    0x93FEF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x90615000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9983B000 \SystemRoot\system32\drivers\HTTP.sys
    0x998C0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x998D9000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x998EB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9990E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x99949000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x99964000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0xA0C1F000 \SystemRoot\system32\drivers\peauth.sys
    0xA0CB6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA0CC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA0D4B000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA0D58000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA0DA7000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA0C00000 \??\C:\Users\GARYBU~1\AppData\Local\Temp\awliypoc.sys
    0xA0CE1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x776D0000 \Windows\System32\ntdll.dll
    0x47760000 \Windows\System32\smss.exe
    0x77910000 \Windows\System32\apisetschema.dll
    0x003A0000 \Windows\System32\autochk.exe
    0x778C0000 \Windows\System32\ws2_32.dll
    0x77810000 \Windows\System32\msvcrt.dll
    0x776B0000 \Windows\System32\imm32.dll
    0x77660000 \Windows\System32\gdi32.dll
    0x775B0000 \Windows\System32\rpcrt4.dll
    0x77450000 \Windows\System32\ole32.dll
    0x773B0000 \Windows\System32\advapi32.dll
    0x772B0000 \Windows\System32\wininet.dll
    0x77220000 \Windows\System32\oleaut32.dll
    0x770E0000 \Windows\System32\urlmon.dll
    0x77000000 \Windows\System32\kernel32.dll
    0x76FB0000 \Windows\System32\Wldap32.dll
    0x76F90000 \Windows\System32\sechost.dll
    0x76F80000 \Windows\System32\normaliz.dll
    0x76330000 \Windows\System32\shell32.dll
    0x76300000 \Windows\System32\imagehlp.dll
    0x762A0000 \Windows\System32\difxapi.dll
    0x76100000 \Windows\System32\setupapi.dll
    0x760F0000 \Windows\System32\psapi.dll
    0x76070000 \Windows\System32\comdlg32.dll
    0x75FE0000 \Windows\System32\clbcatq.dll
    0x75F40000 \Windows\System32\usp10.dll
    0x75F30000 \Windows\System32\nsi.dll
    0x75F20000 \Windows\System32\lpk.dll
    0x75D20000 \Windows\System32\iertutil.dll
    0x75C50000 \Windows\System32\msctf.dll
    0x75B80000 \Windows\System32\user32.dll
    0x75B20000 \Windows\System32\shlwapi.dll
    0x75B00000 \Windows\System32\devobj.dll
    0x75A70000 \Windows\System32\comctl32.dll
    0x75950000 \Windows\System32\crypt32.dll
    0x75900000 \Windows\System32\KernelBase.dll
    0x758D0000 \Windows\System32\wintrust.dll
    0x758A0000 \Windows\System32\cfgmgr32.dll
    0x75890000 \Windows\System32\msasn1.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    292 C:\Windows\System32\smss.exe
    376 csrss.exe
    448 C:\Windows\System32\wininit.exe
    456 csrss.exe
    496 C:\Windows\System32\services.exe
    524 C:\Windows\System32\lsass.exe
    532 C:\Windows\System32\lsm.exe
    556 C:\Windows\System32\winlogon.exe
    676 C:\Windows\System32\svchost.exe
    788 C:\Windows\System32\svchost.exe
    852 C:\Windows\System32\atiesrxx.exe
    920 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\atieclxx.exe
    1372 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\spoolsv.exe
    1516 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1540 C:\Windows\System32\svchost.exe
    1632 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1752 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1776 C:\Windows\System32\svchost.exe
    1792 C:\Windows\System32\conhost.exe
    1832 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2020 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2112 C:\Windows\System32\svchost.exe
    2192 C:\Windows\System32\taskhost.exe
    2432 C:\Windows\System32\dwm.exe
    2516 C:\Windows\explorer.exe
    2620 C:\Windows\System32\CtHelper.exe
    2636 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2656 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    2688 C:\Program Files\Windows Sidebar\sidebar.exe
    3056 C:\Windows\System32\SearchIndexer.exe
    3952 C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe
    3972 C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe
    2932 C:\Windows\System32\svchost.exe
    164 C:\Windows\System32\svchost.exe
    3544 C:\Windows\System32\audiodg.exe
    1404 C:\Program Files\Mozilla Firefox\firefox.exe
    4084 C:\Program Files\Mozilla Firefox\plugin-container.exe
    688 C:\Windows\System32\SearchProtocolHost.exe
    3700 C:\Windows\System32\SearchFilterHost.exe
    2796 C:\Users\Gary Buriani\Downloads\MBRCheck.exe
    1304 C:\Windows\System32\conhost.exe
    3168 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: ST3160023A, Rev: 8.01

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  5. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    I havent installed combofix yet, i wanted to post the mbrcheck log first and wait for instructions.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    MBR looks good :)
    Go ahead with Combofix.
     
