Inactive Infected Windows 7 64 bit Machine, BSOD's upon using DDS

[liam499]

Computer is infected quite badly I think
It will not BSOD if not booted in Safe Mode
It also BSOD's if I try and use DDS
GMER returned no results

and here is my MBAM log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

8/12/2010 12:12:40 PM
mbam-log-2010-12-08 (12-12-40).txt

Scan type: Quick scan
Objects scanned: 149604
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6CD48497-A88A-4647-8169-71CB056CC0A9} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chkazcichst.chkazcichst.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chkazcichst.chkazcichst (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfazcicpr.adfazcicpr.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfazcicpr.adfazcicpr (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9789E83-5397-4FFC-B094-102F5FD714D3} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumazcicgrm.brumazcicgrm.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumazcicgrm.brumazcicgrm (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E19399C-AC08-432A-930B-34367A855610} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\$ntuninstallmtf197$\jcdyr.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\vscpi.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

and

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5302

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

13/12/2010 9:57:31 AM
mbam-log-2010-12-13 (09-57-31).txt

Scan type: Quick scan
Objects scanned: 167244
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Fonts\18XF5r.com (Malware.Generic) -> Quarantined and deleted successfully.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[liam499]

Scanned and rootkit was found
Whats the next step?

2010/12/13 11:21:01.0623 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/13 11:21:01.0623 ================================================================================
2010/12/13 11:21:01.0623 SystemInfo:
2010/12/13 11:21:01.0623
2010/12/13 11:21:01.0623 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/13 11:21:01.0623 Product type: Workstation
2010/12/13 11:21:01.0623 ComputerName: OMARAL-BASHIR
2010/12/13 11:21:01.0623 UserName: Omar al-Bashir
2010/12/13 11:21:01.0623 Windows directory: C:\Windows
2010/12/13 11:21:01.0623 System windows directory: C:\Windows
2010/12/13 11:21:01.0623 Running under WOW64
2010/12/13 11:21:01.0623 Processor architecture: Intel x64
2010/12/13 11:21:01.0623 Number of processors: 2
2010/12/13 11:21:01.0623 Page size: 0x1000
2010/12/13 11:21:01.0623 Boot type: Safe boot with network
2010/12/13 11:21:01.0623 ================================================================================
2010/12/13 11:21:01.0623 Utility is running under WOW64
2010/12/13 11:21:02.0122 Initialize success
2010/12/13 11:21:04.0431 ================================================================================
2010/12/13 11:21:04.0431 Scan started
2010/12/13 11:21:04.0431 Mode: Manual;
2010/12/13 11:21:04.0431 ================================================================================
2010/12/13 11:21:05.0351 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/13 11:21:05.0414 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/13 11:21:05.0445 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/13 11:21:05.0492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/13 11:21:05.0523 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/13 11:21:05.0570 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/13 11:21:05.0632 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/13 11:21:05.0679 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/13 11:21:05.0710 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/13 11:21:05.0757 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/13 11:21:05.0788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/13 11:21:05.0819 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/13 11:21:05.0866 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/13 11:21:05.0897 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/13 11:21:05.0929 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/13 11:21:05.0991 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/13 11:21:06.0053 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/13 11:21:06.0085 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/13 11:21:06.0147 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/13 11:21:06.0178 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/13 11:21:06.0225 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/13 11:21:06.0272 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/13 11:21:06.0334 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/13 11:21:06.0381 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/13 11:21:06.0459 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/13 11:21:06.0506 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/13 11:21:06.0568 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/13 11:21:06.0599 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/13 11:21:06.0631 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/13 11:21:06.0677 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/13 11:21:06.0709 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/13 11:21:06.0740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/13 11:21:06.0771 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/13 11:21:06.0818 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/13 11:21:06.0865 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/13 11:21:06.0911 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/13 11:21:06.0958 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/13 11:21:07.0005 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/13 11:21:07.0099 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/13 11:21:07.0145 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/13 11:21:07.0364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/13 11:21:07.0395 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/13 11:21:07.0442 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/13 11:21:07.0489 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/13 11:21:07.0567 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/13 11:21:07.0613 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/13 11:21:07.0660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/13 11:21:07.0738 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/13 11:21:07.0801 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/13 11:21:07.0941 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/13 11:21:08.0097 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/13 11:21:08.0144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/13 11:21:08.0222 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/13 11:21:08.0253 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/13 11:21:08.0300 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/13 11:21:08.0347 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/13 11:21:08.0378 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/13 11:21:08.0409 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/13 11:21:08.0456 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/13 11:21:08.0518 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/13 11:21:08.0596 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/13 11:21:08.0627 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/13 11:21:08.0705 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/13 11:21:08.0737 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/13 11:21:08.0799 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/13 11:21:08.0861 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/13 11:21:08.0908 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/12/13 11:21:08.0955 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/13 11:21:08.0986 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/13 11:21:09.0033 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/13 11:21:09.0049 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/13 11:21:09.0095 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/13 11:21:09.0158 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/13 11:21:09.0220 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/13 11:21:09.0267 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/13 11:21:09.0314 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/13 11:21:09.0361 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/13 11:21:09.0423 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/13 11:21:09.0470 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/13 11:21:09.0517 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/13 11:21:09.0563 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/13 11:21:09.0595 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/13 11:21:09.0626 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/13 11:21:09.0688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/13 11:21:09.0719 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/13 11:21:09.0751 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/13 11:21:09.0797 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/13 11:21:09.0844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/13 11:21:09.0875 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/13 11:21:09.0907 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/13 11:21:09.0953 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/13 11:21:10.0047 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/13 11:21:10.0125 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/13 11:21:10.0141 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/13 11:21:10.0187 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/13 11:21:10.0219 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/13 11:21:10.0265 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/13 11:21:10.0312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/13 11:21:10.0343 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/13 11:21:10.0437 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/13 11:21:10.0468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/13 11:21:10.0531 MotioninJoyXFilter (df59d849426bf9ab7f4cf3e63c4d6643) C:\Windows\system32\DRIVERS\MijXfilt.sys
