Inactive Redirected when Browsing on net

Status
Not open for further replies.
J

JJ1

Posts: 16   +0
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4993

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/29/2010 5:50:48 PM
mbam-log-2010-10-29 (17-50-48).txt

Scan type: Quick scan
Objects scanned: 138728
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-29 17:44:39
Windows 6.1.7600
Running: 5s08s842.exe; Driver: C:\Users\GARYBU~1\AppData\Local\Temp\awliypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A89599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9123A000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] ntdll.dll!LdrLoadDll 7772F625 5 Bytes JMP 002B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3676] USER32.dll!TrackPopupMenu 75BB4B3B 5 Bytes JMP 6C105CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 91F 7638B9EC 4 Bytes [89, 92, 4A, 6A]
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 927 7638B9F4 4 Bytes [A4, 91, 4A, 6A]
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 943 7638BA10 4 Bytes [89, 92, 4A, 6A]
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 94C 7638BA19 3 Bytes [91, 4A, 6A]
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!PathIsExe + 95F 7638BA2C 4 Bytes [0E, 67, 49, 6A]
.text ...
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!SHCreateDirectoryExW + E08 763DDFB0 4 Bytes [89, 92, 4A, 6A]
.text C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] SHELL32.dll!SHCreateDirectoryExW + E10 763DDFB8 8 Bytes [A4, 91, 4A, 6A, 2C, 93, 4A, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe[1860] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe[2556] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe[3952] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe[3972] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 862D9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-4 862D9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 862D9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 862D9AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 862D9AEA
Device \Device\Ide\IdeDeviceP3T0L0-3 -> \??\IDE#DiskST3160023A______________________________8.01____#5&2819fc14&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-10-21.02) - NTFSx86
Run by Gary Buriani at 17:53:54.61 on Fri 10/29/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2196 [GMT -7:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CtHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe
C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\sps.exe
C:\Windows\system32\conhost.exe
C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\smwinvnc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Gary Buriani\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\users\garybu~1\appdata\local\temp\ixp000.tmp\"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\garybu~1\appdata\roaming\mozilla\firefox\profiles\zndw0ill.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: XULRunner: {E1C89B07-1D7F-4846-9B4F-EFCE33EE95A3} - c:\users\gary buriani\appdata\local\{e1c89b07-1d7f-4846-9b4f-efce33ee95a3}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-9 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-9 60936]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-10-30 00:17:24 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0ee410d9-e87c-4a67-8088-e5d73119bf9f}\mpengine.dll
2010-10-26 17:28:31 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 17:28:31 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 17:28:30 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 17:28:30 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 17:28:00 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-20 14:01:08 469256 ----a-w- c:\program files\common files\windows live\.cache\3d8452181cb705f2d\InstallManager_WLE_WLE.exe
2010-10-20 14:00:53 15712 ----a-w- c:\program files\common files\windows live\.cache\351450c71cb705f22\MeshBetaRemover.exe
2010-10-20 14:00:39 94040 ----a-w- c:\program files\common files\windows live\.cache\2cd9b81f1cb705f1a\DSETUP.dll
2010-10-20 14:00:39 525656 ----a-w- c:\program files\common files\windows live\.cache\2cd9b81f1cb705f1a\DXSETUP.exe
2010-10-20 14:00:39 1691480 ----a-w- c:\program files\common files\windows live\.cache\2cd9b81f1cb705f1a\dsetup32.dll
2010-10-20 14:00:38 94040 ----a-w- c:\program files\common files\windows live\.cache\2c0cc82f1cb705f19\DSETUP.dll
2010-10-20 14:00:38 525656 ----a-w- c:\program files\common files\windows live\.cache\2c0cc82f1cb705f19\DXSETUP.exe
2010-10-20 14:00:38 1691480 ----a-w- c:\program files\common files\windows live\.cache\2c0cc82f1cb705f19\dsetup32.dll
2010-10-20 14:00:17 6260088 ----a-w- c:\program files\common files\windows live\.cache\1f01d0bb1cb705f0e\Silverlight.4.0.exe
2010-10-20 13:59:47 -------- d-----w- c:\users\garybu~1\appdata\local\Windows Live
2010-10-20 13:59:22 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-20 13:59:22 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-20 13:59:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-20 01:17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 01:06:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 01:06:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 21:28:30 388096 ----a-r- c:\users\garybu~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-14 04:56:59 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 04:56:59 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 04:56:59 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 04:56:59 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 04:56:59 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 04:56:58 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 04:56:57 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-07 14:24:37 674280 ----a-w- c:\windows\system32\thescarecrow_3264060.scr
2010-10-07 14:22:17 674280 ----a-w- c:\windows\system32\thethanksgivingfeast_3264061.scr
2010-09-30 21:25:16 30376 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18:24 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-30 04:21:51 190976 ----a-w- c:\windows\system32\drivers\ks.sys

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 21:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-05 02:29:16 87608 ----a-w- c:\users\garybu~1\appdata\roaming\inst.exe
2010-09-05 02:29:16 47360 ----a-w- c:\users\garybu~1\appdata\roaming\pcouffin.sys
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-26 21:22:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 17:54:32.45 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2010 1:55:00 AM
System Uptime: 10/29/2010 5:12:07 PM (0 hours ago)

Motherboard: BIOSTAR Group | | A780L
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 105.993 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP53: 10/19/2010 8:26:33 AM - Windows Update
RP54: 10/20/2010 6:59:11 AM - Windows Update
RP55: 10/20/2010 7:33:56 AM - Windows Update
RP56: 10/20/2010 6:22:16 PM - Windows Update
RP57: 10/22/2010 7:46:46 AM - Windows Update
RP58: 10/26/2010 10:27:58 AM - Windows Update
RP59: 10/27/2010 12:37:06 AM - Windows Update
RP60: 10/28/2010 1:26:21 AM - Windows Update
RP61: 10/29/2010 5:16:35 PM - Windows Update

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
AnyDVD
Avira AntiVir Personal - Free Antivirus
CCleaner
CloneDVD2
Collectorz.com Movie Collector
ConvertXtoDVD 4.0.3.312
D3DX10
DVD Shrink 3.2
HiJackThis
HijackThis 2.0.0
ImgBurn
Java(TM) 6 Update 15
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSVCRT
OGA Notifier 2.0.0048.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SUPERAntiSpyware
thescarecrow_3264060 Screen Saver
thethanksgivingfeast_3264061 Screen Saver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Veetle TV 0.9.18
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver

==== Event Viewer Messages From Past Week ========

10/29/2010 9:52:05 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 6 time(s).
10/29/2010 9:32:11 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
10/29/2010 9:32:11 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s).
10/29/2010 8:45:35 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
10/29/2010 8:35:11 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
10/29/2010 8:27:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
10/29/2010 8:25:52 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
10/29/2010 5:12:22 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
10/29/2010 5:12:22 PM, Error: atikmdag [43029] - Display is not active
10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 5:04:29 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 5:01:39 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2010 4:59:14 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:58:07 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2010 4:56:07 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 4:54:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82c52050, 0x8d98752c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102910-17581-01.
10/29/2010 12:58:57 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 96 time(s).
10/29/2010 12:57:23 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 95 time(s).
10/29/2010 12:55:49 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 94 time(s).
10/29/2010 12:54:15 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 93 time(s).
10/29/2010 12:52:30 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 92 time(s).
10/29/2010 12:52:30 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 22 time(s).
10/29/2010 12:51:07 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 91 time(s).
10/29/2010 12:49:33 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 90 time(s).
10/29/2010 12:47:58 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 89 time(s).
10/29/2010 12:46:24 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 88 time(s).
10/29/2010 12:44:38 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 87 time(s).
10/29/2010 12:44:38 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 21 time(s).
10/29/2010 12:43:16 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 86 time(s).
10/29/2010 12:41:42 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 85 time(s).
10/29/2010 12:40:08 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 84 time(s).
10/29/2010 12:38:33 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 83 time(s).
10/29/2010 12:36:48 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 82 time(s).
10/29/2010 12:36:48 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 20 time(s).
10/29/2010 12:35:25 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 81 time(s).
10/29/2010 12:33:51 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 80 time(s).
10/29/2010 12:32:17 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 79 time(s).
10/29/2010 12:30:43 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 78 time(s).
10/29/2010 12:28:56 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 77 time(s).
10/29/2010 12:28:56 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 19 time(s).
10/29/2010 12:27:35 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 76 time(s).
10/29/2010 12:26:00 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 75 time(s).
10/29/2010 12:24:26 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 74 time(s).
10/29/2010 12:22:52 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 73 time(s).
10/29/2010 12:21:06 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 72 time(s).
10/29/2010 12:21:06 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 18 time(s).
10/29/2010 12:19:44 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 71 time(s).
10/29/2010 12:18:10 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 70 time(s).
10/29/2010 12:16:35 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 69 time(s).
10/29/2010 12:15:01 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 68 time(s).
10/29/2010 12:13:16 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 67 time(s).
10/29/2010 12:13:16 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 17 time(s).
10/29/2010 12:11:53 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 66 time(s).
10/29/2010 12:10:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 65 time(s).
10/29/2010 12:08:45 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 64 time(s).
10/29/2010 12:07:11 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 63 time(s).
10/29/2010 12:05:24 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 62 time(s).
10/29/2010 12:05:24 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 16 time(s).
10/29/2010 12:04:02 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 61 time(s).
10/29/2010 12:02:28 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 60 time(s).
10/29/2010 12:00:54 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 59 time(s).
10/29/2010 11:59:20 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 58 time(s).
10/29/2010 11:57:34 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 57 time(s).
10/29/2010 11:57:34 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 15 time(s).
10/29/2010 11:56:12 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 56 time(s).
10/29/2010 11:54:38 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 55 time(s).
10/29/2010 11:53:03 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 54 time(s).
10/29/2010 11:51:29 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 53 time(s).
10/29/2010 11:49:44 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 52 time(s).
10/29/2010 11:49:44 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 14 time(s).
10/29/2010 11:48:21 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 51 time(s).
10/29/2010 11:46:47 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 50 time(s).
10/29/2010 11:45:13 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 49 time(s).
10/29/2010 11:43:39 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 48 time(s).
10/29/2010 11:41:53 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 47 time(s).
10/29/2010 11:41:53 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 13 time(s).
10/29/2010 11:40:30 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 46 time(s).
10/29/2010 11:38:56 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 45 time(s).
10/29/2010 11:37:22 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 44 time(s).
10/29/2010 11:35:48 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 43 time(s).
10/29/2010 11:34:01 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 42 time(s).
10/29/2010 11:34:01 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 12 time(s).
10/29/2010 11:32:40 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 41 time(s).
10/29/2010 11:31:06 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 40 time(s).
10/29/2010 11:29:31 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 39 time(s).
10/29/2010 11:27:57 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 38 time(s).
10/29/2010 11:26:11 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 37 time(s).
10/29/2010 11:26:11 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 11 time(s).
10/29/2010 11:24:49 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 36 time(s).
10/29/2010 11:23:15 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 35 time(s).
10/29/2010 11:21:41 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 34 time(s).
10/29/2010 11:20:06 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 33 time(s).
10/29/2010 11:18:21 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 32 time(s).
10/29/2010 11:18:21 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 10 time(s).
10/29/2010 11:16:58 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 31 time(s).
10/29/2010 11:15:24 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 30 time(s).
10/29/2010 11:13:50 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 29 time(s).
10/29/2010 11:12:16 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 28 time(s).
10/29/2010 11:10:29 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 27 time(s).
10/29/2010 11:10:29 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 9 time(s).
10/29/2010 11:09:08 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 26 time(s).
10/29/2010 11:07:33 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 25 time(s).
10/29/2010 11:05:59 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 24 time(s).
10/29/2010 11:04:25 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 23 time(s).
10/29/2010 11:02:39 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 22 time(s).
10/29/2010 11:02:39 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 8 time(s).
10/29/2010 11:01:17 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 21 time(s).
10/29/2010 10:59:43 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 20 time(s).
10/29/2010 10:58:09 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 19 time(s).
10/29/2010 10:56:34 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 18 time(s).
10/29/2010 10:54:49 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 17 time(s).
10/29/2010 10:54:49 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 7 time(s).
10/29/2010 10:53:26 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 16 time(s).
10/29/2010 10:51:52 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 15 time(s).
10/29/2010 10:50:18 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 14 time(s).
10/29/2010 10:48:44 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 13 time(s).
10/29/2010 10:46:57 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 12 time(s).
10/29/2010 10:46:57 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 6 time(s).
10/29/2010 10:45:35 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 11 time(s).
10/29/2010 10:44:01 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 10 time(s).
10/29/2010 10:32:37 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 9 time(s).
10/29/2010 10:21:13 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 8 time(s).
10/29/2010 10:21:13 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 5 time(s).
10/29/2010 10:03:29 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 7 time(s).
10/29/2010 1:42:53 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 124 time(s).
10/29/2010 1:41:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 123 time(s).
10/29/2010 1:39:34 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 122 time(s).
10/29/2010 1:39:34 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 28 time(s).
10/29/2010 1:38:11 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 121 time(s).
10/29/2010 1:36:37 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 120 time(s).
10/29/2010 1:35:03 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 119 time(s).
10/29/2010 1:33:29 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 118 time(s).
10/29/2010 1:31:42 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 117 time(s).
10/29/2010 1:31:42 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 27 time(s).
10/29/2010 1:30:20 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 116 time(s).
10/29/2010 1:28:46 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 115 time(s).
10/29/2010 1:27:12 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 114 time(s).
10/29/2010 1:25:38 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 113 time(s).
10/29/2010 1:23:52 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 112 time(s).
10/29/2010 1:23:52 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 26 time(s).
10/29/2010 1:22:30 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 111 time(s).
10/29/2010 1:20:55 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 110 time(s).
10/29/2010 1:19:21 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 109 time(s).
10/29/2010 1:17:47 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 108 time(s).
10/29/2010 1:16:02 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 107 time(s).
10/29/2010 1:16:02 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 25 time(s).
10/29/2010 1:14:39 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 106 time(s).
10/29/2010 1:13:05 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 105 time(s).
10/29/2010 1:11:30 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 104 time(s).
10/29/2010 1:09:56 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 103 time(s).
10/29/2010 1:08:10 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 102 time(s).
10/29/2010 1:08:10 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 24 time(s).
10/29/2010 1:06:48 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 101 time(s).
10/29/2010 1:05:14 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 100 time(s).
10/29/2010 1:03:40 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 99 time(s).
10/29/2010 1:02:06 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 98 time(s).
10/29/2010 1:00:20 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 97 time(s).
10/29/2010 1:00:20 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 23 time(s).
10/28/2010 11:50:07 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 1:32:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
10/27/2010 12:37:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 (KB2249857).