  7. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    i will run it when i get home and post log. thx for the quick response!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Sure thing :)
     
  9. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    ComboFix 10-11-01.06 - Gary Buriani 11/02/2010 *11:04:24.3.4 - x86
    Microsoft Windows 7 Ultimate **6.1.7600.0.1252.1.1033.18.3327.2532 [GMT -7:00]
    Running from: c:\users\Gary Buriani\Desktop\test.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    .

    ((((((((((((((((((((((((((((((((((((((( **Other Deletions **)))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\DRIVERS\serial.sys was found and disinfected
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys

    .
    ((((((((((((((((((((((((( **Files Created from 2010-10-02 to 2010-11-02 *)))))))))))))))))))))))))))))))
    .

    2010-11-02 18:08 . 2010-11-02 18:08 * *-------- * *d-----w- * *c:\users\Default\AppData\Local\temp
    2010-11-02 15:41 . 2010-10-07 23:21 * *6146896 * *----a-w- * *c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC55999A-0E5E-4F40-A6CD-7B33C7F709F5}\mpengine.dll
    2010-10-31 02:16 . 2010-11-02 18:10 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\temp
    2010-10-26 17:28 . 2010-08-04 06:18 * *641536 * *----a-w- * *c:\windows\system32\CPFilters.dll
    2010-10-26 17:28 . 2010-08-04 06:17 * *417792 * *----a-w- * *c:\windows\system32\msdri.dll
    2010-10-26 17:28 . 2010-08-04 06:15 * *204288 * *----a-w- * *c:\windows\system32\MSNP.ax
    2010-10-26 17:28 . 2010-08-04 06:15 * *199680 * *----a-w- * *c:\windows\system32\mpg2splt.ax
    2010-10-26 17:28 . 2010-07-13 05:22 * *26504 * *----a-w- * *c:\windows\system32\drivers\Diskdump.sys
    2010-10-20 14:01 . 2010-10-20 14:01 * *469256 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\3d8452181cb705f2d\InstallManager_WLE_WLE.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *15712 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\351450c71cb705f22\MeshBetaRemover.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DSETUP.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DXSETUP.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\dsetup32.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DSETUP.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DXSETUP.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\dsetup32.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *6260088 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\1f01d0bb1cb705f0e\Silverlight.4.0.exe
    2010-10-20 13:59 . 2010-10-20 13:59 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\Windows Live
    2010-10-20 13:59 . 2010-05-23 10:11 * *196608 * *----a-w- * *c:\windows\system32\mfreadwrite.dll
    2010-10-20 13:59 . 2010-05-23 10:11 * *3181568 * *----a-w- * *c:\windows\system32\mf.dll
    2010-10-20 13:59 . 2010-05-23 10:15 * *1619456 * *----a-w- * *c:\windows\system32\WMVDECOD.DLL
    2010-10-20 01:17 . 2010-10-20 01:19 * *-------- * *d-----w- * *c:\program files\SUPERAntiSpyware
    2010-10-20 01:06 . 2010-04-29 22:39 * *38224 * *----a-w- * *c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 01:06 . 2010-04-29 22:39 * *20952 * *----a-w- * *c:\windows\system32\drivers\mbam.sys
    2010-10-18 21:28 . 2010-10-18 21:28 * *388096 * *----a-r- * *c:\users\Gary Buriani\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-14 04:56 . 2010-09-01 02:34 * *2327552 * *----a-w- * *c:\windows\system32\win32k.sys
    2010-10-14 04:56 . 2010-08-27 05:46 * *168448 * *----a-w- * *c:\windows\system32\srvsvc.dll
    2010-10-14 04:56 . 2010-08-27 03:31 * *310784 * *----a-w- * *c:\windows\system32\drivers\srv.sys
    2010-10-14 04:56 . 2010-08-27 03:30 * *308736 * *----a-w- * *c:\windows\system32\drivers\srv2.sys
    2010-10-14 04:56 . 2010-08-27 03:30 * *113664 * *----a-w- * *c:\windows\system32\drivers\srvnet.sys
    2010-10-14 04:56 . 2010-08-21 05:36 * *738816 * *----a-w- * *c:\windows\system32\wmpmde.dll
    2010-10-14 04:56 . 2010-05-05 06:46 * *363520 * *----a-w- * *c:\windows\system32\StructuredQuery.dll
    2010-10-07 14:24 . 2010-10-07 14:24 * *674280 * *----a-w- * *c:\windows\system32\thescarecrow_3264060.scr
    2010-10-07 14:22 . 2010-10-07 14:22 * *674280 * *----a-w- * *c:\windows\system32\thethanksgivingfeast_3264061.scr