2010/12/13 11:21:10.0593 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/13 11:21:10.0640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/13 11:21:10.0702 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/13 11:21:10.0749 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/13 11:21:10.0811 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/13 11:21:10.0858 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/13 11:21:10.0889 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/13 11:21:10.0921 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/13 11:21:10.0967 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/13 11:21:10.0999 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/13 11:21:11.0030 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/13 11:21:11.0108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/13 11:21:11.0139 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/13 11:21:11.0170 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/13 11:21:11.0233 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/13 11:21:11.0264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/13 11:21:11.0295 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/13 11:21:11.0342 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/13 11:21:11.0389 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/13 11:21:11.0435 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/13 11:21:11.0467 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/13 11:21:11.0513 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/13 11:21:11.0576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/13 11:21:11.0638 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/13 11:21:11.0716 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/13 11:21:11.0779 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/13 11:21:11.0825 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/13 11:21:11.0857 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/13 11:21:11.0888 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/13 11:21:11.0919 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/13 11:21:11.0981 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/13 11:21:12.0028 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/13 11:21:12.0106 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/13 11:21:12.0153 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/13 11:21:12.0200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/13 11:21:12.0278 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/13 11:21:12.0340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/13 11:21:12.0902 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/13 11:21:13.0183 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/13 11:21:13.0229 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/13 11:21:13.0276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/13 11:21:13.0307 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/13 11:21:13.0417 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/13 11:21:13.0448 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/13 11:21:13.0510 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
2010/12/13 11:21:13.0557 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/13 11:21:13.0588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/13 11:21:13.0635 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/13 11:21:13.0666 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/13 11:21:13.0713 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/13 11:21:13.0885 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/13 11:21:13.0916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/13 11:21:13.0963 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/13 11:21:14.0025 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/13 11:21:14.0087 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/13 11:21:14.0134 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/13 11:21:14.0165 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/13 11:21:14.0212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/13 11:21:14.0243 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/13 11:21:14.0290 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/13 11:21:14.0321 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/13 11:21:14.0368 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/13 11:21:14.0415 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/13 11:21:14.0462 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/13 11:21:14.0509 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/13 11:21:14.0555 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/13 11:21:14.0587 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/13 11:21:14.0633 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/13 11:21:14.0743 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/13 11:21:14.0821 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/12/13 11:21:14.0852 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/12/13 11:21:14.0883 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/13 11:21:14.0945 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2010/12/13 11:21:14.0977 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/13 11:21:15.0055 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/13 11:21:15.0117 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/13 11:21:15.0148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/13 11:21:15.0179 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/13 11:21:15.0242 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/13 11:21:15.0273 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/13 11:21:15.0304 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/13 11:21:15.0335 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/13 11:21:15.0398 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2010/12/13 11:21:15.0429 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/13 11:21:15.0460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/13 11:21:15.0507 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/13 11:21:15.0569 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/13 11:21:15.0632 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/13 11:21:15.0679 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/13 11:21:15.0725 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/13 11:21:15.0788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/13 11:21:15.0819 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/13 11:21:15.0959 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/13 11:21:16.0069 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/13 11:21:16.0115 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/13 11:21:16.0162 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/13 11:21:16.0193 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/13 11:21:16.0240 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/13 11:21:16.0271 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/13 11:21:16.0349 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/13 11:21:16.0412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/13 11:21:16.0490 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/13 11:21:16.0552 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/13 11:21:16.0615 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/13 11:21:16.0661 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/13 11:21:16.0693 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/13 11:21:16.0771 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2010/12/13 11:21:16.0802 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/13 11:21:16.0849 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/13 11:21:16.0864 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/13 11:21:16.0927 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/13 11:21:16.0958 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/13 11:21:16.0989 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/13 11:21:17.0036 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/13 11:21:17.0067 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/13 11:21:17.0083 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/13 11:21:17.0145 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/13 11:21:17.0192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/13 11:21:17.0223 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/13 11:21:17.0270 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/13 11:21:17.0301 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/13 11:21:17.0332 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/13 11:21:17.0363 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/13 11:21:17.0410 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/13 11:21:17.0457 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/13 11:21:17.0504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/13 11:21:17.0551 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/13 11:21:17.0597 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/13 11:21:17.0629 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/13 11:21:17.0707 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/13 11:21:17.0753 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/13 11:21:17.0847 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/13 11:21:17.0878 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/13 11:21:18.0019 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/13 11:21:18.0065 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/13 11:21:18.0143 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/13 11:21:18.0221 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/13 11:21:18.0268 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/13 11:21:18.0362 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
2010/12/13 11:21:18.0424 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/13 11:21:18.0440 ================================================================================
2010/12/13 11:21:18.0440 Scan finished
2010/12/13 11:21:18.0440 ================================================================================
2010/12/13 11:21:18.0471 Detected object count: 1
2010/12/13 11:21:25.0819 \HardDisk0 - will be cured after reboot
2010/12/13 11:21:25.0819 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/13 11:21:29.0173 Deinitialize success