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: BIOSTAR Group
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: BIOSTAR Group
System Product Name: A780L
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 194):
0x82A46000 \SystemRoot\system32\ntkrnlpa.exe
0x82A0F000 \SystemRoot\system32\halmacpi.dll
0x80BC6000 \SystemRoot\system32\kdcom.dll
0x8B40C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8B417000 \SystemRoot\system32\PSHED.dll
0x8B428000 \SystemRoot\system32\BOOTVID.dll
0x8B430000 \SystemRoot\system32\CLFS.SYS
0x8B472000 \SystemRoot\system32\CI.dll
0x8B51D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B58E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B59C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B5E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B5ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B61C000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B646000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B651000 \SystemRoot\System32\drivers\partmgr.sys
0x8B662000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B672000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B6BD000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B6C4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B6D2000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B6E8000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B6F1000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B714000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B71D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B751000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B816000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B945000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B970000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B983000 \SystemRoot\System32\Drivers\cng.sys
0x8B9E0000 \SystemRoot\System32\drivers\pcw.sys
0x8B9EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA2E000 \SystemRoot\system32\drivers\ndis.sys
0x8BAE5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB23000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC32000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD7B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDAC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BDB5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDF4000 \SystemRoot\System32\Drivers\spldr.sys
0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BB48000 \SystemRoot\System32\Drivers\mup.sys
0x8BB58000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB60000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BB92000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BBA3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BA1F000 \SystemRoot\System32\Drivers\Null.SYS
0x8BA26000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B800000 \SystemRoot\System32\drivers\vga.sys
0x8B762000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B783000 \SystemRoot\System32\drivers\watchdog.sys
0x8B80C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B9F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B790000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B798000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B7A3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B7B1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B7C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90628000 \SystemRoot\system32\drivers\afd.sys
0x90682000 \SystemRoot\System32\DRIVERS\netbt.sys
0x906B4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x906BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x906DA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x906E8000 \SystemRoot\system32\DRIVERS\serial.sys
0x90702000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90715000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90725000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9072B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x9074D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90753000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90794000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9079E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x907A8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x907B2000 \SystemRoot\System32\drivers\discache.sys
0x9102B000 \SystemRoot\system32\drivers\csc.sys
0x9108F000 \SystemRoot\System32\Drivers\dfsc.sys
0x910A7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x910B5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x910D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x910F8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x91239000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91109000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9174E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91787000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x917A6000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x917CB000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91803000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9184E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9185D000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x91876000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91881000 \SystemRoot\system32\DRIVERS\parport.sys
0x91899000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x918B1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x918BE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x918CB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x918D5000 \SystemRoot\system32\drivers\ctaud2k.sys
0x91953000 \SystemRoot\system32\drivers\portcls.sys
0x91982000 \SystemRoot\system32\drivers\drmk.sys
0x9199B000 \SystemRoot\system32\drivers\ks.sys
0x91200000 \SystemRoot\system32\drivers\ctoss2k.sys
0x919CF000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x919D7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x919E0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x919ED000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x917D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x917ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x911C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x911E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x907BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91017000 \SystemRoot\System32\Drivers\pcouffin.sys
0x907D5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x907DF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93207000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9324B000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x93255000 \SystemRoot\system32\drivers\hap17v2k.sys
0x93287000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x93391000 \SystemRoot\system32\drivers\emupia2k.sys
0x933C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x933D1000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x93E24000 \SystemRoot\system32\drivers\HdAudio.sys
0x93E74000 \SystemRoot\system32\COMMONFX.DLL
0x93E8F000 \SystemRoot\system32\CTAUDFX.DLL
0x93F1A000 \SystemRoot\system32\CTSBLFX.DLL
0x82500000 \SystemRoot\System32\win32k.sys
0x93FA8000 \SystemRoot\System32\drivers\Dxapi.sys
0x93FB2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93FBF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93FCA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93FD3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93FE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82760000 \SystemRoot\System32\TSDDD.dll
0x82790000 \SystemRoot\System32\cdd.dll
0x93E00000 \SystemRoot\system32\drivers\luafv.sys
0x90600000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8BBC8000 \SystemRoot\system32\drivers\WudfPf.sys
0x93FEF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90615000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9983B000 \SystemRoot\system32\drivers\HTTP.sys
0x998C0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x998D9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x998EB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9990E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99949000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99964000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA0C1F000 \SystemRoot\system32\drivers\peauth.sys
0xA0CB6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0CC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0D4B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0D58000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0DA7000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0C00000 \??\C:\Users\GARYBU~1\AppData\Local\Temp\awliypoc.sys
0xA0CE1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x776D0000 \Windows\System32\ntdll.dll
0x47760000 \Windows\System32\smss.exe
0x77910000 \Windows\System32\apisetschema.dll
0x003A0000 \Windows\System32\autochk.exe
0x778C0000 \Windows\System32\ws2_32.dll
0x77810000 \Windows\System32\msvcrt.dll
0x776B0000 \Windows\System32\imm32.dll
0x77660000 \Windows\System32\gdi32.dll
0x775B0000 \Windows\System32\rpcrt4.dll
0x77450000 \Windows\System32\ole32.dll
0x773B0000 \Windows\System32\advapi32.dll
0x772B0000 \Windows\System32\wininet.dll
0x77220000 \Windows\System32\oleaut32.dll
0x770E0000 \Windows\System32\urlmon.dll
0x77000000 \Windows\System32\kernel32.dll
0x76FB0000 \Windows\System32\Wldap32.dll
0x76F90000 \Windows\System32\sechost.dll
0x76F80000 \Windows\System32\normaliz.dll
0x76330000 \Windows\System32\shell32.dll
0x76300000 \Windows\System32\imagehlp.dll
0x762A0000 \Windows\System32\difxapi.dll
0x76100000 \Windows\System32\setupapi.dll
0x760F0000 \Windows\System32\psapi.dll
0x76070000 \Windows\System32\comdlg32.dll
0x75FE0000 \Windows\System32\clbcatq.dll
0x75F40000 \Windows\System32\usp10.dll
0x75F30000 \Windows\System32\nsi.dll
0x75F20000 \Windows\System32\lpk.dll
0x75D20000 \Windows\System32\iertutil.dll
0x75C50000 \Windows\System32\msctf.dll
0x75B80000 \Windows\System32\user32.dll
0x75B20000 \Windows\System32\shlwapi.dll
0x75B00000 \Windows\System32\devobj.dll
0x75A70000 \Windows\System32\comctl32.dll
0x75950000 \Windows\System32\crypt32.dll
0x75900000 \Windows\System32\KernelBase.dll
0x758D0000 \Windows\System32\wintrust.dll
0x758A0000 \Windows\System32\cfgmgr32.dll
0x75890000 \Windows\System32\msasn1.dll