    .
    (((((((((((((((((((((((((((((((((((((((( **Find3M Report **))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 18:41 . 2010-07-04 18:34 * *222080 * *------w- * *c:\windows\system32\MpSigStub.exe
    2010-09-30 21:25 . 2010-09-30 21:25 * *30376 * *----a-w- * *c:\windows\system32\drivers\ElbyCDIO.sys
    2010-09-30 11:18 . 2010-09-30 11:18 * *89256 * *----a-w- * *c:\windows\system32\ElbyCDIO.dll
    2010-09-21 21:03 . 2010-09-21 21:03 * *208768 * *----a-w- * *c:\windows\system32\LIVESSP.DLL
    2010-09-14 13:16 . 2010-09-14 13:16 * *108480 * *----a-w- * *c:\windows\system32\drivers\AnyDVD.sys
    2010-09-07 17:04 . 2010-08-11 16:47 * *1286016 * *----a-w- * *c:\windows\system32\drivers\tcpip.sys
    2010-09-07 15:57 . 2010-09-07 15:57 * *0 * *----a-w- * *c:\users\Gary Buriani\AppData\Local\Dgewutoqi.bin
    2010-09-05 02:29 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\users\Gary Buriani\AppData\Roaming\pcouffin.sys
    2010-09-05 02:13 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\windows\system32\drivers\pcouffin.sys
    2010-08-26 21:22 . 2010-08-26 21:22 * *411368 * *----a-w- * *c:\windows\system32\deploytk.dll
    2010-08-21 05:32 . 2010-09-15 15:06 * *316928 * *----a-w- * *c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( **Reg Loading Points **))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-10-02 4537280]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages * *REG_MULTI_SZ ** * *kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Gary Buriani\AppData\Roaming\Mozilla\Firefox\Profiles\zndw0ill.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
    FF - prefs.js: network.proxy.type - 0

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); *// Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); *// Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: ST3160023A rev.8.01 -> \Device\Ide\IdePort0

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x862B8EC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85d10872; SUB DWORD [EBP-0x4], 0x85d1012e; PUSH EDI; CALL 0xffffffffffffdf33; *}
    1 ntkrnlpa!IofCallDriver[0x82A58458] -> \Device\Harddisk0\DR0[0x85FC7030]
    3 CLASSPNP[0x8BBA259E] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x85E873F8]
    5 ACPI[0x8B5AA3B2] -> ntkrnlpa!IofCallDriver[0x82A58458] -> \IdeDeviceP3T0L0-3[0x85E8C908]
    [0x862A2848] -> IRP_MJ_CREATE -> 0x862B8EC5
    error: Read *The system cannot find the file specified.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; *}
    detected hooks:
    \Device\Ide\IdeDeviceP3T0L0-3 -> \??\IDE#DiskST3160023A______________________________8.01____#5&2819fc14&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    Filesystem trace:
    called modules: ntkrnlpa.exe halmacpi.dll fltmgr.sys avgntflt.sys luafv.sys fileinfo.sys Ntfs.sys
    1 ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862AF020]
    3 fltmgr[0x8B712206] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862B4020]
    5 ntkrnlpa[0x82C59F69] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862AF020]
    7 fltmgr[0x8B712206] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862B4020]

    Registry trace:
    called modules: ntkrnlpa.exe halmacpi.dll avipbb.sys

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1016)
    c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
    c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
    c:\windows\system32\prnfldr.dll
    c:\windows\System32\AltTab.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\AUDIODG.EXE
    c:\windows\system32\atieclxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-02 *11:13:28 - machine was rebooted
    ComboFix-quarantined-files.txt *2010-11-02 18:13
    ComboFix2.txt *2010-10-31 02:26