 

[Broni]

Good

See, if you can boot in normaL mode and run DDS.

 

[liam499]

DDS ran perfectly

y
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Omar al-Bashir at 14:18:25.29 on Mon 13/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2047.1195 [GMT 11:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
C:\Users\Omar al-Bashir\AppData\Local\Apps\2.0\7JDTX0YC.WRH\YL1JQJKV.ROT\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SndVol.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Admin.Omaral-Bashir\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EA Core] "D:\Games\FIFA 11\EADM\Core.exe" -silent
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask .exe" -atboottime
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
dRun: [Wxumimelumor] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\necsev.dll",Startup
StartupFolder: C:\Users\Omar al-Bashir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\OMARAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERA~1.LNK - C:\Users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-30 128752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-18 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-18 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-18 83120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-10-18 90112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-11-19 19544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 135664]
S4 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2010-12-4 2560]
S4 ReduceTheLag-v3;ReduceTheLag-v3;C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [2010-12-6 174080]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-12-12 23:45:11 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
2010-12-12 23:08:53 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\SUPERAntiSpyware.com
2010-12-12 23:08:53 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-12-12 23:08:49 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-12-12 23:08:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-12-12 22:54:40 81922 ----a-w- C:\PROGRA~3\GQIhgV73.exe
2010-12-12 22:38:50 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-12 22:36:22 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Temp
2010-12-12 01:03:39 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{54BC2105-53B8-4E80-9D45-7B9C4E5E6147}\mpengine.dll
2010-12-09 05:33:40 -------- d-----w- C:\Program Files (x86)\Conduit
2010-12-09 05:33:38 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2010-12-09 05:33:35 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2010-12-09 05:33:32 -------- d-----w- C:\extensions
2010-12-09 01:04:40 -------- d-----w- C:\Program Files (x86)\MegaDev
2010-12-08 05:34:06 -------- d-----w- C:\Windows\pss
2010-12-07 11:23:11 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2010-12-07 10:48:44 -------- d-----w- C:\Program Files (x86)\Turbine
2010-12-07 05:48:26 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-12-07 05:46:36 -------- d-----w- C:\NVIDIA
2010-12-07 04:04:48 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Apps
2010-12-07 04:04:47 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Deployment
2010-12-07 03:56:56 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-12-07 03:53:59 -------- d-----w- C:\Program Files (x86)\ReducetheLag
2010-12-05 23:00:02 -------- d-----w- C:\PROGRA~3\EA Core
2010-12-05 19:02:51 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2010-12-05 14:11:41 -------- d-----w- C:\PROGRA~3\Solidshield
2010-12-05 13:44:10 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\Malwarebytes
2010-12-05 13:44:04 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-05 13:44:02 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-05 13:43:59 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-05 13:43:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-04 08:26:03 -------- d-----w- C:\Program Files (x86)\Reality Pump
2010-12-04 08:24:04 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2010-12-04 08:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-12-04 07:01:57 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\Childish Things
2010-12-04 07:01:08 126976 ----a-w- C:\Windows\lcmmfu.cpl
2010-12-04 07:01:07 681 --sha-w- C:\Windows\SysWow64\mmf.sys
2010-12-04 07:01:04 48640 ----a-w- C:\Windows\mmfs.dll
2010-12-04 07:01:04 2560 ----a-w- C:\Windows\Runservice.exe
2010-12-04 06:59:34 348160 ----a-w- C:\Windows\msvcr71.dll
2010-12-04 06:59:20 -------- d-----w- C:\Program Files (x86)\Childish Things
2010-12-02 20:23:10 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2010-12-02 08:41:29 -------- d-----w- C:\Program Files\iPod
2010-12-02 08:41:28 -------- d-----w- C:\Program Files\iTunes
2010-12-02 08:41:28 -------- d-----w- C:\Program Files (x86)\iTunes
2010-12-02 03:53:16 -------- d-----w- C:\Program Files (x86)\EA GAMES
2010-12-01 05:06:16 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-11-29 20:31:27 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2010-11-25 06:53:37 -------- d-----w- C:\Users\OMARAL~1\AppData\Roaming\Mount&Blade Warband
2010-11-25 01:27:42 -------- d-----w- C:\Program Files (x86)\Click Photobooks
2010-11-23 20:32:34 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 20:32:34 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-19 06:16:44 -------- d-----w- C:\Program Files\PeerBlock
2010-11-15 12:30:28 -------- d-----w- C:\Users\Omar al-Bashir\.thumbnails
2010-11-15 12:22:00 -------- d-----w- C:\Users\Omar al-Bashir\.gimp-2.6
2010-11-15 12:16:20 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2010-11-15 08:06:52 -------- d-----w- C:\Program Files (x86)\Real Alternative
2010-11-14 16:00:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-11-13 23:41:59 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-13 12:00:54 -------- d-----w- C:\Users\Omar al-Bashir\Tracing
2010-11-13 11:56:14 -------- d-----w- C:\Windows\en
2010-11-13 11:55:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-13 11:53:44 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-11-13 11:52:26 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-11-13 11:52:17 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-11-13 11:50:04 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2010-11-13 11:50:04 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2010-11-13 11:50:03 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2010-11-13 11:50:03 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2010-11-13 11:49:21 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-13 11:49:21 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-13 11:49:20 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-13 11:49:20 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-13 11:49:20 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-13 11:49:19 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cbd69e031cb832807\InstallManager_WLE_WLE.exe
2010-11-13 11:49:19 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-13 11:49:19 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-13 11:49:04 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c542b6ab1cb832806\MeshBetaRemover.exe
2010-11-13 11:49:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c21cb2bd1cb832805\DXSETUP.exe
2010-11-13 11:48:59 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c21cb2bd1cb832805\DSETUP.dll
2010-11-13 11:48:59 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c21cb2bd1cb832805\dsetup32.dll
2010-11-13 11:48:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc0fb09f1cb832804\DSETUP.dll
2010-11-13 11:48:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc0fb09f1cb832804\DXSETUP.exe
2010-11-13 11:48:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc0fb09f1cb832804\dsetup32.dll
2010-11-13 11:48:47 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b863d8ec1cb832803\Silverlight.4.0.exe
2010-11-13 11:48:10 -------- d-----w- C:\Users\OMARAL~1\AppData\Local\Windows Live
2010-11-13 11:48:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

==================== Find3M ====================

2010-11-22 21:53:41 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-18 23:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-18 20:25:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-18 08:57:02 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2010-10-18 08:57:02 14848 ----a-w- C:\Windows\System32\slwga.dll
2010-10-18 08:57:02 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-10-16 02:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 02:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 02:13:34 61032 ----a-w- C:\Windows\System32\nvshext.dll
2010-10-16 02:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 02:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-01 23:50:12 90112 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2010-09-28 04:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 04:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-22 13:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 13:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 03:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 03:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

============= FINISH: 14:19:12.34 ===============

MSVCRT
MSVCRT_amd64
NVIDIA PhysX
PowerISO
QuickTime
Real Alternative 2.0.2
Reducethelag
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SPORE™
SPORE™ Galactic Adventures
Street-Ads Browser Enhancer
The Battle for Middle-earth (tm)
The Battle for Middle-earth (tm) II
The Lord of the Rings Online™ v03.02.03.8013
The Lord of the Rings, The Rise of the Witch-king
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Late Night
The Sims™ 3 World Adventures
TVersity Codec Pack 1.4
TVersity Media Server 1.9.2
Two Worlds II
uTorrentBar Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Worms Reloaded with update 6

==== Event Viewer Messages From Past Week ========

9/12/2010 9:49:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/12/2010 9:47:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab87e7, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-90964-01.
9/12/2010 9:37:35 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/12/2010 4:09:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a60d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-28906-01.
9/12/2010 10:07:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/12/2010 10:07:49 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/12/2010 10:07:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/12/2010 10:05:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a62d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120910-101759-01.
8/12/2010 4:27:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/12/2010 4:27:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/12/2010 4:27:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dc272a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120810-88670-01.
8/12/2010 4:27:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
8/12/2010 4:14:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a68d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120810-90308-01.
8/12/2010 12:09:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/12/2010 12:06:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
8/12/2010 12:05:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00001f80010100cc, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa12b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120810-19266-01.
8/12/2010 11:19:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
8/12/2010 11:19:59 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 11:19:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/12/2010 5:59:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000090, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ad2995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-29842-01.
7/12/2010 5:35:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa0d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-20514-01.
7/12/2010 5:31:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002adb448, 0xfffff880038f4820, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-25880-01.
7/12/2010 4:55:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002acb0ad, 0xfffff8800472dd40, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-23977-01.
7/12/2010 4:06:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa0436). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-31808-01.
7/12/2010 3:36:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff88007ac7750, 0x0000000000000002, 0x0000000000000000, 0xfffff88000dd0c50). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-33119-01.
7/12/2010 2:54:00 PM, Error: Service Control Manager [7030] - The ReduceTheLag-v3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/12/2010 2:50:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2010 2:49:48 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2010 11:25:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a57d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120710-31418-01.
6/12/2010 12:36:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002aa35a1, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-28657-01.
6/12/2010 12:33:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002af6448, 0xfffff88008c15a20, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-25880-01.
6/12/2010 12:22:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f7 (0x00002b99041d1620, 0x00002b992ddfa232, 0xffffd466d2205dcd, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120610-26504-01.
13/12/2010 9:47:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SCDEmu spldr Wanarpv6
13/12/2010 9:47:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
13/12/2010 9:47:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001e615a1, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
13/12/2010 9:38:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80001ea4d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-68890-01.
13/12/2010 11:17:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
13/12/2010 11:17:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
13/12/2010 10:48:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
13/12/2010 10:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/12/2010 10:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/12/2010 10:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
13/12/2010 10:48:11 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:48:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6
13/12/2010 10:48:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a98d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-25724-01.
13/12/2010 10:37:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx Wanarpv6 WfpLwf
13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:37:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:37:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a92436). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-20139-01.
13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/12/2010 10:36:57 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/12/2010 10:28:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80001ef02b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121310-90449-01.
13/12/2010 10:20:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
13/12/2010 1:10:00 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{4206c08f-da91-11df-bd7d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7A0BC8F6-EEA7-479B-AE2E-FE2B0414C73E}' was corrupted and it has been recovered. Some data might have been lost.
13/12/2010 1:09:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{4206c08f-da91-11df-bd7d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2A2E3645-52E3-4B8B-8410-F5D1B281DB6F}' was corrupted and it has been recovered. Some data might have been lost.
12/12/2010 4:24:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa8d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121210-29187-01.
12/12/2010 4:19:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002aa0d29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121210-26535-01.
12/12/2010 2:38:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002a4ff5e, 0xfffff88007a26a60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121210-27783-01.
10/12/2010 5:49:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a5cd29). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121010-26208-01.
10/12/2010 4:20:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a9e7e7, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121010-90308-01.