Processes (total 49):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
376 csrss.exe
448 C:\Windows\System32\wininit.exe
456 csrss.exe
496 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
556 C:\Windows\System32\winlogon.exe
676 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\atiesrxx.exe
920 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\atieclxx.exe
1372 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\spoolsv.exe
1516 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1540 C:\Windows\System32\svchost.exe
1632 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1752 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1776 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\conhost.exe
1832 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2020 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2112 C:\Windows\System32\svchost.exe
2192 C:\Windows\System32\taskhost.exe
2432 C:\Windows\System32\dwm.exe
2516 C:\Windows\explorer.exe
2620 C:\Windows\System32\CtHelper.exe
2636 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2656 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
2688 C:\Program Files\Windows Sidebar\sidebar.exe
3056 C:\Windows\System32\SearchIndexer.exe
3952 C:\Users\Gary Buriani\Documents\ShowMyPC3010.exe
3972 C:\Users\GARYBU~1\AppData\Local\Temp\IXP000.TMP\SMPCSetup.exe
2932 C:\Windows\System32\svchost.exe
164 C:\Windows\System32\svchost.exe
3544 C:\Windows\System32\audiodg.exe
1404 C:\Program Files\Mozilla Firefox\firefox.exe
4084 C:\Program Files\Mozilla Firefox\plugin-container.exe
688 C:\Windows\System32\SearchProtocolHost.exe
3700 C:\Windows\System32\SearchFilterHost.exe
2796 C:\Users\Gary Buriani\Downloads\MBRCheck.exe
1304 C:\Windows\System32\conhost.exe
3168 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST3160023A, Rev: 8.01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
I havent installed combofix yet, i wanted to post the mbrcheck log first and wait for instructions.
 
ComboFix 10-11-01.06 - Gary Buriani 11/02/2010 *11:04:24.3.4 - x86
Microsoft Windows 7 Ultimate **6.1.7600.0.1252.1.1033.18.3327.2532 [GMT -7:00]
Running from: c:\users\Gary Buriani\Desktop\test.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( **Other Deletions **)))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\serial.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys

.
((((((((((((((((((((((((( **Files Created from 2010-10-02 to 2010-11-02 *)))))))))))))))))))))))))))))))
.

2010-11-02 18:08 . 2010-11-02 18:08 * *-------- * *d-----w- * *c:\users\Default\AppData\Local\temp
2010-11-02 15:41 . 2010-10-07 23:21 * *6146896 * *----a-w- * *c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC55999A-0E5E-4F40-A6CD-7B33C7F709F5}\mpengine.dll
2010-10-31 02:16 . 2010-11-02 18:10 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\temp
2010-10-26 17:28 . 2010-08-04 06:18 * *641536 * *----a-w- * *c:\windows\system32\CPFilters.dll
2010-10-26 17:28 . 2010-08-04 06:17 * *417792 * *----a-w- * *c:\windows\system32\msdri.dll
2010-10-26 17:28 . 2010-08-04 06:15 * *204288 * *----a-w- * *c:\windows\system32\MSNP.ax
2010-10-26 17:28 . 2010-08-04 06:15 * *199680 * *----a-w- * *c:\windows\system32\mpg2splt.ax
2010-10-26 17:28 . 2010-07-13 05:22 * *26504 * *----a-w- * *c:\windows\system32\drivers\Diskdump.sys
2010-10-20 14:01 . 2010-10-20 14:01 * *469256 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\3d8452181cb705f2d\InstallManager_WLE_WLE.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *15712 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\351450c71cb705f22\MeshBetaRemover.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DSETUP.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DXSETUP.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\dsetup32.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DSETUP.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DXSETUP.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\dsetup32.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *6260088 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\1f01d0bb1cb705f0e\Silverlight.4.0.exe
2010-10-20 13:59 . 2010-10-20 13:59 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\Windows Live
2010-10-20 13:59 . 2010-05-23 10:11 * *196608 * *----a-w- * *c:\windows\system32\mfreadwrite.dll
2010-10-20 13:59 . 2010-05-23 10:11 * *3181568 * *----a-w- * *c:\windows\system32\mf.dll
2010-10-20 13:59 . 2010-05-23 10:15 * *1619456 * *----a-w- * *c:\windows\system32\WMVDECOD.DLL
2010-10-20 01:17 . 2010-10-20 01:19 * *-------- * *d-----w- * *c:\program files\SUPERAntiSpyware
2010-10-20 01:06 . 2010-04-29 22:39 * *38224 * *----a-w- * *c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 01:06 . 2010-04-29 22:39 * *20952 * *----a-w- * *c:\windows\system32\drivers\mbam.sys
2010-10-18 21:28 . 2010-10-18 21:28 * *388096 * *----a-r- * *c:\users\Gary Buriani\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 04:56 . 2010-09-01 02:34 * *2327552 * *----a-w- * *c:\windows\system32\win32k.sys
2010-10-14 04:56 . 2010-08-27 05:46 * *168448 * *----a-w- * *c:\windows\system32\srvsvc.dll
2010-10-14 04:56 . 2010-08-27 03:31 * *310784 * *----a-w- * *c:\windows\system32\drivers\srv.sys
2010-10-14 04:56 . 2010-08-27 03:30 * *308736 * *----a-w- * *c:\windows\system32\drivers\srv2.sys
2010-10-14 04:56 . 2010-08-27 03:30 * *113664 * *----a-w- * *c:\windows\system32\drivers\srvnet.sys
2010-10-14 04:56 . 2010-08-21 05:36 * *738816 * *----a-w- * *c:\windows\system32\wmpmde.dll
2010-10-14 04:56 . 2010-05-05 06:46 * *363520 * *----a-w- * *c:\windows\system32\StructuredQuery.dll
2010-10-07 14:24 . 2010-10-07 14:24 * *674280 * *----a-w- * *c:\windows\system32\thescarecrow_3264060.scr
2010-10-07 14:22 . 2010-10-07 14:22 * *674280 * *----a-w- * *c:\windows\system32\thethanksgivingfeast_3264061.scr