    Pre-Run: 114,781,896,704 bytes free
    Post-Run: 114,685,358,080 bytes free

    - - End Of File - - 57EF89EA9314D8EBA2188299C0F7BA45
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    2010/11/02 19:44:25.0635 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/11/02 19:44:25.0635 ================================================================================
    2010/11/02 19:44:25.0635 SystemInfo:
    2010/11/02 19:44:25.0635
    2010/11/02 19:44:25.0635 OS Version: 6.1.7600 ServicePack: 0.0
    2010/11/02 19:44:25.0635 Product type: Workstation
    2010/11/02 19:44:25.0635 ComputerName: GARYBURIANI-PC
    2010/11/02 19:44:25.0635 UserName: Gary Buriani
    2010/11/02 19:44:25.0635 Windows directory: C:\Windows
    2010/11/02 19:44:25.0635 System windows directory: C:\Windows
    2010/11/02 19:44:25.0635 Processor architecture: Intel x86
    2010/11/02 19:44:25.0635 Number of processors: 4
    2010/11/02 19:44:25.0635 Page size: 0x1000
    2010/11/02 19:44:25.0635 Boot type: Normal boot
    2010/11/02 19:44:25.0635 ================================================================================
    2010/11/02 19:44:25.0791 Initialize success
    2010/11/02 19:44:37.0959 ================================================================================
    2010/11/02 19:44:37.0959 Scan started
    2010/11/02 19:44:37.0959 Mode: Manual;
    2010/11/02 19:44:37.0959 ================================================================================
    2010/11/02 19:44:38.0864 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/11/02 19:44:38.0910 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/11/02 19:44:38.0942 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/11/02 19:44:38.0988 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/11/02 19:44:39.0035 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/11/02 19:44:39.0066 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/11/02 19:44:39.0129 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2010/11/02 19:44:39.0238 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2010/11/02 19:44:39.0378 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2010/11/02 19:44:39.0410 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2010/11/02 19:44:39.0472 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2010/11/02 19:44:39.0503 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2010/11/02 19:44:39.0550 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/11/02 19:44:39.0581 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/11/02 19:44:39.0628 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/11/02 19:44:39.0690 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/11/02 19:44:39.0722 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/11/02 19:44:39.0800 AnyDVD (2859c5ec3943911bf1e6458089a75f35) C:\Windows\system32\Drivers\AnyDVD.sys
    2010/11/02 19:44:39.0862 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2010/11/02 19:44:39.0924 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2010/11/02 19:44:39.0956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/11/02 19:44:40.0002 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/02 19:44:40.0034 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2010/11/02 19:44:40.0205 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/11/02 19:44:40.0392 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
    2010/11/02 19:44:40.0424 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
    2010/11/02 19:44:40.0502 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2010/11/02 19:44:40.0564 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2010/11/02 19:44:40.0626 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2010/11/02 19:44:40.0689 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/11/02 19:44:40.0736 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/02 19:44:40.0782 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/11/02 19:44:40.0814 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/11/02 19:44:40.0892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2010/11/02 19:44:40.0938 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/11/02 19:44:40.0970 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/11/02 19:44:41.0001 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/11/02 19:44:41.0063 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/11/02 19:44:41.0235 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/02 19:44:41.0266 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/02 19:44:41.0313 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2010/11/02 19:44:41.0360 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2010/11/02 19:44:41.0438 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/02 19:44:41.0469 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/11/02 19:44:41.0531 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2010/11/02 19:44:41.0578 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\Windows\system32\COMMONFX.DLL
    2010/11/02 19:44:41.0609 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/02 19:44:41.0656 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/11/02 19:44:41.0718 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/11/02 19:44:41.0765 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2010/11/02 19:44:41.0812 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\Windows\system32\CT20XUT.DLL
    2010/11/02 19:44:41.0874 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\Windows\system32\drivers\ctac32k.sys
    2010/11/02 19:44:41.0937 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\Windows\system32\drivers\ctaud2k.sys
    2010/11/02 19:44:41.0999 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\Windows\system32\CTAUDFX.DLL
    2010/11/02 19:44:42.0062 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\Windows\system32\drivers\ctdvda2k.sys
    2010/11/02 19:44:42.0108 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\Windows\system32\CTEAPSFX.DLL
    2010/11/02 19:44:42.0140 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\Windows\system32\CTEDSPFX.DLL
    2010/11/02 19:44:42.0186 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\Windows\system32\CTEDSPIO.DLL
    2010/11/02 19:44:42.0249 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\Windows\system32\CTEDSPSY.DLL
    2010/11/02 19:44:42.0296 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\Windows\system32\CTERFXFX.DLL
    2010/11/02 19:44:42.0358 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\Windows\system32\CTEXFIFX.DLL
    2010/11/02 19:44:42.0436 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\Windows\system32\CTHWIUT.DLL
    2010/11/02 19:44:42.0498 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\Windows\system32\drivers\ctprxy2k.sys
    2010/11/02 19:44:42.0561 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\Windows\system32\CTSBLFX.DLL
    2010/11/02 19:44:42.0639 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\Windows\system32\drivers\ctsfm2k.sys
    2010/11/02 19:44:42.0717 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/02 19:44:42.0779 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2010/11/02 19:44:42.0810 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2010/11/02 19:44:42.0904 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/02 19:44:42.0982 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/02 19:44:43.0107 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2010/11/02 19:44:43.0263 ElbyCDIO (64664287ca449c060fe46941dd67dd5f) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/11/02 19:44:43.0310 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/11/02 19:44:43.0372 emupia (2885f72d2daffd0329272f12e16d6579) C:\Windows\system32\drivers\emupia2k.sys