==== End Of File ===========================

 

[Broni]

Good

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[liam499]

MBRCHECK
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000003d5

Kernel Drivers (total 184):
0x02A4B000 \SystemRoot\system32\ntoskrnl.exe
0x02A02000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00C2C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C70000 \SystemRoot\system32\PSHED.dll
0x00C84000 \SystemRoot\system32\CLFS.SYS
0x00CE2000 \SystemRoot\system32\CI.dll
0x00EA6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F59000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E93000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DA2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DB2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E9A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DCC000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0108E000 \SystemRoot\system32\drivers\fltmgr.sys
0x010DA000 \SystemRoot\system32\drivers\fileinfo.sys
0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010EE000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0114C000 \SystemRoot\System32\Drivers\cng.sys
0x013D2000 \SystemRoot\System32\drivers\pcw.sys
0x013E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01499000 \SystemRoot\system32\drivers\ndis.sys
0x0158B000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01475000 \SystemRoot\System32\Drivers\spldr.sys
0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
0x0147D000 \SystemRoot\System32\Drivers\mup.sys
0x0148F000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00C0B000 \SystemRoot\system32\DRIVERS\disk.sys
0x01813000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01879000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018A3000 \SystemRoot\System32\Drivers\Null.SYS
0x018AC000 \SystemRoot\System32\Drivers\Beep.SYS
0x018B3000 \SystemRoot\System32\drivers\vga.sys
0x018C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x018E6000 \SystemRoot\System32\drivers\watchdog.sys
0x018F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x018FF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01908000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01911000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0191C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0192D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0194B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01958000 \SystemRoot\system32\drivers\afd.sys
0x02C15000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C5A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02C63000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C89000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C98000 \SystemRoot\system32\DRIVERS\serial.sys
0x02CB5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02CD0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02CE4000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x02CFE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02D08000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02D12000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D63000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02D7A000 \SystemRoot\System32\drivers\discache.sys
0x02D89000 \SystemRoot\System32\Drivers\dfsc.sys
0x02DA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02DB8000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x019E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0481B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053F5000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CDA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C46000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03C52000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03C5F000 \SystemRoot\system32\DRIVERS\parport.sys
0x03C7C000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x03C84000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03CA2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03CB1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03CC0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03CCD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0407C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x040D2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x040E3000 \SystemRoot\system32\DRIVERS\SiSG664.sys
0x040F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0411A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0412A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04140000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04164000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04170000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0419F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041BA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041DB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x041F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04000000 \SystemRoot\system32\DRIVERS\ks.sys
0x04043000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04055000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x03EB8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03F12000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03F27000 \SystemRoot\system32\drivers\HdAudio.sys
0x03F83000 \SystemRoot\system32\drivers\portcls.sys
0x03FC0000 \SystemRoot\system32\drivers\drmk.sys
0x03FE2000 \SystemRoot\system32\drivers\ksthunk.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x03FE8000 \SystemRoot\System32\drivers\Dxapi.sys
0x03E00000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x03E1D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03E2B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03E37000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x03E40000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03E53000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03E6E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E70000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x03E7E000 \SystemRoot\system32\drivers\luafv.sys
0x03DCE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x01843000 \SystemRoot\system32\drivers\WudfPf.sys
0x03EA1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04060000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03478000 \SystemRoot\system32\drivers\HTTP.sys
0x03540000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0355E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03576000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x035A3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04695000 \SystemRoot\system32\drivers\peauth.sys
0x0473B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04746000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04773000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04785000 \SystemRoot\system32\drivers\spsys.sys
0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x056EF000 \SystemRoot\System32\DRIVERS\srv.sys
0x05785000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x057B6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77310000 \Windows\System32\ntdll.dll
0x47830000 \Windows\System32\smss.exe
0xFF630000 \Windows\System32\apisetschema.dll
0xFFFF0000 \Windows\System32\autochk.exe
0xFF510000 \Windows\System32\msctf.dll
0xFF4E0000 \Windows\System32\imm32.dll
0xFF4C0000 \Windows\System32\sechost.dll
0xFF4A0000 \Windows\System32\imagehlp.dll
0x77210000 \Windows\System32\user32.dll
0xFF420000 \Windows\System32\shlwapi.dll
0xFF1C0000 \Windows\System32\iertutil.dll
0x770F0000 \Windows\System32\kernel32.dll
0xFEFE0000 \Windows\System32\setupapi.dll
0xFEEB0000 \Windows\System32\rpcrt4.dll
0xFEE10000 \Windows\System32\clbcatq.dll
0xFED70000 \Windows\System32\msvcrt.dll
0xFED20000 \Windows\System32\ws2_32.dll
0xFDF90000 \Windows\System32\shell32.dll
0xFDF10000 \Windows\System32\difxapi.dll
0xFDE70000 \Windows\System32\comdlg32.dll
0xFDD40000 \Windows\System32\wininet.dll
0x774E0000 \Windows\System32\normaliz.dll
0xFDCF0000 \Windows\System32\Wldap32.dll
0xFDB70000 \Windows\System32\urlmon.dll
0x774D0000 \Windows\System32\psapi.dll
0xFDA90000 \Windows\System32\oleaut32.dll
0xFD880000 \Windows\System32\ole32.dll
0xFD7A0000 \Windows\System32\advapi32.dll
0xFD6D0000 \Windows\System32\usp10.dll
0xFD6C0000 \Windows\System32\lpk.dll
0xFD6B0000 \Windows\System32\nsi.dll
0xFD640000 \Windows\System32\gdi32.dll
0xFD4D0000 \Windows\System32\crypt32.dll
0xFD490000 \Windows\System32\cfgmgr32.dll
0xFD420000 \Windows\System32\KernelBase.dll
0xFD380000 \Windows\System32\comctl32.dll
0xFD360000 \Windows\System32\devobj.dll
0xFD320000 \Windows\System32\wintrust.dll
0xFD310000 \Windows\System32\msasn1.dll
0x75440000 \Windows\SysWOW64\normaliz.dll