.
(((((((((((((((((((((((((((((((((((((((( **Find3M Report **))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2010-07-04 18:34 * *222080 * *------w- * *c:\windows\system32\MpSigStub.exe
2010-09-30 21:25 . 2010-09-30 21:25 * *30376 * *----a-w- * *c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18 * *89256 * *----a-w- * *c:\windows\system32\ElbyCDIO.dll
2010-09-21 21:03 . 2010-09-21 21:03 * *208768 * *----a-w- * *c:\windows\system32\LIVESSP.DLL
2010-09-14 13:16 . 2010-09-14 13:16 * *108480 * *----a-w- * *c:\windows\system32\drivers\AnyDVD.sys
2010-09-07 17:04 . 2010-08-11 16:47 * *1286016 * *----a-w- * *c:\windows\system32\drivers\tcpip.sys
2010-09-07 15:57 . 2010-09-07 15:57 * *0 * *----a-w- * *c:\users\Gary Buriani\AppData\Local\Dgewutoqi.bin
2010-09-05 02:29 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\users\Gary Buriani\AppData\Roaming\pcouffin.sys
2010-09-05 02:13 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\windows\system32\drivers\pcouffin.sys
2010-08-26 21:22 . 2010-08-26 21:22 * *411368 * *----a-w- * *c:\windows\system32\deploytk.dll
2010-08-21 05:32 . 2010-09-15 15:06 * *316928 * *----a-w- * *c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( **Reg Loading Points **))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-10-02 4537280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages * *REG_MULTI_SZ ** * *kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gary Buriani\AppData\Roaming\Mozilla\Firefox\Profiles\zndw0ill.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); *// Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); *// Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST3160023A rev.8.01 -> \Device\Ide\IdePort0

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x862B8EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85d10872; SUB DWORD [EBP-0x4], 0x85d1012e; PUSH EDI; CALL 0xffffffffffffdf33; *}
1 ntkrnlpa!IofCallDriver[0x82A58458] -> \Device\Harddisk0\DR0[0x85FC7030]
3 CLASSPNP[0x8BBA259E] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x85E873F8]
5 ACPI[0x8B5AA3B2] -> ntkrnlpa!IofCallDriver[0x82A58458] -> \IdeDeviceP3T0L0-3[0x85E8C908]
[0x862A2848] -> IRP_MJ_CREATE -> 0x862B8EC5
error: Read *The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; *}
detected hooks:
\Device\Ide\IdeDeviceP3T0L0-3 -> \??\IDE#DiskST3160023A______________________________8.01____#5&2819fc14&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

Filesystem trace:
called modules: ntkrnlpa.exe halmacpi.dll fltmgr.sys avgntflt.sys luafv.sys fileinfo.sys Ntfs.sys
1 ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862AF020]
3 fltmgr[0x8B712206] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862B4020]
5 ntkrnlpa[0x82C59F69] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862AF020]
7 fltmgr[0x8B712206] -> ntkrnlpa!IofCallDriver[0x82A58458] -> [0x862B4020]

Registry trace:
called modules: ntkrnlpa.exe halmacpi.dll avipbb.sys

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1016)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\system32\prnfldr.dll
c:\windows\System32\AltTab.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\sppsvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2010-11-02 *11:13:28 - machine was rebooted
ComboFix-quarantined-files.txt *2010-11-02 18:13
ComboFix2.txt *2010-10-31 02:26