    2010/11/02 19:44:43.0434 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2010/11/02 19:44:43.0512 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2010/11/02 19:44:43.0590 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2010/11/02 19:44:43.0637 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/02 19:44:43.0684 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/02 19:44:43.0746 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2010/11/02 19:44:43.0778 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/02 19:44:43.0809 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/02 19:44:43.0902 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2010/11/02 19:44:43.0934 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/02 19:44:43.0980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/11/02 19:44:44.0012 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/11/02 19:44:44.0074 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\Windows\system32\drivers\ha10kx2k.sys
    2010/11/02 19:44:44.0152 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\Windows\system32\drivers\hap16v2k.sys
    2010/11/02 19:44:44.0199 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\Windows\system32\drivers\hap17v2k.sys
    2010/11/02 19:44:44.0246 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2010/11/02 19:44:44.0308 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/02 19:44:44.0355 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/02 19:44:44.0417 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/11/02 19:44:44.0464 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/11/02 19:44:44.0495 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2010/11/02 19:44:44.0542 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/02 19:44:44.0620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/11/02 19:44:44.0682 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2010/11/02 19:44:44.0745 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2010/11/02 19:44:44.0776 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/02 19:44:44.0838 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/11/02 19:44:44.0870 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/11/02 19:44:44.0916 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2010/11/02 19:44:44.0963 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/02 19:44:45.0010 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/02 19:44:45.0072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/11/02 19:44:45.0104 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2010/11/02 19:44:45.0150 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2010/11/02 19:44:45.0228 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/11/02 19:44:45.0291 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/02 19:44:45.0322 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/02 19:44:45.0369 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/11/02 19:44:45.0416 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/02 19:44:45.0462 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/11/02 19:44:45.0540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/02 19:44:45.0603 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/11/02 19:44:45.0634 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/11/02 19:44:45.0681 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/11/02 19:44:45.0712 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/11/02 19:44:45.0743 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2010/11/02 19:44:45.0806 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2010/11/02 19:44:45.0852 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/11/02 19:44:45.0915 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2010/11/02 19:44:45.0946 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/02 19:44:45.0993 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/02 19:44:46.0040 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/02 19:44:46.0071 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/02 19:44:46.0133 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2010/11/02 19:44:46.0180 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/02 19:44:46.0227 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/02 19:44:46.0289 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/02 19:44:46.0336 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/02 19:44:46.0383 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/02 19:44:46.0461 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2010/11/02 19:44:46.0492 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/11/02 19:44:46.0539 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2010/11/02 19:44:46.0586 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/11/02 19:44:46.0617 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/11/02 19:44:46.0679 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/02 19:44:46.0757 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/02 19:44:46.0804 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/02 19:44:46.0866 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/02 19:44:46.0898 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/02 19:44:46.0944 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/02 19:44:46.0976 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/11/02 19:44:47.0038 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2010/11/02 19:44:47.0100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/02 19:44:47.0178 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2010/11/02 19:44:47.0241 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/11/02 19:44:47.0288 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/02 19:44:47.0334 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/02 19:44:47.0366 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/02 19:44:47.0444 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/02 19:44:47.0475 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/02 19:44:47.0506 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/02 19:44:47.0568 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/11/02 19:44:47.0600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2010/11/02 19:44:47.0662 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/02 19:44:47.0724 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/02 19:44:47.0802 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2010/11/02 19:44:47.0834 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/11/02 19:44:47.0880 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/11/02 19:44:47.0912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/11/02 19:44:47.0974 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/11/02 19:44:48.0052 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\Windows\system32\drivers\ctoss2k.sys