Processes (total 65):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
452 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
576 C:\Windows\System32\winlogon.exe
616 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
748

ComboFix

ComboFix 10-12-11.06 - Omar al-Bashir 13/12/2010 14:36:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2047.1157 [GMT 11:00]
Running from: c:\users\Omar al-Bashir\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\PowerISO\PWRISOVM.EXE
c:\program files (x86)\QuickTime\QTTask.exe
c:\programdata\GQIhgV73.exe
c:\programdata\GQIhgV73.exe_
c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe . . . . Failed to delete

 <pre>
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe ---^> c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM .exe ---^> c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe ---^> c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched .exe ---^> c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
</pre>

.
.
((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-12 23:45 . 2010-12-12 23:45 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\SUPERAntiSpyware.com
2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\!SASCORE
2010-12-12 23:08 . 2010-12-12 23:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-12 22:36 . 2010-12-13 03:55 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Temp
2010-12-12 01:03 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54BC2105-53B8-4E80-9D45-7B9C4E5E6147}\mpengine.dll
2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\Conduit
2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\uTorrentBar
2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- C:\extensions
2010-12-09 01:04 . 2010-12-09 01:04 -------- d-----w- c:\program files (x86)\MegaDev
2010-12-08 05:45 . 2010-12-12 22:20 -------- d-----w- c:\users\Admin
2010-12-07 11:23 . 2010-12-07 11:23 -------- d-----w- c:\windows\SysWow64\URTTEMP
2010-12-07 10:48 . 2010-12-07 10:48 -------- d-----w- c:\program files (x86)\Turbine
2010-12-07 05:49 . 2010-12-13 03:44 -------- d-----w- c:\programdata\NVIDIA
2010-12-07 05:48 . 2010-12-07 05:48 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-12-07 05:46 . 2010-12-07 05:46 -------- d-----w- C:\NVIDIA
2010-12-07 04:04 . 2010-12-07 04:04 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Apps
2010-12-07 04:04 . 2010-12-13 03:05 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Deployment
2010-12-07 03:56 . 2010-12-07 04:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-12-07 03:53 . 2010-12-07 03:54 -------- d-----w- c:\program files (x86)\ReducetheLag
2010-12-05 23:00 . 2010-12-05 23:00 -------- d-----w- c:\programdata\EA Core
2010-12-05 19:02 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-12-05 14:11 . 2010-12-05 14:11 -------- d-----w- c:\programdata\Solidshield
2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Malwarebytes
2010-12-05 13:44 . 2010-11-29 06:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\programdata\Malwarebytes
2010-12-05 13:43 . 2010-12-12 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-05 13:43 . 2010-11-29 06:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 08:26 . 2010-12-04 08:26 -------- d-----w- c:\program files (x86)\Reality Pump
2010-12-04 08:24 . 2010-12-07 05:49 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-12-04 08:23 . 2010-12-04 08:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2010-12-04 07:01 . 2010-12-04 07:01 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Childish Things
2010-12-04 07:01 . 2010-12-04 07:01 126976 ----a-w- c:\windows\lcmmfu.cpl
2010-12-04 07:01 . 2010-12-08 05:21 681 --sha-w- c:\windows\SysWow64\mmf.sys
2010-12-04 07:01 . 2010-12-04 07:01 48640 ----a-w- c:\windows\mmfs.dll
2010-12-04 07:01 . 2010-12-04 07:01 2560 ----a-w- c:\windows\Runservice.exe
2010-12-04 06:59 . 2008-03-04 09:38 348160 ----a-w- c:\windows\msvcr71.dll
2010-12-04 06:59 . 2010-12-04 06:59 -------- d-----w- c:\program files (x86)\Childish Things
2010-12-02 20:23 . 2010-12-07 09:00 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iPod
2010-12-02 08:41 . 2010-12-13 03:41 -------- d-----w- c:\program files (x86)\iTunes
2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iTunes
2010-12-02 08:38 . 2010-12-02 08:38 -------- d-----w- c:\program files (x86)\Safari
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\program files (x86)\EA GAMES
2010-12-01 05:06 . 2010-12-01 10:13 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2010-11-29 20:31 . 2010-12-02 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2010-11-25 06:53 . 2010-11-25 06:53 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Mount&Blade Warband
2010-11-25 01:27 . 2010-11-25 01:27 -------- d-----w- c:\program files (x86)\Click Photobooks
2010-11-23 20:32 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 20:32 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-19 06:16 . 2010-12-07 03:57 -------- d-----w- c:\program files\PeerBlock
2010-11-15 12:30 . 2010-12-07 12:43 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\gtk-2.0
2010-11-15 12:30 . 2010-11-15 12:30 -------- d-----w- c:\users\Omar al-Bashir\.thumbnails
2010-11-15 12:22 . 2010-12-07 16:21 -------- d-----w- c:\users\Omar al-Bashir\.gimp-2.6
2010-11-15 12:16 . 2010-11-15 12:16 -------- d-----w- c:\program files (x86)\GIMP-2.0
2010-11-15 08:06 . 2010-11-15 08:06 -------- d-----w- c:\program files (x86)\Real Alternative
2010-11-14 16:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-13 23:41 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-11-13 12:00 . 2010-12-13 03:55 -------- d-----w- c:\users\Omar al-Bashir\Tracing
2010-11-13 11:56 . 2010-11-13 11:56 -------- d-----w- c:\windows\en
2010-11-13 11:55 . 2010-11-13 11:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-11-13 11:53 . 2010-11-13 11:56 -------- d-----w- c:\program files (x86)\Windows Live
2010-11-13 11:53 . 2010-09-22 13:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-11-13 11:52 . 2010-11-13 11:53 -------- d-----w- c:\program files\Windows Live
2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\MSN Toolbar
2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2010-11-13 11:50 . 2010-11-13 23:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-11-13 11:50 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-13 11:50 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-11-13 11:50 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-13 11:50 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-11-13 11:49 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-13 11:49 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2010-11-13 11:49 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-11-13 11:49 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-11-13 11:49 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-11-13 11:49 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-11-13 11:49 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2010-11-13 11:48 . 2010-12-13 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Windows Live
2010-11-13 11:48 . 2010-11-13 11:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 21:53 . 2010-10-18 09:28 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-18 23:41 . 2010-10-18 09:13 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 20:25 . 2010-10-18 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-18 08:57 . 2010-10-18 08:57 419840 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-18 08:57 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll
2010-10-18 08:57 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2010-10-16 18:55 . 2009-07-13 21:59 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
2010-10-16 18:55 . 2009-07-13 21:59 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2009-06-10 20:37 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-16 02:13 . 2010-10-16 02:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 02:13 . 2010-10-16 02:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 02:13 . 2010-10-16 02:13 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 02:13 . 2010-10-16 02:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 02:13 . 2010-10-16 02:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-01 23:50 . 2010-10-18 08:41 90112 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2010-09-28 04:44 . 2010-09-28 04:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 04:44 . 2010-09-28 04:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 03:49 . 2010-09-21 03:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
.