Pre-Run: 114,781,896,704 bytes free
Post-Run: 114,685,358,080 bytes free

- - End Of File - - 57EF89EA9314D8EBA2188299C0F7BA45
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2010/11/02 19:44:25.0635 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 19:44:25.0635 ================================================================================
2010/11/02 19:44:25.0635 SystemInfo:
2010/11/02 19:44:25.0635
2010/11/02 19:44:25.0635 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/02 19:44:25.0635 Product type: Workstation
2010/11/02 19:44:25.0635 ComputerName: GARYBURIANI-PC
2010/11/02 19:44:25.0635 UserName: Gary Buriani
2010/11/02 19:44:25.0635 Windows directory: C:\Windows
2010/11/02 19:44:25.0635 System windows directory: C:\Windows
2010/11/02 19:44:25.0635 Processor architecture: Intel x86
2010/11/02 19:44:25.0635 Number of processors: 4
2010/11/02 19:44:25.0635 Page size: 0x1000
2010/11/02 19:44:25.0635 Boot type: Normal boot
2010/11/02 19:44:25.0635 ================================================================================
2010/11/02 19:44:25.0791 Initialize success
2010/11/02 19:44:37.0959 ================================================================================
2010/11/02 19:44:37.0959 Scan started
2010/11/02 19:44:37.0959 Mode: Manual;
2010/11/02 19:44:37.0959 ================================================================================
2010/11/02 19:44:38.0864 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/02 19:44:38.0910 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/02 19:44:38.0942 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/02 19:44:38.0988 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/02 19:44:39.0035 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/02 19:44:39.0066 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/02 19:44:39.0129 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/11/02 19:44:39.0238 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/02 19:44:39.0378 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/11/02 19:44:39.0410 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/02 19:44:39.0472 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/11/02 19:44:39.0503 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/02 19:44:39.0550 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/02 19:44:39.0581 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/02 19:44:39.0628 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/02 19:44:39.0690 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/02 19:44:39.0722 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/02 19:44:39.0800 AnyDVD (2859c5ec3943911bf1e6458089a75f35) C:\Windows\system32\Drivers\AnyDVD.sys
2010/11/02 19:44:39.0862 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/11/02 19:44:39.0924 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/11/02 19:44:39.0956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/02 19:44:40.0002 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/02 19:44:40.0034 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/02 19:44:40.0205 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/02 19:44:40.0392 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/02 19:44:40.0424 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/02 19:44:40.0502 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/11/02 19:44:40.0564 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/02 19:44:40.0626 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/11/02 19:44:40.0689 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/02 19:44:40.0736 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/02 19:44:40.0782 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/02 19:44:40.0814 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/02 19:44:40.0892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/11/02 19:44:40.0938 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/02 19:44:40.0970 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/02 19:44:41.0001 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/02 19:44:41.0063 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/02 19:44:41.0235 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/02 19:44:41.0266 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/02 19:44:41.0313 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/02 19:44:41.0360 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/11/02 19:44:41.0438 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/02 19:44:41.0469 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/02 19:44:41.0531 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/11/02 19:44:41.0578 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\Windows\system32\COMMONFX.DLL
2010/11/02 19:44:41.0609 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/02 19:44:41.0656 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/02 19:44:41.0718 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/02 19:44:41.0765 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/11/02 19:44:41.0812 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\Windows\system32\CT20XUT.DLL
2010/11/02 19:44:41.0874 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\Windows\system32\drivers\ctac32k.sys
2010/11/02 19:44:41.0937 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\Windows\system32\drivers\ctaud2k.sys
2010/11/02 19:44:41.0999 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\Windows\system32\CTAUDFX.DLL
2010/11/02 19:44:42.0062 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\Windows\system32\drivers\ctdvda2k.sys
2010/11/02 19:44:42.0108 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\Windows\system32\CTEAPSFX.DLL
2010/11/02 19:44:42.0140 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\Windows\system32\CTEDSPFX.DLL
2010/11/02 19:44:42.0186 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\Windows\system32\CTEDSPIO.DLL
2010/11/02 19:44:42.0249 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\Windows\system32\CTEDSPSY.DLL
2010/11/02 19:44:42.0296 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\Windows\system32\CTERFXFX.DLL
2010/11/02 19:44:42.0358 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\Windows\system32\CTEXFIFX.DLL
2010/11/02 19:44:42.0436 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\Windows\system32\CTHWIUT.DLL
2010/11/02 19:44:42.0498 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\Windows\system32\drivers\ctprxy2k.sys
2010/11/02 19:44:42.0561 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\Windows\system32\CTSBLFX.DLL
2010/11/02 19:44:42.0639 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\Windows\system32\drivers\ctsfm2k.sys
2010/11/02 19:44:42.0717 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/11/02 19:44:42.0779 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/11/02 19:44:42.0810 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/11/02 19:44:42.0904 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/11/02 19:44:42.0982 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/02 19:44:43.0107 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/11/02 19:44:43.0263 ElbyCDIO (64664287ca449c060fe46941dd67dd5f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/11/02 19:44:43.0310 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/02 19:44:43.0372 emupia (2885f72d2daffd0329272f12e16d6579) C:\Windows\system32\drivers\emupia2k.sys
2010/11/02 19:44:43.0434 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/02 19:44:43.0512 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/11/02 19:44:43.0590 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/11/02 19:44:43.0637 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/02 19:44:43.0684 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/11/02 19:44:43.0746 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/11/02 19:44:43.0778 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/02 19:44:43.0809 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/11/02 19:44:43.0902 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/11/02 19:44:43.0934 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/02 19:44:43.0980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/02 19:44:44.0012 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/02 19:44:44.0074 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\Windows\system32\drivers\ha10kx2k.sys
2010/11/02 19:44:44.0152 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\Windows\system32\drivers\hap16v2k.sys
2010/11/02 19:44:44.0199 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\Windows\system32\drivers\hap17v2k.sys
2010/11/02 19:44:44.0246 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/02 19:44:44.0308 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/11/02 19:44:44.0355 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/02 19:44:44.0417 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/02 19:44:44.0464 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/02 19:44:44.0495 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/02 19:44:44.0542 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/02 19:44:44.0620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/02 19:44:44.0682 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/11/02 19:44:44.0745 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/02 19:44:44.0776 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/02 19:44:44.0838 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/02 19:44:44.0870 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/02 19:44:44.0916 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/02 19:44:44.0963 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/02 19:44:45.0010 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/02 19:44:45.0072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/02 19:44:45.0104 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/11/02 19:44:45.0150 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/11/02 19:44:45.0228 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/02 19:44:45.0291 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/02 19:44:45.0322 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/02 19:44:45.0369 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/02 19:44:45.0416 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/02 19:44:45.0462 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/02 19:44:45.0540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/02 19:44:45.0603 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/02 19:44:45.0634 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/02 19:44:45.0681 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/02 19:44:45.0712 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/02 19:44:45.0743 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/11/02 19:44:45.0806 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/02 19:44:45.0852 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/02 19:44:45.0915 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/11/02 19:44:45.0946 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/02 19:44:45.0993 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/02 19:44:46.0040 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/02 19:44:46.0071 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/11/02 