    2010/11/02 19:44:48.0114 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2010/11/02 19:44:48.0177 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2010/11/02 19:44:48.0208 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2010/11/02 19:44:48.0255 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2010/11/02 19:44:48.0286 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2010/11/02 19:44:48.0333 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/11/02 19:44:48.0426 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/11/02 19:44:48.0473 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2010/11/02 19:44:48.0536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2010/11/02 19:44:48.0660 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/02 19:44:48.0692 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2010/11/02 19:44:48.0738 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/02 19:44:48.0848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/11/02 19:44:48.0972 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/11/02 19:44:49.0004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/02 19:44:49.0050 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/02 19:44:49.0097 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/11/02 19:44:49.0144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/02 19:44:49.0175 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/02 19:44:49.0238 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/02 19:44:49.0284 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/02 19:44:49.0316 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/11/02 19:44:49.0347 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/02 19:44:49.0394 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2010/11/02 19:44:49.0456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/02 19:44:49.0518 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2010/11/02 19:44:49.0550 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/02 19:44:49.0612 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2010/11/02 19:44:49.0659 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/02 19:44:49.0706 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2010/11/02 19:44:49.0768 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2010/11/02 19:44:49.0846 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2010/11/02 19:44:49.0893 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2010/11/02 19:44:50.0033 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/11/02 19:44:50.0080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/11/02 19:44:50.0158 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/11/02 19:44:50.0220 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2010/11/02 19:44:50.0267 Serial (f000a86e8614313788a313becbae329a) C:\Windows\system32\DRIVERS\serial.sys
    2010/11/02 19:44:50.0267 Suspicious file (Forged): C:\Windows\system32\DRIVERS\serial.sys. Real md5: f000a86e8614313788a313becbae329a, Fake md5: 7bda5089e7fa4a74d20b59348417b4e3
    2010/11/02 19:44:50.0283 Serial - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/02 19:44:50.0314 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/11/02 19:44:50.0376 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/11/02 19:44:50.0423 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/11/02 19:44:50.0470 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/11/02 19:44:50.0517 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/11/02 19:44:50.0595 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2010/11/02 19:44:50.0657 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/11/02 19:44:50.0688 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/11/02 19:44:50.0751 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/02 19:44:50.0798 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2010/11/02 19:44:50.0876 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/02 19:44:50.0954 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/02 19:44:51.0000 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/02 19:44:51.0047 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2010/11/02 19:44:51.0125 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/11/02 19:44:51.0188 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2010/11/02 19:44:51.0219 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2010/11/02 19:44:51.0266 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/02 19:44:51.0359 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2010/11/02 19:44:51.0468 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/02 19:44:51.0578 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/02 19:44:51.0640 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/02 19:44:51.0687 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/02 19:44:51.0765 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/02 19:44:51.0796 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/02 19:44:51.0874 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/02 19:44:51.0905 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/02 19:44:51.0952 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/11/02 19:44:51.0999 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/02 19:44:52.0077 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/11/02 19:44:52.0155 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/02 19:44:52.0186 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2010/11/02 19:44:52.0248 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/02 19:44:52.0280 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/11/02 19:44:52.0311 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/02 19:44:52.0358 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/02 19:44:52.0389 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/11/02 19:44:52.0436 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/02 19:44:52.0514 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/11/02 19:44:52.0560 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/02 19:44:52.0592 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/02 19:44:52.0654 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/11/02 19:44:52.0701 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/02 19:44:52.0732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2010/11/02 19:44:52.0779 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/11/02 19:44:52.0810 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2010/11/02 19:44:52.0841 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2010/11/02 19:44:52.0888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2010/11/02 19:44:52.0950 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2010/11/02 19:44:52.0997 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2010/11/02 19:44:53.0044 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/11/02 19:44:53.0091 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/02 19:44:53.0153 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/11/02 19:44:53.0216 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/11/02 19:44:53.0278 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2010/11/02 19:44:53.0340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/11/02 19:44:53.0372 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/02 19:44:53.0387 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/02 19:44:53.0450 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2010/11/02 19:44:53.0496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/02 19:44:53.0574 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/11/02 19:44:53.0637 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2010/11/02 19:44:53.0715 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/02 19:44:53.0777 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/02 19:44:53.0840 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2010/11/02 19:44:53.0886 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/02 19:44:53.0933 ================================================================================
    2010/11/02 19:44:53.0933 Scan finished
    2010/11/02 19:44:53.0933 ================================================================================
    2010/11/02 19:44:53.0949 Detected object count: 1
    2010/11/02 19:46:18.0267 Serial (f000a86e8614313788a313becbae329a) C:\Windows\system32\DRIVERS\serial.sys
    2010/11/02 19:46:18.0267 Suspicious file (Forged): C:\Windows\system32\DRIVERS\serial.sys. Real md5: f000a86e8614313788a313becbae329a, Fake md5: 7bda5089e7fa4a74d20b59348417b4e3
    2010/11/02 19:46:18.0470 Backup copy found, using it..
    2010/11/02 19:46:18.0485 C:\Windows\system32\DRIVERS\serial.sys - will be cured after reboot
    2010/11/02 19:46:18.0485 Rootkit.Win32.TDSS.tdl3(Serial) - User select action: Cure
    2010/11/02 19:48:17.0482 Deinitialize success
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very good :)