<pre>
c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
c:\program files (x86)\PowerISO\PWRISOVM .exe
c:\program files (x86)\QuickTime\QTTask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"EA Core"="d:\games\FIFA 11\EADM\Core.exe" [N/A]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2988784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [N/A]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [N/A]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 42500]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wxumimelumor"="c:\windows\system32\config\systemprofile\AppData\Local\necsev.dll" [N/A]

c:\users\Omar al-Bashir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-7 0]
GameRanger.lnk - c:\users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-9-30 1248992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 51456888]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-01 90112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 19544]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-12-04 2560]
R4 ReduceTheLag-v3;ReduceTheLag-v3;c:\program files (x86)\ReducetheLag\reducethelag_v3_service.exe [2010-12-06 174080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-$NtUninstallMTF197$ - c:\windows\$NtUninstallMTF197$\apUninstall.exe
AddRemove-Fallout New Vegas_is1 - d:\games\Fallout New Vegas\unins000.exe
AddRemove-Worms Reloaded_is1 - d:\games\Worms Reloaded\unins000.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files (x86)\Electronic Arts\The Lord of the Rings


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
"1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f9,
10,0a,f2,16,5c,a8,1c,4f,a3
"2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1d,
04,36,ee,2f,8d,a7,5c,96,01
"3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,bb,
5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
"1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
"2"=hex:5c,c7,46,22,af,0f,12,bb
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
cb,1c,f8,37,0e,ea,aa,49,b6,53,77,3f,7e,31,6c,61,29,60,86,bb,06,4b,cb,4a,be,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
.
**************************************************************************
.
Completion time: 2010-12-13 15:00:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-13 04:00

Pre-Run: 53,181,263,872 bytes free
Post-Run: 52,872,437,760 bytes free

- - End Of File - - A06D2422B929454E0D1BA0DDE1AD6EBB

 

[Broni]

MBRCheck log is incomplete.
Please, redo.

 

[liam499]

sorry about that

MBRCHECK

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000003d5

Kernel Drivers (total 185):
0x02A53000 \SystemRoot\system32\ntoskrnl.exe
0x02A0A000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00CF2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D36000 \SystemRoot\system32\PSHED.dll
0x00D4A000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E3E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F48000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F51000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F8E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F9B000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010B5000 \SystemRoot\System32\drivers\volmgrx.sys
0x01111000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01118000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01128000 \SystemRoot\System32\drivers\mountmgr.sys
0x01142000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0114B000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01175000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01180000 \SystemRoot\system32\drivers\fltmgr.sys
0x011CC000 \SystemRoot\system32\drivers\fileinfo.sys
0x0124F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0147B000 \SystemRoot\System32\Drivers\cng.sys
0x014EE000 \SystemRoot\System32\drivers\pcw.sys
0x014FF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01509000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x0121A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x0105E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00DA8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01460000 \SystemRoot\System32\Drivers\spldr.sys
0x00FC5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01468000 \SystemRoot\System32\Drivers\mup.sys
0x01245000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00E00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x011E0000 \SystemRoot\system32\DRIVERS\disk.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A41000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02A6B000 \SystemRoot\System32\Drivers\Null.SYS
0x02A74000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A7B000 \SystemRoot\System32\drivers\vga.sys
0x02A89000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02AAE000 \SystemRoot\System32\drivers\watchdog.sys
0x02ABE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02AC7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02AD0000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02AD9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02AE4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02AF5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02B13000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02B20000 \SystemRoot\system32\drivers\afd.sys
0x02BAA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02BEF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03CD6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03CE5000 \SystemRoot\system32\DRIVERS\serial.sys
0x03D02000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D1D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D31000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03D4B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03D55000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03D5F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DB0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DBC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03DC7000 \SystemRoot\System32\drivers\discache.sys
0x03DD6000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C11000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03C33000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C59000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04603000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x051DD000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03A6D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03B61000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03BA7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03BB3000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03BC0000 \SystemRoot\system32\DRIVERS\parport.sys
0x03BDD000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x03A00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03A1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03A2D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03A3C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03A49000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03A54000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03BE5000 \SystemRoot\system32\DRIVERS\SiSG664.sys
0x03E1A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E3E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E4E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E64000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E88000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E94000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03EC3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03EDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03EFF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03F19000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03F1B000 \SystemRoot\system32\DRIVERS\ks.sys
0x03F5E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03F70000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x03F7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03FD5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x042C7000 \SystemRoot\system32\drivers\HdAudio.sys
0x04323000 \SystemRoot\system32\drivers\portcls.sys
0x04360000 \SystemRoot\system32\drivers\drmk.sys
0x04382000 \SystemRoot\system32\drivers\ksthunk.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x04388000 \SystemRoot\System32\drivers\Dxapi.sys
0x04394000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x043B1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x043BF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x043CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x043D4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0421B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0421D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x0422B000 \SystemRoot\system32\drivers\luafv.sys
0x0424E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0426B000 \SystemRoot\system32\drivers\WudfPf.sys
0x0428C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x042A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03600000 \SystemRoot\system32\drivers\HTTP.sys
0x036C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x036E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x036FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0372B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03779000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x054F7000 \SystemRoot\system32\drivers\peauth.sys
0x0559D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x055A8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x055D5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05400000 \SystemRoot\system32\drivers\spsys.sys
0x05471000 \SystemRoot\System32\DRIVERS\srv2.sys
0x058C1000 \SystemRoot\System32\DRIVERS\srv.sys
0x05957000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05988000 \SystemRoot\System32\Drivers\fastfat.SYS
0x059BE000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x773B0000 \Windows\System32\ntdll.dll
0x48240000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF6B0000 \Windows\System32\autochk.exe
0xFF5B0000 \Windows\System32\msctf.dll
0xFF4D0000 \Windows\System32\oleaut32.dll
0xFF400000 \Windows\System32\usp10.dll
0xFF220000 \Windows\System32\setupapi.dll
0xFF1A0000 \Windows\System32\shlwapi.dll
0x77580000 \Windows\System32\normaliz.dll
0x77290000 \Windows\System32\kernel32.dll
0xFF070000 \Windows\System32\rpcrt4.dll
0xFF020000 \Windows\System32\ws2_32.dll
0xFEF80000 \Windows\System32\clbcatq.dll
0xFEF50000 \Windows\System32\imm32.dll
0xFEDD0000 \Windows\System32\urlmon.dll
0xFEDC0000 \Windows\System32\lpk.dll
0xFEDA0000 \Windows\System32\imagehlp.dll
0xFECC0000 \Windows\System32\advapi32.dll
0xFECA0000 \Windows\System32\sechost.dll
0xFEC90000 \Windows\System32\nsi.dll
0xFEB60000 \Windows\System32\wininet.dll
0xFEAF0000 \Windows\System32\gdi32.dll
0xFEA50000 \Windows\System32\comdlg32.dll
0x77570000 \Windows\System32\psapi.dll
0xFE7F0000 \Windows\System32\iertutil.dll
0xFE7A0000 \Windows\System32\Wldap32.dll
0xFE720000 \Windows\System32\difxapi.dll
0xFD990000 \Windows\System32\shell32.dll
0xFD8F0000 \Windows\System32\msvcrt.dll
0xFD6E0000 \Windows\System32\ole32.dll
0x77190000 \Windows\System32\user32.dll
0xFD6C0000 \Windows\System32\devobj.dll
0xFD620000 \Windows\System32\comctl32.dll
0xFD5B0000 \Windows\System32\KernelBase.dll
0xFD440000 \Windows\System32\crypt32.dll
0xFD400000 \Windows\System32\wintrust.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD3B0000 \Windows\System32\msasn1.dll
0x75560000 \Windows\SysWOW64\normaliz.dll