19:44:46.0133 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/02 19:44:46.0180 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/02 19:44:46.0227 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/02 19:44:46.0289 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/02 19:44:46.0336 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/02 19:44:46.0383 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/02 19:44:46.0461 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/02 19:44:46.0492 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/02 19:44:46.0539 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/11/02 19:44:46.0586 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/02 19:44:46.0617 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/02 19:44:46.0679 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/02 19:44:46.0757 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/02 19:44:46.0804 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/11/02 19:44:46.0866 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/11/02 19:44:46.0898 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/02 19:44:46.0944 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/11/02 19:44:46.0976 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/02 19:44:47.0038 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/11/02 19:44:47.0100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/02 19:44:47.0178 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/11/02 19:44:47.0241 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/02 19:44:47.0288 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/02 19:44:47.0334 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/02 19:44:47.0366 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/02 19:44:47.0444 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/11/02 19:44:47.0475 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/02 19:44:47.0506 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/02 19:44:47.0568 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/02 19:44:47.0600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/11/02 19:44:47.0662 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/02 19:44:47.0724 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/11/02 19:44:47.0802 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/11/02 19:44:47.0834 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/02 19:44:47.0880 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/02 19:44:47.0912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/02 19:44:47.0974 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/02 19:44:48.0052 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\Windows\system32\drivers\ctoss2k.sys
2010/11/02 19:44:48.0114 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/11/02 19:44:48.0177 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/11/02 19:44:48.0208 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/02 19:44:48.0255 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/11/02 19:44:48.0286 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/02 19:44:48.0333 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/02 19:44:48.0426 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/11/02 19:44:48.0473 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/11/02 19:44:48.0536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/11/02 19:44:48.0660 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/02 19:44:48.0692 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/11/02 19:44:48.0738 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/02 19:44:48.0848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/02 19:44:48.0972 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/02 19:44:49.0004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/02 19:44:49.0050 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/02 19:44:49.0097 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/02 19:44:49.0144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/02 19:44:49.0175 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/02 19:44:49.0238 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/02 19:44:49.0284 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/02 19:44:49.0316 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/02 19:44:49.0347 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/02 19:44:49.0394 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/11/02 19:44:49.0456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/02 19:44:49.0518 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/02 19:44:49.0550 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/11/02 19:44:49.0612 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/11/02 19:44:49.0659 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/02 19:44:49.0706 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/11/02 19:44:49.0768 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/02 19:44:49.0846 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/02 19:44:49.0893 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/02 19:44:50.0033 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/02 19:44:50.0080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/02 19:44:50.0158 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/02 19:44:50.0220 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/02 19:44:50.0267 Serial (f000a86e8614313788a313becbae329a) C:\Windows\system32\DRIVERS\serial.sys
2010/11/02 19:44:50.0267 Suspicious file (Forged): C:\Windows\system32\DRIVERS\serial.sys. Real md5: f000a86e8614313788a313becbae329a, Fake md5: 7bda5089e7fa4a74d20b59348417b4e3
2010/11/02 19:44:50.0283 Serial - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/02 19:44:50.0314 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/02 19:44:50.0376 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/02 19:44:50.0423 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/02 19:44:50.0470 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/02 19:44:50.0517 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/02 19:44:50.0595 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/11/02 19:44:50.0657 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/02 19:44:50.0688 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/02 19:44:50.0751 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/11/02 19:44:50.0798 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/11/02 19:44:50.0876 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/02 19:44:50.0954 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/02 19:44:51.0000 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/02 19:44:51.0047 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/02 19:44:51.0125 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/02 19:44:51.0188 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/02 19:44:51.0219 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/02 19:44:51.0266 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/02 19:44:51.0359 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/11/02 19:44:51.0468 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/02 19:44:51.0578 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/02 19:44:51.0640 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/11/02 19:44:51.0687 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/02 19:44:51.0765 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/02 19:44:51.0796 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/02 19:44:51.0874 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/02 19:44:51.0905 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/02 19:44:51.0952 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/02 19:44:51.0999 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/02 19:44:52.0077 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/02 19:44:52.0155 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/02 19:44:52.0186 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/02 19:44:52.0248 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/02 19:44:52.0280 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/02 19:44:52.0311 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/02 19:44:52.0358 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/02 19:44:52.0389 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/02 19:44:52.0436 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/02 19:44:52.0514 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/02 19:44:52.0560 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/02 19:44:52.0592 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/02 19:44:52.0654 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/02 19:44:52.0701 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/02 19:44:52.0732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/11/02 19:44:52.0779 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/02 19:44:52.0810 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/11/02 19:44:52.0841 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/11/02 19:44:52.0888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/02 19:44:52.0950 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/02 19:44:52.0997 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/02 19:44:53.0044 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/02 19:44:53.0091 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/11/02 19:44:53.0153 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/02 19:44:53.0216 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/02 19:44:53.0278 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/11/02 19:44:53.0340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/02 19:44:53.0372 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 19:44:53.0387 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 19:44:53.0450 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/11/02 19:44:53.0496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/02 19:44:53.0574 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/02 19:44:53.0637 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/11/02 19:44:53.0715 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/02 19:44:53.0777 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/02 19:44:53.0840 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/11/02 19:44:53.0886 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/02 19:44:53.0933 ================================================================================
2010/11/02 19:44:53.0933 Scan finished
2010/11/02 19:44:53.0933 ================================================================================
2010/11/02 19:44:53.0949 Detected object count: 1
2010/11/02 19:46:18.0267 Serial (f000a86e8614313788a313becbae329a) C:\Windows\system32\DRIVERS\serial.sys
2010/11/02 19:46:18.0267 Suspicious file (Forged): C:\Windows\system32\DRIVERS\serial.sys. Real md5: f000a86e8614313788a313becbae329a, Fake md5: 7bda5089e7fa4a74d20b59348417b4e3
2010/11/02 19:46:18.0470 Backup copy found, using it..
2010/11/02 19:46:18.0485 C:\Windows\system32\DRIVERS\serial.sys - will be cured after reboot
2010/11/02 19:46:18.0485 Rootkit.Win32.TDSS.tdl3(Serial) - User select action: Cure
2010/11/02 19:48:17.0482 Deinitialize success
 