    Delete your Combofix file, download fresh one and post new log.
     
  13. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    ComboFix 10-11-02.06 - Gary Buriani 11/03/2010 *11:01:30.4.4 - x86
    Microsoft Windows 7 Ultimate **6.1.7600.0.1252.1.1033.18.3327.2457 [GMT -7:00]
    Running from: c:\users\Gary Buriani\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    .

    ((((((((((((((((((((((((( **Files Created from 2010-10-03 to 2010-11-03 *)))))))))))))))))))))))))))))))
    .

    2010-11-03 18:04 . 2010-11-03 18:04 * *-------- * *d-----w- * *c:\users\Default\AppData\Local\temp
    2010-11-03 16:02 . 2010-11-03 16:02 * *-------- * *d-----w- * *c:\program files\Common Files\Adobe
    2010-11-03 02:52 . 2010-11-03 02:53 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\Windows Live Writer
    2010-11-03 02:52 . 2010-11-03 02:52 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Roaming\Windows Live Writer
    2010-11-02 15:41 . 2010-10-07 23:21 * *6146896 * *----a-w- * *c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC55999A-0E5E-4F40-A6CD-7B33C7F709F5}\mpengine.dll
    2010-10-31 02:16 . 2010-11-03 18:04 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\temp
    2010-10-26 17:28 . 2010-08-04 06:18 * *641536 * *----a-w- * *c:\windows\system32\CPFilters.dll
    2010-10-26 17:28 . 2010-08-04 06:17 * *417792 * *----a-w- * *c:\windows\system32\msdri.dll
    2010-10-26 17:28 . 2010-08-04 06:15 * *204288 * *----a-w- * *c:\windows\system32\MSNP.ax
    2010-10-26 17:28 . 2010-08-04 06:15 * *199680 * *----a-w- * *c:\windows\system32\mpg2splt.ax
    2010-10-26 17:28 . 2010-07-13 05:22 * *26504 * *----a-w- * *c:\windows\system32\drivers\Diskdump.sys
    2010-10-20 14:01 . 2010-10-20 14:01 * *469256 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\3d8452181cb705f2d\InstallManager_WLE_WLE.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *15712 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\351450c71cb705f22\MeshBetaRemover.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DSETUP.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DXSETUP.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\dsetup32.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DSETUP.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DXSETUP.exe
    2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\dsetup32.dll
    2010-10-20 14:00 . 2010-10-20 14:00 * *6260088 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\1f01d0bb1cb705f0e\Silverlight.4.0.exe
    2010-10-20 13:59 . 2010-11-03 02:54 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\Windows Live
    2010-10-20 13:59 . 2010-05-23 10:11 * *196608 * *----a-w- * *c:\windows\system32\mfreadwrite.dll
    2010-10-20 13:59 . 2010-05-23 10:11 * *3181568 * *----a-w- * *c:\windows\system32\mf.dll
    2010-10-20 13:59 . 2010-05-23 10:15 * *1619456 * *----a-w- * *c:\windows\system32\WMVDECOD.DLL
    2010-10-20 01:17 . 2010-10-20 01:19 * *-------- * *d-----w- * *c:\program files\SUPERAntiSpyware
    2010-10-20 01:06 . 2010-04-29 22:39 * *38224 * *----a-w- * *c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 01:06 . 2010-04-29 22:39 * *20952 * *----a-w- * *c:\windows\system32\drivers\mbam.sys
    2010-10-18 21:28 . 2010-10-18 21:28 * *388096 * *----a-r- * *c:\users\Gary Buriani\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-14 04:56 . 2010-09-01 02:34 * *2327552 * *----a-w- * *c:\windows\system32\win32k.sys
    2010-10-14 04:56 . 2010-08-27 05:46 * *168448 * *----a-w- * *c:\windows\system32\srvsvc.dll
    2010-10-14 04:56 . 2010-08-27 03:31 * *310784 * *----a-w- * *c:\windows\system32\drivers\srv.sys
    2010-10-14 04:56 . 2010-08-27 03:30 * *308736 * *----a-w- * *c:\windows\system32\drivers\srv2.sys
    2010-10-14 04:56 . 2010-08-27 03:30 * *113664 * *----a-w- * *c:\windows\system32\drivers\srvnet.sys
    2010-10-14 04:56 . 2010-08-21 05:36 * *738816 * *----a-w- * *c:\windows\system32\wmpmde.dll
    2010-10-14 04:56 . 2010-05-05 06:46 * *363520 * *----a-w- * *c:\windows\system32\StructuredQuery.dll
    2010-10-07 14:24 . 2010-10-07 14:24 * *674280 * *----a-w- * *c:\windows\system32\thescarecrow_3264060.scr
    2010-10-07 14:22 . 2010-10-07 14:22 * *674280 * *----a-w- * *c:\windows\system32\thethanksgivingfeast_3264061.scr

    .
    (((((((((((((((((((((((((((((((((((((((( **Find3M Report **))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-03 02:48 . 2009-07-13 23:45 * *83456 * *----a-w- * *c:\windows\system32\drivers\serial.sys
    2010-10-19 18:41 . 2010-07-04 18:34 * *222080 * *------w- * *c:\windows\system32\MpSigStub.exe
    2010-09-30 21:25 . 2010-09-30 21:25 * *30376 * *----a-w- * *c:\windows\system32\drivers\ElbyCDIO.sys
    2010-09-30 11:18 . 2010-09-30 11:18 * *89256 * *----a-w- * *c:\windows\system32\ElbyCDIO.dll
    2010-09-21 21:03 . 2010-09-21 21:03 * *208768 * *----a-w- * *c:\windows\system32\LIVESSP.DLL
    2010-09-14 13:16 . 2010-09-14 13:16 * *108480 * *----a-w- * *c:\windows\system32\drivers\AnyDVD.sys
    2010-09-07 17:04 . 2010-08-11 16:47 * *1286016 * *----a-w- * *c:\windows\system32\drivers\tcpip.sys
    2010-09-07 15:57 . 2010-09-07 15:57 * *0 * *----a-w- * *c:\users\Gary Buriani\AppData\Local\Dgewutoqi.bin
    2010-09-05 02:29 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\users\Gary Buriani\AppData\Roaming\pcouffin.sys
    2010-09-05 02:13 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\windows\system32\drivers\pcouffin.sys
    2010-08-26 21:22 . 2010-08-26 21:22 * *411368 * *----a-w- * *c:\windows\system32\deploytk.dll
    2010-08-21 05:32 . 2010-09-15 15:06 * *316928 * *----a-w- * *c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( **Reg Loading Points **))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-10-02 4537280]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
    "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages * *REG_MULTI_SZ ** * *kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Gary Buriani\AppData\Roaming\Mozilla\Firefox\Profiles\zndw0ill.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
    FF - prefs.js: network.proxy.type - 0

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); *// Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); *// Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys


    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3620)
    c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
    .
    Completion time: 2010-11-03 *11:05:00
    ComboFix-quarantined-files.txt *2010-11-03 18:05
    ComboFix2.txt *2010-11-02 18:13
    ComboFix3.txt *2010-10-31 02:26

    Pre-Run: 113,526,280,192 bytes free
    Post-Run: 113,508,032,512 bytes free

    - - End Of File - - EF0C671D7676CE33228B6954F1138B41
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...