Processes (total 56):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
452 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
560 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\nvvsvc.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1204 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1216 C:\Windows\System32\nvvsvc.exe
1268 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\spoolsv.exe
1472 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1496 C:\Windows\System32\svchost.exe
1620 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1688 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\sppsvc.exe
1820 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1832 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1884 C:\Windows\System32\conhost.exe
2436 C:\Windows\System32\svchost.exe
2508 WUDFHost.exe
2948 C:\Windows\System32\svchost.exe
3020 C:\Program Files\Windows Media Player\wmpnetwk.exe
2088 C:\Windows\System32\SearchIndexer.exe
2972 C:\Windows\System32\taskeng.exe
1892 C:\Windows\System32\taskhost.exe
1404 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2816 C:\Windows\System32\dwm.exe
2408 C:\Windows\explorer.exe
2800 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2344 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1112 C:\Users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
3656 C:\Windows\System32\svchost.exe
3768 dllhost.exe
3984 C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
3920 C:\Windows\servicing\TrustedInstaller.exe
3316 C:\Windows\System32\audiodg.exe
3312 C:\Windows\System32\SearchProtocolHost.exe
1148 C:\Windows\System32\SearchFilterHost.exe
3900 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1768 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4416 C:\Users\Omar al-Bashir\Desktop\MBRCheck.exe
4428 C:\Windows\System32\conhost.exe
4444 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-00YFA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

[Broni]

That looks good

We have some more serious stuff in Combofix log though....

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RenV::
c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
c:\program files (x86)\PowerISO\PWRISOVM .exe
c:\program files (x86)\QuickTime\QTTask .exe

File::
c:\windows\system32\config\systemprofile\AppData\Local\necsev.dll

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wxumimelumor"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[liam499]

ComboFix 10-12-12.02 - Omar al-Bashir 13/12/2010 17:27:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2047.1370 [GMT 11:00]
Running from: c:\users\Omar al-Bashir\Desktop\ComboFix.exe
Command switches used :: c:\users\Omar al-Bashir\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\config\systemprofile\AppData\Local\necsev.dll"
.