ComboFix 10-11-02.06 - Gary Buriani 11/03/2010 *11:01:30.4.4 - x86
Microsoft Windows 7 Ultimate **6.1.7600.0.1252.1.1033.18.3327.2457 [GMT -7:00]
Running from: c:\users\Gary Buriani\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( **Files Created from 2010-10-03 to 2010-11-03 *)))))))))))))))))))))))))))))))
.

2010-11-03 18:04 . 2010-11-03 18:04 * *-------- * *d-----w- * *c:\users\Default\AppData\Local\temp
2010-11-03 16:02 . 2010-11-03 16:02 * *-------- * *d-----w- * *c:\program files\Common Files\Adobe
2010-11-03 02:52 . 2010-11-03 02:53 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\Windows Live Writer
2010-11-03 02:52 . 2010-11-03 02:52 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Roaming\Windows Live Writer
2010-11-02 15:41 . 2010-10-07 23:21 * *6146896 * *----a-w- * *c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC55999A-0E5E-4F40-A6CD-7B33C7F709F5}\mpengine.dll
2010-10-31 02:16 . 2010-11-03 18:04 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\temp
2010-10-26 17:28 . 2010-08-04 06:18 * *641536 * *----a-w- * *c:\windows\system32\CPFilters.dll
2010-10-26 17:28 . 2010-08-04 06:17 * *417792 * *----a-w- * *c:\windows\system32\msdri.dll
2010-10-26 17:28 . 2010-08-04 06:15 * *204288 * *----a-w- * *c:\windows\system32\MSNP.ax
2010-10-26 17:28 . 2010-08-04 06:15 * *199680 * *----a-w- * *c:\windows\system32\mpg2splt.ax
2010-10-26 17:28 . 2010-07-13 05:22 * *26504 * *----a-w- * *c:\windows\system32\drivers\Diskdump.sys
2010-10-20 14:01 . 2010-10-20 14:01 * *469256 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\3d8452181cb705f2d\InstallManager_WLE_WLE.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *15712 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\351450c71cb705f22\MeshBetaRemover.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DSETUP.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\DXSETUP.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2cd9b81f1cb705f1a\dsetup32.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *94040 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DSETUP.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *525656 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\DXSETUP.exe
2010-10-20 14:00 . 2010-10-20 14:00 * *1691480 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\2c0cc82f1cb705f19\dsetup32.dll
2010-10-20 14:00 . 2010-10-20 14:00 * *6260088 * *----a-w- * *c:\program files\Common Files\Windows Live\.cache\1f01d0bb1cb705f0e\Silverlight.4.0.exe
2010-10-20 13:59 . 2010-11-03 02:54 * *-------- * *d-----w- * *c:\users\Gary Buriani\AppData\Local\Windows Live
2010-10-20 13:59 . 2010-05-23 10:11 * *196608 * *----a-w- * *c:\windows\system32\mfreadwrite.dll
2010-10-20 13:59 . 2010-05-23 10:11 * *3181568 * *----a-w- * *c:\windows\system32\mf.dll
2010-10-20 13:59 . 2010-05-23 10:15 * *1619456 * *----a-w- * *c:\windows\system32\WMVDECOD.DLL
2010-10-20 01:17 . 2010-10-20 01:19 * *-------- * *d-----w- * *c:\program files\SUPERAntiSpyware
2010-10-20 01:06 . 2010-04-29 22:39 * *38224 * *----a-w- * *c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 01:06 . 2010-04-29 22:39 * *20952 * *----a-w- * *c:\windows\system32\drivers\mbam.sys
2010-10-18 21:28 . 2010-10-18 21:28 * *388096 * *----a-r- * *c:\users\Gary Buriani\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 04:56 . 2010-09-01 02:34 * *2327552 * *----a-w- * *c:\windows\system32\win32k.sys
2010-10-14 04:56 . 2010-08-27 05:46 * *168448 * *----a-w- * *c:\windows\system32\srvsvc.dll
2010-10-14 04:56 . 2010-08-27 03:31 * *310784 * *----a-w- * *c:\windows\system32\drivers\srv.sys
2010-10-14 04:56 . 2010-08-27 03:30 * *308736 * *----a-w- * *c:\windows\system32\drivers\srv2.sys
2010-10-14 04:56 . 2010-08-27 03:30 * *113664 * *----a-w- * *c:\windows\system32\drivers\srvnet.sys
2010-10-14 04:56 . 2010-08-21 05:36 * *738816 * *----a-w- * *c:\windows\system32\wmpmde.dll
2010-10-14 04:56 . 2010-05-05 06:46 * *363520 * *----a-w- * *c:\windows\system32\StructuredQuery.dll
2010-10-07 14:24 . 2010-10-07 14:24 * *674280 * *----a-w- * *c:\windows\system32\thescarecrow_3264060.scr
2010-10-07 14:22 . 2010-10-07 14:22 * *674280 * *----a-w- * *c:\windows\system32\thethanksgivingfeast_3264061.scr

.
(((((((((((((((((((((((((((((((((((((((( **Find3M Report **))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 02:48 . 2009-07-13 23:45 * *83456 * *----a-w- * *c:\windows\system32\drivers\serial.sys
2010-10-19 18:41 . 2010-07-04 18:34 * *222080 * *------w- * *c:\windows\system32\MpSigStub.exe
2010-09-30 21:25 . 2010-09-30 21:25 * *30376 * *----a-w- * *c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18 * *89256 * *----a-w- * *c:\windows\system32\ElbyCDIO.dll
2010-09-21 21:03 . 2010-09-21 21:03 * *208768 * *----a-w- * *c:\windows\system32\LIVESSP.DLL
2010-09-14 13:16 . 2010-09-14 13:16 * *108480 * *----a-w- * *c:\windows\system32\drivers\AnyDVD.sys
2010-09-07 17:04 . 2010-08-11 16:47 * *1286016 * *----a-w- * *c:\windows\system32\drivers\tcpip.sys
2010-09-07 15:57 . 2010-09-07 15:57 * *0 * *----a-w- * *c:\users\Gary Buriani\AppData\Local\Dgewutoqi.bin
2010-09-05 02:29 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\users\Gary Buriani\AppData\Roaming\pcouffin.sys
2010-09-05 02:13 . 2010-09-05 02:13 * *47360 * *----a-w- * *c:\windows\system32\drivers\pcouffin.sys
2010-08-26 21:22 . 2010-08-26 21:22 * *411368 * *----a-w- * *c:\windows\system32\deploytk.dll
2010-08-21 05:32 . 2010-09-15 15:06 * *316928 * *----a-w- * *c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( **Reg Loading Points **))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-10-02 4537280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages * *REG_MULTI_SZ ** * *kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gary Buriani\AppData\Roaming\Mozilla\Firefox\Profiles\zndw0ill.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); *// Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); *// Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3620)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
.
Completion time: 2010-11-03 *11:05:00
ComboFix-quarantined-files.txt *2010-11-03 18:05
ComboFix2.txt *2010-11-02 18:13
ComboFix3.txt *2010-10-31 02:26

Pre-Run: 113,526,280,192 bytes free
Post-Run: 113,508,032,512 bytes free

- - End Of File - - EF0C671D7676CE33228B6954F1138B41
 
Looks good :)

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back