((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-13 06:32 . 2010-12-13 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 23:45 . 2010-12-12 23:45 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\SUPERAntiSpyware.com
2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-12 23:08 . 2010-12-12 23:08 -------- d-----w- c:\programdata\!SASCORE
2010-12-12 23:08 . 2010-12-12 23:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-12 22:36 . 2010-12-13 06:36 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Temp
2010-12-12 01:03 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54BC2105-53B8-4E80-9D45-7B9C4E5E6147}\mpengine.dll
2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\Conduit
2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- c:\program files (x86)\uTorrentBar
2010-12-09 05:33 . 2010-12-09 05:33 -------- d-----w- C:\extensions
2010-12-09 01:04 . 2010-12-09 01:04 -------- d-----w- c:\program files (x86)\MegaDev
2010-12-08 05:45 . 2010-12-12 22:20 -------- d-----w- c:\users\Admin
2010-12-07 11:23 . 2010-12-07 11:23 -------- d-----w- c:\windows\SysWow64\URTTEMP
2010-12-07 10:48 . 2010-12-07 10:48 -------- d-----w- c:\program files (x86)\Turbine
2010-12-07 05:49 . 2010-12-13 06:34 -------- d-----w- c:\programdata\NVIDIA
2010-12-07 05:48 . 2010-12-07 05:48 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-12-07 05:46 . 2010-12-07 05:46 -------- d-----w- C:\NVIDIA
2010-12-07 04:04 . 2010-12-07 04:04 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Apps
2010-12-07 04:04 . 2010-12-13 03:05 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Deployment
2010-12-07 03:56 . 2010-12-07 04:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-12-07 03:53 . 2010-12-07 03:54 -------- d-----w- c:\program files (x86)\ReducetheLag
2010-12-05 23:00 . 2010-12-05 23:00 -------- d-----w- c:\programdata\EA Core
2010-12-05 19:02 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-12-05 14:11 . 2010-12-05 14:11 -------- d-----w- c:\programdata\Solidshield
2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Malwarebytes
2010-12-05 13:44 . 2010-11-29 06:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-05 13:44 . 2010-12-05 13:44 -------- d-----w- c:\programdata\Malwarebytes
2010-12-05 13:43 . 2010-12-12 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-05 13:43 . 2010-11-29 06:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 08:26 . 2010-12-04 08:26 -------- d-----w- c:\program files (x86)\Reality Pump
2010-12-04 08:24 . 2010-12-07 05:49 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-12-04 08:23 . 2010-12-04 08:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2010-12-04 07:01 . 2010-12-04 07:01 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Childish Things
2010-12-04 07:01 . 2010-12-04 07:01 126976 ----a-w- c:\windows\lcmmfu.cpl
2010-12-04 07:01 . 2010-12-08 05:21 681 --sha-w- c:\windows\SysWow64\mmf.sys
2010-12-04 07:01 . 2010-12-04 07:01 48640 ----a-w- c:\windows\mmfs.dll
2010-12-04 07:01 . 2010-12-04 07:01 2560 ----a-w- c:\windows\Runservice.exe
2010-12-04 06:59 . 2008-03-04 09:38 348160 ----a-w- c:\windows\msvcr71.dll
2010-12-04 06:59 . 2010-12-04 06:59 -------- d-----w- c:\program files (x86)\Childish Things
2010-12-02 20:23 . 2010-12-07 09:00 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iPod
2010-12-02 08:41 . 2010-12-13 06:26 -------- d-----w- c:\program files (x86)\iTunes
2010-12-02 08:41 . 2010-12-02 08:41 -------- d-----w- c:\program files\iTunes
2010-12-02 08:38 . 2010-12-02 08:38 -------- d-----w- c:\program files (x86)\Safari
2010-12-02 03:53 . 2010-12-02 03:53 -------- d-----w- c:\program files (x86)\EA GAMES
2010-12-01 05:06 . 2010-12-01 10:13 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2010-11-29 20:31 . 2010-12-02 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2010-11-25 06:53 . 2010-11-25 06:53 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\Mount&Blade Warband
2010-11-25 01:27 . 2010-11-25 01:27 -------- d-----w- c:\program files (x86)\Click Photobooks
2010-11-23 20:32 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 20:32 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-19 06:16 . 2010-12-07 03:57 -------- d-----w- c:\program files\PeerBlock
2010-11-15 12:30 . 2010-12-07 12:43 -------- d-----w- c:\users\Omar al-Bashir\AppData\Roaming\gtk-2.0
2010-11-15 12:30 . 2010-11-15 12:30 -------- d-----w- c:\users\Omar al-Bashir\.thumbnails
2010-11-15 12:22 . 2010-12-07 16:21 -------- d-----w- c:\users\Omar al-Bashir\.gimp-2.6
2010-11-15 12:16 . 2010-11-15 12:16 -------- d-----w- c:\program files (x86)\GIMP-2.0
2010-11-15 08:06 . 2010-11-15 08:06 -------- d-----w- c:\program files (x86)\Real Alternative
2010-11-14 16:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-13 23:41 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-11-13 12:00 . 2010-12-13 06:36 -------- d-----w- c:\users\Omar al-Bashir\Tracing
2010-11-13 11:56 . 2010-11-13 11:56 -------- d-----w- c:\windows\en
2010-11-13 11:55 . 2010-11-13 11:55 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-11-13 11:53 . 2010-11-13 11:56 -------- d-----w- c:\program files (x86)\Windows Live
2010-11-13 11:53 . 2010-09-22 13:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-11-13 11:52 . 2010-11-13 11:53 -------- d-----w- c:\program files\Windows Live
2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\MSN Toolbar
2010-11-13 11:52 . 2010-11-13 11:52 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2010-11-13 11:50 . 2010-11-13 23:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-11-13 11:50 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-13 11:50 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-11-13 11:50 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-13 11:50 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-11-13 11:49 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-13 11:49 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2010-11-13 11:49 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-11-13 11:49 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-11-13 11:49 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-11-13 11:49 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-11-13 11:49 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2010-11-13 11:48 . 2010-12-13 00:24 -------- d-----w- c:\users\Omar al-Bashir\AppData\Local\Windows Live
2010-11-13 11:48 . 2010-11-13 11:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 21:53 . 2010-10-18 09:28 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-18 23:41 . 2010-10-18 09:13 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 20:25 . 2010-10-18 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-10-18 08:57 . 2010-10-18 08:57 419840 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-18 08:57 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll
2010-10-18 08:57 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2010-10-16 18:55 . 2009-07-13 21:59 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
2010-10-16 18:55 . 2009-07-13 21:59 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2009-06-10 20:37 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-16 02:13 . 2010-10-16 02:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 02:13 . 2010-10-16 02:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 02:13 . 2010-10-16 02:13 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 02:13 . 2010-10-16 02:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 02:13 . 2010-10-16 02:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-01 23:50 . 2010-10-18 08:41 90112 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2010-09-28 04:44 . 2010-09-28 04:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 04:44 . 2010-09-28 04:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 03:49 . 2010-09-21 03:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
.

<pre>
c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-12-13_03.55.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-18 09:58 . 2010-12-13 06:37 30116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-13 06:36 34132 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-18 08:40 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-18 08:40 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 08:40 . 2010-12-13 06:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-18 08:40 . 2010-12-13 03:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-18 08:40 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-18 08:40 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-18 09:41 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 09:41 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 09:41 . 2010-12-13 06:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-18 09:41 . 2010-12-13 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-18 08:57 . 2010-12-13 06:36 8698 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3003097052-818712326-2118001154-1001_UserData.bin
- 2010-12-13 03:44 . 2010-12-13 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-13 06:34 . 2010-12-13 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-13 06:34 . 2010-12-13 06:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-13 03:44 . 2010-12-13 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-21 18:47 . 2010-12-13 06:21 244306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2010-12-13 06:33 396648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2010-12-13 03:43 396648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-13 12:57 . 2010-12-13 06:33 617858 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3003097052-818712326-2118001154-1001-12288.dat
- 2010-11-13 12:57 . 2010-12-13 03:43 617858 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3003097052-818712326-2118001154-1001-12288.dat
- 2009-07-14 02:34 . 2010-12-13 02:20 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-13 04:52 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 04:26 3908192 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"EA Core"="d:\games\FIFA 11\EADM\Core.exe" [N/A]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2988784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 42500]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

c:\users\Omar al-Bashir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-7 0]
GameRanger.lnk - c:\users\Omar al-Bashir\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-9-30 1248992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 51456888]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-01 90112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 19544]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-12-04 2560]
R4 ReduceTheLag-v3;ReduceTheLag-v3;c:\program files (x86)\ReducetheLag\reducethelag_v3_service.exe [2010-12-06 174080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:26]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
"1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f9,
10,0a,f2,16,5c,a8,1c,4f,a3
"2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1d,
04,36,ee,2f,8d,a7,5c,96,01
"3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,bb,
5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
"1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
"2"=hex:5c,c7,46,22,af,0f,12,bb
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
cb,1c,f8,37,0e,ea,aa,49,b6,53,77,3f,7e,31,6c,61,29,60,86,bb,06,4b,cb,4a,be,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2010-12-13 17:40:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-13 06:40
ComboFix2.txt 2010-12-13 04:00

Pre-Run: 52,919,193,600 bytes free
Post-Run: 52,654,379,008 bytes free

- - End Of File - - 7849C1E67E5F021AA67CDB3B6C450921

 

[Broni]

One "baddie" left...

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RenV::
c:\program files (x86)\Avira\AntiVir Desktop\avgnt .exe

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt