e1wasf
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by e1wasf
-
-
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5247
Windows 6.1.7601 Service Pack 1, v.178
Internet Explorer 8.0.7601.16562
5/12/2010 5:23:58 PM
mbam-log-2010-12-05 (17-23-58).txt
Scan type: Quick scan
Objects scanned: 143937
Time elapsed: 2 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Avira AntiVir Personal
Report file date: Sunday, 5 December 2010 01:09
Scanning for 3118676 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (Service Pack 1, v.178) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : EVAN-PC
Version information:
BUILD.DAT : 10.0.0.596 31825 Bytes 16/11/2010 15:57:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 2/08/2010 05:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 02:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 2/08/2010 05:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 13:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 23:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 09:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 07:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 06:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 01:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 05:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 05:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 05:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:02:12
VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 14:02:21
VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 14:02:22
VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 14:02:22
VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 14:02:23
VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 14:02:24
VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 14:02:27
VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 14:02:28
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:02:31
VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 14:02:33
VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 14:02:35
VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 14:02:36
VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 14:02:37
VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 14:02:39
VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 14:02:41
VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 14:02:43
VBASE024.VDF : 7.10.14.175 126464 Bytes 3/12/2010 14:02:45
VBASE025.VDF : 7.10.14.176 2048 Bytes 3/12/2010 14:02:45
VBASE026.VDF : 7.10.14.177 2048 Bytes 3/12/2010 14:02:46
VBASE027.VDF : 7.10.14.178 2048 Bytes 3/12/2010 14:02:46
VBASE028.VDF : 7.10.14.179 2048 Bytes 3/12/2010 14:02:46
VBASE029.VDF : 7.10.14.180 2048 Bytes 3/12/2010 14:02:47
VBASE030.VDF : 7.10.14.181 2048 Bytes 3/12/2010 14:02:47
VBASE031.VDF : 7.10.14.189 37888 Bytes 3/12/2010 14:02:48
Engineversion : 8.2.4.120
AEVDF.DLL : 8.1.2.1 106868 Bytes 2/08/2010 05:09:54
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 4/12/2010 14:03:21
AESCN.DLL : 8.1.7.2 127349 Bytes 4/12/2010 14:03:18
AESBX.DLL : 8.1.3.2 254324 Bytes 4/12/2010 14:03:23
AERDL.DLL : 8.1.9.2 635252 Bytes 4/12/2010 14:03:17
AEPACK.DLL : 8.2.4.1 512375 Bytes 4/12/2010 14:03:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 4/12/2010 14:03:10
AEHEUR.DLL : 8.1.2.52 3109238 Bytes 4/12/2010 14:03:09
AEHELP.DLL : 8.1.16.0 246136 Bytes 4/12/2010 14:02:59
AEGEN.DLL : 8.1.5.0 397685 Bytes 4/12/2010 14:02:58
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/12/2010 14:02:56
AECORE.DLL : 8.1.19.0 196984 Bytes 4/12/2010 14:02:54
AEBB.DLL : 8.1.1.0 53618 Bytes 2/08/2010 05:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2/08/2010 05:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 2/08/2010 05:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 04:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 2/08/2010 05:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2/08/2010 05:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 2/08/2010 05:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2/08/2010 05:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 04:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2/08/2010 05:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 04:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 03:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/08/2010 05:10:08
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Sunday, 5 December 2010 01:09
Starting search for hidden objects.
HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\languagelist
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\p2pcollab.dll,-8042
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\qagentrt.dll,-10
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\dnsapi.dll,-103
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-843
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-844
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'opera.exe' - '107' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'DllHost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '103' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '49' Module(s) have been scanned
Scan process 'wweb32.exe' - '32' Module(s) have been scanned
Scan process 'Rainmeter.exe' - '76' Module(s) have been scanned
Scan process 'HUD.exe' - '34' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'reader_sl.exe' - '20' Module(s) have been scanned
Scan process 'VDeck.exe' - '57' Module(s) have been scanned
Scan process 'itype.exe' - '59' Module(s) have been scanned
Scan process 'Explorer.EXE' - '189' Module(s) have been scanned
Scan process 'taskhost.exe' - '50' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
Scan process 'NBService.exe' - '51' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '24' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '71' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '92' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '150' Module(s) have been scanned
Scan process 'svchost.exe' - '114' Module(s) have been scanned
Scan process 'svchost.exe' - '103' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '72' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Boot sector 'D:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '383' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe
[DETECTION] Is the TR/Buzus.cinr Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir
[DETECTION] Is the TR/Spy.Agent.212992 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir
[DETECTION] Is the TR/VB.Inject.II.5 Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir
[DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm
C:\Qoobox\Quarantine\C\Windows\framework.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir
[DETECTION] Is the TR/Spy.96256.35 Trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus
--> bpac/Bombapack.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
--> CustomClass.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
--> dostuff.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.B Java virus
--> mosdef.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.C Java virus
--> SiteError.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.D Java virus
--> SuperPolicy.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus
--> a4cb9b1a8a5.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus
--> a66d578f084.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus
--> aa79d1019d8.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus
--> ab16db71cdc.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus
--> ab5601d4848.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus
--> ae28546890f.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus
--> af439f03798.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus
--> Client.class
[DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus
--> a4cb9b1a8a5.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus
--> a66d578f084.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus
--> aa79d1019d8.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus
--> ab16db71cdc.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus
--> ab5601d4848.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus
--> ae28546890f.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus
--> af439f03798.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Users\Evan\AppData\Roaming\awqyfeb.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\cfxsibl.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\cywelkj.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\dphmosj.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\dzoiakq.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\fncdtqe.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\fqkenby.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\ftocyye.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\gbsxcuo.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\gibmfis.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\hpnjbyj.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\hthpxiy.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\hyecael.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\icbuxha.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
C:\Users\Evan\AppData\Roaming\iovzqpb.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\iswztnt.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\jdqetzt.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\jflldmo.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\jzcospg.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\lrvjwjb.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\mgnrzzq.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
C:\Users\Evan\AppData\Roaming\mrvphbz.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\mycomputp.dll
[DETECTION] Is the TR/Spy.75776.26 Trojan
C:\Users\Evan\AppData\Roaming\nrvtymn.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\nuotiem.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\olntwll.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\ovujbzz.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\packet.exe
[DETECTION] Is the TR/VBKrypt.dlc Trojan
C:\Users\Evan\AppData\Roaming\pdiolxr.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\qbowqth.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\qjgskpq.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\quscblv.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\rapthsp.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\rrhflfq.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\shtgurs.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
C:\Users\Evan\AppData\Roaming\tlwkvcl.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\trpjyqb.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\uigljis.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\uuxwtnm.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\vckypiz.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\vhmnzzq.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\vhuhykr.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\vuwnufn.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\vwvbwzl.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\ycwwfnz.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
C:\Users\Evan\AppData\Roaming\ymdjsau.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\ysybmyz.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
C:\Users\Evan\AppData\Roaming\yvrfwyu.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Evan\AppData\Roaming\zculrje.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Evan\AppData\Roaming\zlyqlpy.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'D:\'
D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe
[DETECTION] Is the TR/Agent.4964526 Trojan
D:\Music\Opeth\opeth - damnation - in my time of need.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Music\Opeth\opeth - harvest.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Music\Pantera\pantera - cementery gates.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Music\Pantera\pantera - this love.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe
[0] Archive type: NSIS
[DETECTION] Is the TR/Dldr.Inject.ahi Trojan
--> [unknownDir]/LiveUpdate.exe
[DETECTION] Is the TR/Dldr.Inject.ahi Trojan
Beginning disinfection:
D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe
[DETECTION] Is the TR/Dldr.Inject.ahi Trojan
[NOTE] The file was moved to the quarantine directory under the name '480cf1b0.qua'.
D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '50aade2b.qua'.
D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '02c984fd.qua'.
D:\Music\Pantera\pantera - this love.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '64f7cb3f.qua'.
D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '2173e604.qua'.
D:\Music\Pantera\pantera - cementery gates.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '5e68d466.qua'.
D:\Music\Opeth\opeth - harvest.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '12e7f803.qua'.
D:\Music\Opeth\opeth - damnation - in my time of need.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '6effb851.qua'.
D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe
[DETECTION] Is the TR/Agent.4964526 Trojan
[NOTE] The file was moved to the quarantine directory under the name '43899707.qua'.
C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5acdac99.qua'.
C:\Users\Evan\AppData\Roaming\zlyqlpy.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '36bd80b4.qua'.
C:\Users\Evan\AppData\Roaming\zculrje.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4718b936.qua'.
C:\Users\Evan\AppData\Roaming\yvrfwyu.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '490189ec.qua'.
C:\Users\Evan\AppData\Roaming\ysybmyz.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c37f0a3.qua'.
C:\Users\Evan\AppData\Roaming\ymdjsau.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0511f40e.qua'.
C:\Users\Evan\AppData\Roaming\ycwwfnz.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d7fed71.qua'.
C:\Users\Evan\AppData\Roaming\vwvbwzl.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '718a94a1.qua'.
C:\Users\Evan\AppData\Roaming\vuwnufn.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f75f479.qua'.
C:\Users\Evan\AppData\Roaming\vhuhykr.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '2c65df1f.qua'.
C:\Users\Evan\AppData\Roaming\vhmnzzq.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '0aa59f02.qua'.
C:\Users\Evan\AppData\Roaming\vckypiz.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '3833e4ac.qua'.
C:\Users\Evan\AppData\Roaming\uuxwtnm.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3261cfcc.qua'.
C:\Users\Evan\AppData\Roaming\uigljis.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d21ab9d.qua'.
C:\Users\Evan\AppData\Roaming\trpjyqb.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '7306a7a1.qua'.
C:\Users\Evan\AppData\Roaming\tlwkvcl.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2665a36c.qua'.
C:\Users\Evan\AppData\Roaming\shtgurs.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2becd258.qua'.
C:\Users\Evan\AppData\Roaming\rrhflfq.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '37bdc64a.qua'.
C:\Users\Evan\AppData\Roaming\rapthsp.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '06668b95.qua'.
C:\Users\Evan\AppData\Roaming\quscblv.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '6a379fbf.qua'.
C:\Users\Evan\AppData\Roaming\qjgskpq.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '23a1bab2.qua'.
C:\Users\Evan\AppData\Roaming\qbowqth.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '783cb27b.qua'.
C:\Users\Evan\AppData\Roaming\pdiolxr.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1e84be90.qua'.
C:\Users\Evan\AppData\Roaming\packet.exe
[DETECTION] Is the TR/VBKrypt.dlc Trojan
[NOTE] The file was moved to the quarantine directory under the name '4934cc35.qua'.
C:\Users\Evan\AppData\Roaming\ovujbzz.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b769b5a.qua'.
C:\Users\Evan\AppData\Roaming\olntwll.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0361e1c2.qua'.
C:\Users\Evan\AppData\Roaming\nuotiem.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '2316e54e.qua'.
C:\Users\Evan\AppData\Roaming\nrvtymn.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '762ba3f9.qua'.
C:\Users\Evan\AppData\Roaming\mycomputp.dll
[DETECTION] Is the TR/Spy.75776.26 Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] The file could not be deleted!
[NOTE] The file is scheduled for deleting after reboot.
C:\Users\Evan\AppData\Roaming\mrvphbz.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1770b41c.qua'.
C:\Users\Evan\AppData\Roaming\mgnrzzq.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '048c88fa.qua'.
C:\Users\Evan\AppData\Roaming\lrvjwjb.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '162df432.qua'.
C:\Users\Evan\AppData\Roaming\jzcospg.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '01509798.qua'.
C:\Users\Evan\AppData\Roaming\jflldmo.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5b49a564.qua'.
C:\Users\Evan\AppData\Roaming\jdqetzt.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '7e49df76.qua'.
C:\Users\Evan\AppData\Roaming\iswztnt.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '0a08c776.qua'.
C:\Users\Evan\AppData\Roaming\iovzqpb.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '280b95f6.qua'.
C:\Users\Evan\AppData\Roaming\icbuxha.exe
[DETECTION] Is the TR/VBKrypt.dqr.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5db4ed93.qua'.
C:\Users\Evan\AppData\Roaming\hyecael.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '76e0b1e5.qua'.
C:\Users\Evan\AppData\Roaming\hthpxiy.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '11baf95f.qua'.
C:\Users\Evan\AppData\Roaming\hpnjbyj.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ac0c045.qua'.
C:\Users\Evan\AppData\Roaming\gibmfis.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '5a0aca6d.qua'.
C:\Users\Evan\AppData\Roaming\gbsxcuo.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '10949f7a.qua'.
C:\Users\Evan\AppData\Roaming\ftocyye.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '7eb9b0c0.qua'.
C:\Users\Evan\AppData\Roaming\fqkenby.exe
[DETECTION] Is the TR/VBKrypt.dfi Trojan
[NOTE] The file was moved to the quarantine directory under the name '3395eebd.qua'.
C:\Users\Evan\AppData\Roaming\fncdtqe.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '5b89c985.qua'.
C:\Users\Evan\AppData\Roaming\dzoiakq.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '210cf358.qua'.
C:\Users\Evan\AppData\Roaming\dphmosj.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '5055af0b.qua'.
C:\Users\Evan\AppData\Roaming\cywelkj.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '20a18512.qua'.
C:\Users\Evan\AppData\Roaming\cfxsibl.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5bd2f934.qua'.
C:\Users\Evan\AppData\Roaming\awqyfeb.exe
[DETECTION] Is the TR/VBKrypt.dbb Trojan
[NOTE] The file was moved to the quarantine directory under the name '15908a2f.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '6bddf148.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51
[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
[NOTE] The file was moved to the quarantine directory under the name '1f7ad90d.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394
[DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus
[NOTE] The file was moved to the quarantine directory under the name '14018566.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
[NOTE] The file was moved to the quarantine directory under the name '47a99691.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '22c1bdfc.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[NOTE] The file was moved to the quarantine directory under the name '0a57ed5d.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '7eeab4d5.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e
[DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
[NOTE] The file was moved to the quarantine directory under the name '31f9cc5e.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[NOTE] The file was moved to the quarantine directory under the name '0e2c95f9.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[NOTE] The file was moved to the quarantine directory under the name '7406967c.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[NOTE] The file was moved to the quarantine directory under the name '247c910c.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[NOTE] The file was moved to the quarantine directory under the name '72029b7c.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus
[NOTE] The file was moved to the quarantine directory under the name '35c39f9a.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '1688f119.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus
[NOTE] The file was moved to the quarantine directory under the name '5172d8f7.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '23148b62.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
[NOTE] The file was moved to the quarantine directory under the name '087fc871.qua'.
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '4be3c6fc.qua'.
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir
[DETECTION] Is the TR/Spy.96256.35 Trojan
[NOTE] The file was moved to the quarantine directory under the name '016bbfbf.qua'.
C:\Qoobox\Quarantine\C\Windows\framework.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program
[NOTE] The file was moved to the quarantine directory under the name '0c10a116.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir
[DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm
[NOTE] The file was moved to the quarantine directory under the name '23c7e98f.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1c0da097.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir
[DETECTION] Is the TR/VB.Inject.II.5 Trojan
[NOTE] The file was moved to the quarantine directory under the name '23f3b67d.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm
[NOTE] The file was moved to the quarantine directory under the name '4635e6aa.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6021c1b5.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ca492cd.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '59c9e414.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '22c1e35f.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '04f0e66f.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6878aba7.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4822be17.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2f18d4e3.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '52e0b77c.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ee2b81b.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '46aa839b.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir
[DETECTION] Is the TR/Spy.Agent.212992 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2862ee63.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0dacb0b9.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '7fcca06c.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '11259c9d.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '7fcba405.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '01dbfde7.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1851ad4a.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '08a0c28e.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '112fcfed.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm
[NOTE] The file was moved to the quarantine directory under the name '507292c0.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ec6c6a6.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '72abc671.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4455e9c1.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir
[DETECTION] Is the TR/Drop.Small.fhx.3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '440381ce.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3f1ebff0.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3aad9cac.qua'.
C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '550adbbb.qua'.
C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe
[DETECTION] Is the TR/Buzus.cinr Trojan
[NOTE] The file was moved to the quarantine directory under the name '7cb7a01e.qua'.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.
End of the scan: Sunday, 5 December 2010 01:49
Used time: 38:43 Minute(s)
The scan has been done completely.
21601 Scanned directories
416254 Files were scanned
134 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
112 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
416120 Files not concerned
2337 Archives were scanned
1 Warnings
113 Notes
546485 Objects were scanned with rootkit scan
8 Hidden objects were found
-
ComboFix 10-12-03.03 - Evan 05/12/2010 0:21.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2541 [GMT 11:00]
Running from: c:\users\Evan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Evan\AppData\Roaming\aladumu.exe
c:\users\Evan\AppData\Roaming\ddlovii.exe
c:\users\Evan\AppData\Roaming\dtrspqj.exe
c:\users\Evan\AppData\Roaming\eehzkak.exe
c:\users\Evan\AppData\Roaming\ejeifad.exe
c:\users\Evan\AppData\Roaming\eumglcu.exe
c:\users\Evan\AppData\Roaming\fkfivbs.exe
c:\users\Evan\AppData\Roaming\gpufpcc.exe
c:\users\Evan\AppData\Roaming\gxaltrj.exe
c:\users\Evan\AppData\Roaming\hqqwuct.exe
c:\users\Evan\AppData\Roaming\icnsmhy.exe
c:\users\Evan\AppData\Roaming\jjwepwp.exe
c:\users\Evan\AppData\Roaming\jktulqc.exe
c:\users\Evan\AppData\Roaming\jlffmtc.exe
c:\users\Evan\AppData\Roaming\jmkfrya.exe
c:\users\Evan\AppData\Roaming\jvmaatn.exe
c:\users\Evan\AppData\Roaming\khwqjbc.exe
c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe
c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe
c:\users\Evan\AppData\Roaming\Microsoft\metus.exe
c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe
c:\users\Evan\AppData\Roaming\Microsoft\Run.exe
c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe
c:\users\Evan\AppData\Roaming\pfiekwq.exe
c:\users\Evan\AppData\Roaming\ptibrrh.exe
c:\users\Evan\AppData\Roaming\qmphdby.exe
c:\users\Evan\AppData\Roaming\raid64.exe
c:\users\Evan\AppData\Roaming\rgyumdx.exe
c:\users\Evan\AppData\Roaming\sijvkve.exe
c:\users\Evan\AppData\Roaming\tacwijc.exe
c:\users\Evan\AppData\Roaming\tahjmdr.exe
c:\users\Evan\AppData\Roaming\uritwwj.exe
c:\users\Evan\AppData\Roaming\wydfbon.exe
c:\users\Evan\AppData\Roaming\wznaqna.exe
c:\users\Evan\AppData\Roaming\xlsyxge.exe
c:\users\Evan\AppData\Roaming\xuxqnoh.exe
c:\users\Evan\AppData\Roaming\zqbfyik.exe
c:\users\Evan\AppData\Roaming\zrzysia.exe
c:\windows\framework.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe
Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.
2010-12-04 13:25 . 2010-12-04 13:27 -------- d-----w- c:\users\Evan\AppData\Local\temp
2010-12-04 13:25 . 2010-12-04 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Common Files\Java
2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Java
2010-12-03 18:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEF266C6-F3E1-4AE8-B172-276EE4CB8BF8}\mpengine.dll
2010-12-03 18:21 . 2010-12-03 18:21 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 18:10 . 2010-12-03 18:10 -------- d-----w- c:\windows\system32\%LocalAppData%
2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro
2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL
2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket
2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com
2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision
2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision
2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 20:53 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]
"NPSStartup"="" [bU]
"framework"="framework.exe" [bU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]
Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDS]
c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Control Manager v2.2]
c:\users\Evan\AppData\Local\Temp\staklic.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]
2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework]
c:\users\Evan\AppData\Local\Temp\dxdiag.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GodServices]
c:\users\Evan\AppData\Local\Temp\godservices.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
c:\users\Evan\AppData\Roaming\install\Svchost.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Service]
c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Protector]
c:\users\Evan\AppData\Roaming\winlogon.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]
2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outbreak.exe]
c:\windows\outbreak.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceWKKBTRRS]
c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup]
c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]
2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System RAID Manager]
c:\users\Evan\AppData\Roaming\raid64.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDoS]
c:\users\Evan\AppData\Roaming\WinDoS.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defense]
c:\users\Evan\AppData\Roaming\winlogon.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]
c:\users\Evan\AppData\Local\Temp\svchost.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinsysMon]
c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XA5RJ9EADJ]
c:\users\Evan\AppData\Local\Temp\Ezr.exe [bU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]
c:\users\Evan\AppData\Local\Temp\Ezq.exe [bU]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D}]
c:\users\Evan\AppData\Local\Temp\msconfig.exe [bU]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 00:27
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,
fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\
"rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-12-05 00:29:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-04 13:29
ComboFix2.txt 2010-12-03 13:59
ComboFix3.txt 2010-12-03 13:16
Pre-Run: 13,405,892,608 bytes free
Post-Run: 13,627,445,248 bytes free
- - End Of File - - 1B0F8273C4950F991ACE18042CE737C6
-
ESET log:
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8 multiple threats
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1 probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087 probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4 probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56 probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e multiple threats
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc a variant of Java/TrojanDownloader.OpenStream.NAU trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385 a variant of Java/TrojanDownloader.OpenStream.NAU trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394 Java/TrojanDownloader.Agent.NBB trojan
C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51 multiple threats
C:\Users\Evan\AppData\Roaming\awqyfeb.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\dphmosj.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\dtrspqj.exe Win32/Dewnad.AK worm
C:\Users\Evan\AppData\Roaming\dzoiakq.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\ejeifad.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\eumglcu.exe a variant of Win32/Injector.CNY trojan
C:\Users\Evan\AppData\Roaming\fncdtqe.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\fqkenby.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\ftocyye.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\gibmfis.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\gpufpcc.exe a variant of Win32/Injector.CLJ trojan
C:\Users\Evan\AppData\Roaming\gxaltrj.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\hpnjbyj.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\hqqwuct.exe a variant of MSIL/Agent.NCX trojan
C:\Users\Evan\AppData\Roaming\hthpxiy.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\hyecael.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\icbuxha.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\icnsmhy.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\iovzqpb.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\iswztnt.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\jdqetzt.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\jflldmo.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\jktulqc.exe Win32/Dewnad.AK worm
C:\Users\Evan\AppData\Roaming\jlffmtc.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\jmkfrya.exe a variant of Win32/Injector.CFX trojan
C:\Users\Evan\AppData\Roaming\mgnrzzq.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\mrvphbz.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\mycomputp.dll Win32/Agent.RMC trojan
C:\Users\Evan\AppData\Roaming\nrvtymn.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\nuotiem.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\ovujbzz.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\packet.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\pfiekwq.exe probably a variant of Win32/AutoRun.IRCBot.FC worm
C:\Users\Evan\AppData\Roaming\qjgskpq.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\qmphdby.exe probably unknown NewHeur_PE virus
C:\Users\Evan\AppData\Roaming\quscblv.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\raid64.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\rgyumdx.exe a variant of Win32/Injector.CLJ trojan
C:\Users\Evan\AppData\Roaming\rrhflfq.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\shtgurs.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\sijvkve.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\tacwijc.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\tlwkvcl.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\trpjyqb.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\uigljis.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\uritwwj.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\vckypiz.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\vhmnzzq.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\vhuhykr.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\vwvbwzl.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\xlsyxge.exe Win32/AutoRun.IRCBot.CX worm
C:\Users\Evan\AppData\Roaming\ycwwfnz.exe a variant of Win32/Injector.DAL trojan
C:\Users\Evan\AppData\Roaming\ysybmyz.exe a variant of Win32/Injector.CHV trojan
C:\Users\Evan\AppData\Roaming\zlyqlpy.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\zrzysia.exe Win32/Oficla.HW trojan
C:\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe a variant of Win32/Injector.CUA trojan
C:\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe probably a variant of Win32/Injector.AXP trojan
C:\Users\Evan\AppData\Roaming\Microsoft\metus.exe Win32/Dewnad.AM worm
C:\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe a variant of Win32/Injector.CTL trojan
C:\Users\Evan\AppData\Roaming\Microsoft\Run.exe probably a variant of MSIL/Injector.I trojan
C:\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe probably a variant of Win32/IRCBot.DRVMJMG trojan
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan
C:\Windows\explorer.exe Win32/Bamital.EL trojan
C:\Windows\framework.exe probably a variant of Win32/Injector.CRM trojan
C:\Windows\System32\wininit.exe Win32/Bamital.EL trojan
D:\Svchost.exe a variant of Win32/Injector.CUA trojan
-
The Kaspersky updates are giving me a lot of trouble. The downloading took its sweet time (around a couple of hours for only a 100 MB ), and now it says the update failed because the Internet connection was inconsistent.
I refreshed and tried again. Now it won't even attempt to start updating - I just keep getting the 'inconsistent' error.
Is there an alternative software I can try? Oh and obviously the redirecting problem's back after the system restore - should I run ComboFix (without your CFScript) to fix it up again?
-
Oh wait. Hold on.
I clicked 'Repair Windows' at the safe mode prompt and managed to restore the system to previous settings. It seems to have done the job. We're back to square one I guess.
This is the current HTL:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:14 AM, on 4/12/2010
Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.16562)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\framework.exe
C:\Users\Evan\AppData\Local\temp\msconfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [framework] framework.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe
O4 - HKCU\..\Run: [Apple iPod Service] C:\Users\Evan\AppData\Roaming\iTunes.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7412 bytes
-
Nope. Booted with the last known good configuration. I'm getting the same result.
-
IE won't load anything after the homepage. It just hangs every time I try to go anywhere else.
-
Whoa! WHoa! Dude, something went seriously wrong. I'm on my brother's laptop right now.
I ran the MBAM scam as you asked. It found 1 infection in the appdata/temp directory if I remember correctly. Everything went wrong after rebooting. The log-on screen was stuck on 'preparing desktop' for quite a bit. When the desktop did load, an error message popped up:
C:\Windows\system32\config\systemprofile\Desktop is not accessible
Access is denied.
I tried rebooting again, to no avail. The windows 7 taskbar has been replaced with the classic version. The desktop icons are gone. And most executable files won't run. I can still, however, access files on my HDD (not the ones on the desktop though).
I tried to run MBAM, but it won't load. The error message says 'The dependency service or group failed to start'. I tried to take a screenshot, but nothing on mspaint will save - it says 'Location is denied' every time I try.
The internet connection seems to be fine. Opera won't load. IE loads and gets stuck on the homepage.
What am I supposed to do now? Also, it's a home PC, not a business one.
-
Cheers. New log.
ComboFix 10-12-02.05 - Evan 04/12/2010 0:52.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2374 [GMT 11:00]
Running from: c:\users\Evan\Desktop\ComboFix.exe
Command switches used :: c:\users\Evan\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AppMgmt
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.
2010-12-03 13:55 . 2010-12-03 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 13:06 . 2010-12-03 13:57 -------- d-----w- c:\users\Evan\AppData\Local\temp
2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro
2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll
2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL
2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket
2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com
2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision
2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision
2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe
2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]
Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
NETSVCS REQUIRES REPAIRS - current entries shown
Ias
Irmon
Ntmssvc
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
Tapisrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:57
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:57
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:57
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:57
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:57
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,
fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\
"rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-12-04 00:59:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-03 13:59
ComboFix2.txt 2010-12-03 13:16
Pre-Run: 14,322,110,464 bytes free
Post-Run: 14,011,912,192 bytes free
- - End Of File - - A05D838CB57422A0FD48D48FB7033356
-
Apologies for the double post.
Looks like ComboFix worked its magic - I'm not getting redirected anymore!
I'll await your 'All clear' post before I unsubscribe. Thanks for all your help so far.
-
Combofix report as requested:
ComboFix 10-12-02.05 - Evan 04/12/2010 0:02.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2291 [GMT 11:00]
Running from: c:\users\Evan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Evan\AppData\Local\Temp\A10F.tmp
c:\users\Evan\AppData\Roaming\aladumu.exe
c:\users\Evan\AppData\Roaming\ddlovii.exe
c:\users\Evan\AppData\Roaming\dtrspqj.exe
c:\users\Evan\AppData\Roaming\eehzkak.exe
c:\users\Evan\AppData\Roaming\ejeifad.exe
c:\users\Evan\AppData\Roaming\eumglcu.exe
c:\users\Evan\AppData\Roaming\fkfivbs.exe
c:\users\Evan\AppData\Roaming\google_cache243.tmp
c:\users\Evan\AppData\Roaming\google_cache746.tmp
c:\users\Evan\AppData\Roaming\gpufpcc.exe
c:\users\Evan\AppData\Roaming\gxaltrj.exe
c:\users\Evan\AppData\Roaming\hqqwuct.exe
c:\users\Evan\AppData\Roaming\icnsmhy.exe
c:\users\Evan\AppData\Roaming\jjwepwp.exe
c:\users\Evan\AppData\Roaming\jktulqc.exe
c:\users\Evan\AppData\Roaming\jlffmtc.exe
c:\users\Evan\AppData\Roaming\jmkfrya.exe
c:\users\Evan\AppData\Roaming\jvmaatn.exe
c:\users\Evan\AppData\Roaming\khwqjbc.exe
c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe
c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe
c:\users\Evan\AppData\Roaming\Microsoft\metus.exe
c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe
c:\users\Evan\AppData\Roaming\Microsoft\Run.exe
c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe
c:\users\Evan\AppData\Roaming\pfiekwq.exe
c:\users\Evan\AppData\Roaming\ptibrrh.exe
c:\users\Evan\AppData\Roaming\qmphdby.exe
c:\users\Evan\AppData\Roaming\raid64.exe
c:\users\Evan\AppData\Roaming\rgyumdx.exe
c:\users\Evan\AppData\Roaming\sijvkve.exe
c:\users\Evan\AppData\Roaming\tacwijc.exe
c:\users\Evan\AppData\Roaming\tahjmdr.exe
c:\users\Evan\AppData\Roaming\uritwwj.exe
c:\users\Evan\AppData\Roaming\wydfbon.exe
c:\users\Evan\AppData\Roaming\wznaqna.exe
c:\users\Evan\AppData\Roaming\xlsyxge.exe
c:\users\Evan\AppData\Roaming\xuxqnoh.exe
c:\users\Evan\AppData\Roaming\zqbfyik.exe
c:\users\Evan\AppData\Roaming\zrzysia.exe
c:\windows\framework.exe
D:\Autorun.inf
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe
Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.
2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro
2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll
2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL
2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket
2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com
2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision
2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision
2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe
2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]
Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apple iPod Service]
2010-12-02 16:06 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]
2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]
2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]
2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NPSStartup - (no file)
HKLM-Run-framework - framework.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
MSConfigStartUp-DDS - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-Driver Control Manager v2 - c:\users\Evan\AppData\Local\Temp\staklic.exe
MSConfigStartUp-Framework - c:\users\Evan\AppData\Local\Temp\dxdiag.exe
MSConfigStartUp-GodServices - c:\users\Evan\AppData\Local\Temp\godservices.exe
MSConfigStartUp-HKCU - c:\users\Evan\AppData\Roaming\install\Svchost.exe
MSConfigStartUp-Internet Security Service - c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe
MSConfigStartUp-Microsoft - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-Microsoft Protector - c:\users\Evan\AppData\Roaming\winlogon.exe
MSConfigStartUp-outbreak - c:\windows\outbreak.exe
MSConfigStartUp-StartServiceWKKBTRRS - c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe
MSConfigStartUp-Startup - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-System RAID Manager - c:\users\Evan\AppData\Roaming\raid64.exe
MSConfigStartUp-WinDoS - c:\users\Evan\AppData\Roaming\WinDoS.exe
MSConfigStartUp-Windows Defense - c:\users\Evan\AppData\Roaming\winlogon.exe
MSConfigStartUp-Windows Firewall - c:\users\Evan\AppData\Local\Temp\svchost.exe
MSConfigStartUp-Windows Update - c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe
MSConfigStartUp-WinsysMon - c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe
MSConfigStartUp-XA5RJ9EADJ - c:\users\Evan\AppData\Local\Temp\Ezr.exe
MSConfigStartUp-YVIBBBHA8C - c:\users\Evan\AppData\Local\Temp\Ezq.exe
ActiveSetup-{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D} - c:\users\Evan\AppData\Local\Temp\msconfig.exe
AddRemove-{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0} - c:\program files\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:14
Windows 6.1.7601 Service Pack 1, v.178 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,
fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\
"rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-12-04 00:16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-03 13:16
Pre-Run: 13,505,970,176 bytes free
Post-Run: 14,288,687,104 bytes free
- - End Of File - - 93875AD38FD444541307BF8D8B6CBA4F
-
Here's the TDSS Killer report you asked for:
2010/12/03 23:43:11.0006 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/03 23:43:11.0006 ================================================================================
2010/12/03 23:43:11.0006 SystemInfo:
2010/12/03 23:43:11.0006
2010/12/03 23:43:11.0006 OS Version: 6.1.7601 ServicePack: 1.0
2010/12/03 23:43:11.0006 Product type: Workstation
2010/12/03 23:43:11.0006 ComputerName: EVAN-PC
2010/12/03 23:43:11.0009 UserName: Evan
2010/12/03 23:43:11.0009 Windows directory: C:\Windows
2010/12/03 23:43:11.0009 System windows directory: C:\Windows
2010/12/03 23:43:11.0009 Processor architecture: Intel x86
2010/12/03 23:43:11.0009 Number of processors: 2
2010/12/03 23:43:11.0009 Page size: 0x1000
2010/12/03 23:43:11.0009 Boot type: Normal boot
2010/12/03 23:43:11.0009 ================================================================================
2010/12/03 23:43:11.0226 Initialize success
2010/12/03 23:43:57.0324 ================================================================================
2010/12/03 23:43:57.0324 Scan started
2010/12/03 23:43:57.0324 Mode: Manual;
2010/12/03 23:43:57.0324 ================================================================================
2010/12/03 23:43:58.0259 1394ohci (603257be9bb6c63c59a209cb188397cd) C:\Windows\system32\drivers\1394ohci.sys
2010/12/03 23:43:58.0282 ACPI (03d30820e6925134f87b3b91efa6d531) C:\Windows\system32\drivers\ACPI.sys
2010/12/03 23:43:58.0317 AcpiPmi (757b46b5b13a721631a3986f46ec19e4) C:\Windows\system32\drivers\acpipmi.sys
2010/12/03 23:43:58.0362 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/03 23:43:58.0382 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/03 23:43:58.0407 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/03 23:43:58.0462 AFD (a747f082a94b948329d95bd5b81240ca) C:\Windows\system32\drivers\afd.sys
2010/12/03 23:43:58.0487 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2010/12/03 23:43:58.0502 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/03 23:43:58.0537 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2010/12/03 23:43:58.0559 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2010/12/03 23:43:58.0577 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2010/12/03 23:43:58.0624 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/03 23:43:58.0644 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/03 23:43:58.0672 amdsata (1591fc5c5ab39cd8a3bc15aca8208db6) C:\Windows\system32\drivers\amdsata.sys
2010/12/03 23:43:58.0692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/03 23:43:58.0729 amdxata (6c448694cbc493da5163aee19895eaf5) C:\Windows\system32\drivers\amdxata.sys
2010/12/03 23:43:58.0757 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/03 23:43:58.0869 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/03 23:43:58.0889 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/03 23:43:58.0914 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/03 23:43:58.0932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2010/12/03 23:43:58.0974 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/03 23:43:59.0014 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/03 23:43:59.0034 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/03 23:43:59.0059 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/03 23:43:59.0084 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/03 23:43:59.0104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/03 23:43:59.0149 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/03 23:43:59.0174 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/03 23:43:59.0187 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/03 23:43:59.0212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/03 23:43:59.0227 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/03 23:43:59.0249 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/03 23:43:59.0272 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/03 23:43:59.0339 cdrom (bbd597af715a0baf883f935507a46525) C:\Windows\system32\drivers\cdrom.sys
2010/12/03 23:43:59.0369 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/03 23:43:59.0407 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/03 23:43:59.0424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/03 23:43:59.0482 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2010/12/03 23:43:59.0507 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/03 23:43:59.0517 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/03 23:43:59.0544 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/03 23:43:59.0584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/03 23:43:59.0627 CSC (e03cc0f59998002d46119157c656dbcf) C:\Windows\system32\drivers\csc.sys
2010/12/03 23:43:59.0672 dc3d (abff959dc463e6e1a49dca6657e60b80) C:\Windows\system32\DRIVERS\dc3d.sys
2010/12/03 23:43:59.0712 DfsC (b0da84490580264b2e7e0d4ea32ce114) C:\Windows\system32\Drivers\dfsc.sys
2010/12/03 23:43:59.0729 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/03 23:43:59.0747 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/03 23:43:59.0807 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/03 23:43:59.0847 DXGKrnl (7f9b0a1d0bfb7e5b36a3524ab3a5c106) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/03 23:43:59.0932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/03 23:43:59.0977 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/03 23:44:00.0002 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2010/12/03 23:44:00.0032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/03 23:44:00.0057 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/03 23:44:00.0074 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/03 23:44:00.0117 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/03 23:44:00.0134 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/03 23:44:00.0172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/03 23:44:00.0192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/03 23:44:00.0217 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/03 23:44:00.0307 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2010/12/03 23:44:00.0329 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/03 23:44:00.0367 fvevol (722975f0ee50e2f887853804e75ee43a) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/03 23:44:00.0392 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/03 23:44:00.0424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/03 23:44:00.0444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/03 23:44:00.0497 HdAudAddService (e7a94cb497afeec4166fad66afd70da0) C:\Windows\system32\drivers\HdAudio.sys
2010/12/03 23:44:00.0539 HDAudBus (600b32e92caf9572a1139899ab53bdbb) C:\Windows\system32\drivers\HDAudBus.sys
2010/12/03 23:44:00.0564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/03 23:44:00.0577 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/03 23:44:00.0594 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/03 23:44:00.0642 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/03 23:44:00.0677 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/03 23:44:00.0764 HTTP (0310c24b401d870ecee27feb0b3eb079) C:\Windows\system32\drivers\HTTP.sys
2010/12/03 23:44:00.0779 hwpolicy (742249da1c4c957b4eaeefe02915d0f3) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/03 23:44:00.0822 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/03 23:44:00.0862 iaStorV (63ef40750bf61b05e2a4475e0d307692) C:\Windows\system32\drivers\iaStorV.sys
2010/12/03 23:44:00.0894 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/03 23:44:00.0937 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2010/12/03 23:44:00.0962 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/03 23:44:00.0987 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/03 23:44:01.0024 IPMIDRV (a412aecd778ffb8632c0052b2420ec9c) C:\Windows\system32\drivers\IPMIDrv.sys
2010/12/03 23:44:01.0044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/03 23:44:01.0062 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/03 23:44:01.0094 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2010/12/03 23:44:01.0124 iScsiPrt (eea76b05d67d676fc3ce95a0b9a6a5a4) C:\Windows\system32\drivers\msiscsi.sys
2010/12/03 23:44:01.0177 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/03 23:44:01.0197 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/03 23:44:01.0237 KSecDD (db32186d6beb61cc42cf868d362dd7bc) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/03 23:44:01.0264 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/03 23:44:01.0302 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/03 23:44:01.0339 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/03 23:44:01.0362 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/03 23:44:01.0379 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/03 23:44:01.0434 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/03 23:44:01.0467 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/03 23:44:01.0484 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/03 23:44:01.0504 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/03 23:44:01.0532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/03 23:44:01.0567 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/03 23:44:01.0602 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/03 23:44:01.0632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/03 23:44:01.0647 mountmgr (531df893843d02ce62d3bfa76951c77e) C:\Windows\system32\drivers\mountmgr.sys
2010/12/03 23:44:01.0679 mpio (1c13ba296f05dbcc3a4a483ab6e2851a) C:\Windows\system32\drivers\mpio.sys
2010/12/03 23:44:01.0702 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/03 23:44:01.0722 MRxDAV (7836199ea1d407ac82a1ce73a6b98581) C:\Windows\system32\drivers\mrxdav.sys
2010/12/03 23:44:01.0764 mrxsmb (54a4950980c55723425634b77157f815) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/03 23:44:01.0802 mrxsmb10 (96008baa0a46847ee3325e0703ef9363) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/03 23:44:01.0834 mrxsmb20 (aed9002a283f48b2d33ff9d927ceac21) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/03 23:44:01.0862 msahci (08bcec2f04aeae1a4ed35956e6a128ed) C:\Windows\system32\drivers\msahci.sys
2010/12/03 23:44:01.0882 msdsm (5060e60d01588cd3fd48e27d1aaa9d2f) C:\Windows\system32\drivers\msdsm.sys
2010/12/03 23:44:01.0922 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/03 23:44:01.0962 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/03 23:44:02.0002 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2010/12/03 23:44:02.0029 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/03 23:44:02.0049 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/03 23:44:02.0067 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/03 23:44:02.0109 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/03 23:44:02.0149 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2010/12/03 23:44:02.0172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/03 23:44:02.0184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/03 23:44:02.0252 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/12/03 23:44:02.0354 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/03 23:44:02.0407 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/03 23:44:02.0449 NDIS (066bd99a254ffacdc446d298fe1b60e4) C:\Windows\system32\drivers\ndis.sys
2010/12/03 23:44:02.0472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/03 23:44:02.0487 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/03 23:44:02.0509 Ndisuio (32c16991267cab0dbf23ed337f06bf8b) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/03 23:44:02.0527 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/03 23:44:02.0584 NDProxy (d14dd19ab140c8489f8e3d31c4d02700) C:\Windows\system32\drivers\NDProxy.sys
2010/12/03 23:44:02.0639 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/03 23:44:02.0679 NetBT (99d37ca2ddf10e03026cd49531b9d4f7) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/03 23:44:02.0724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/03 23:44:02.0739 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/03 23:44:02.0792 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/03 23:44:02.0832 Ntfs (7978f7f87bc19385f405ce65d405a86d) C:\Windows\system32\drivers\Ntfs.sys
2010/12/03 23:44:02.0869 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/03 23:44:02.0882 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/03 23:44:03.0109 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/03 23:44:03.0189 nvraid (e8a72c0362bf9cd69bdf777b02862913) C:\Windows\system32\drivers\nvraid.sys
2010/12/03 23:44:03.0224 nvstor (992865e9294e4da1dded4c4ad36416d3) C:\Windows\system32\drivers\nvstor.sys
2010/12/03 23:44:03.0262 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2010/12/03 23:44:03.0302 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2010/12/03 23:44:03.0337 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/03 23:44:03.0352 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/03 23:44:03.0372 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/03 23:44:03.0439 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/12/03 23:44:03.0469 pci (7fedb00b310d59714cc6b01230d13fbb) C:\Windows\system32\drivers\pci.sys
2010/12/03 23:44:03.0507 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2010/12/03 23:44:03.0534 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/03 23:44:03.0557 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/03 23:44:03.0582 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/03 23:44:03.0654 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
2010/12/03 23:44:03.0692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/03 23:44:03.0712 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/03 23:44:03.0752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/03 23:44:03.0797 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/03 23:44:03.0822 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/03 23:44:03.0834 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/03 23:44:03.0859 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/03 23:44:03.0882 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/03 23:44:03.0899 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/03 23:44:03.0929 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/03 23:44:03.0947 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/03 23:44:03.0987 rdbss (533156fa661cf702386e4ca914d48e6e) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/03 23:44:04.0002 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/03 23:44:04.0034 RDPCDD (894200dc7aee085e1ac6abc3dcfa5e5a) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/03 23:44:04.0059 RDPDR (f053ce8ab18f35b8f216f5a77e0f85d1) C:\Windows\system32\drivers\rdpdr.sys
2010/12/03 23:44:04.0069 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/03 23:44:04.0087 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/03 23:44:04.0132 RdpVideoMiniport (105c69a890f730c1b94abcff89548649) C:\Windows\system32\drivers\rdpvideominiport.sys
2010/12/03 23:44:04.0167 RDPWD (c8108461da6a5b209daaeed035c8b19e) C:\Windows\system32\drivers\RDPWD.sys
2010/12/03 23:44:04.0187 rdyboost (609fd23d206708babec757bb195464bb) C:\Windows\system32\drivers\rdyboost.sys
2010/12/03 23:44:04.0239 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/03 23:44:04.0277 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/12/03 23:44:04.0297 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/03 23:44:04.0342 sbp2port (1580603cc7d15d42746a40a08f141b90) C:\Windows\system32\drivers\sbp2port.sys
2010/12/03 23:44:04.0379 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
2010/12/03 23:44:04.0397 scfilter (46149917671695c6c53e5cce21bfb964) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/03 23:44:04.0429 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/03 23:44:04.0454 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/03 23:44:04.0472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/03 23:44:04.0504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/03 23:44:04.0557 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2010/12/03 23:44:04.0569 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/03 23:44:04.0587 sffp_sd (f6cad0228b66355238c80e64b702fe94) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/03 23:44:04.0612 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/03 23:44:04.0637 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2010/12/03 23:44:04.0652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/03 23:44:04.0672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/03 23:44:04.0687 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/03 23:44:04.0712 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/03 23:44:04.0767 srv (565d5d7437009cfd5ddf6072cc079e85) C:\Windows\system32\DRIVERS\srv.sys
2010/12/03 23:44:04.0792 srv2 (2ce50dafb60833ee9815331bf78e6cec) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/03 23:44:04.0810 srvnet (20dd90c055e21e57e0586e2528a2268f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/03 23:44:04.0850 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys
2010/12/03 23:44:04.0867 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2010/12/03 23:44:04.0882 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2010/12/03 23:44:04.0925 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/03 23:44:04.0990 storflt (f9cee86f95372726a519e7d66006fc84) C:\Windows\system32\drivers\vmstorfl.sys
2010/12/03 23:44:05.0025 storvsc (314b6b5bacee22637c8ad138ac7ae8fc) C:\Windows\system32\drivers\storvsc.sys
2010/12/03 23:44:05.0042 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2010/12/03 23:44:05.0157 Tcpip (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\drivers\tcpip.sys
2010/12/03 23:44:05.0197 TCPIP6 (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/03 23:44:05.0230 tcpipreg (a371a6485743f7f1d753655869688c8c) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/03 23:44:05.0262 TDPIPE (a3578156a3682e938abfd5457f5318a8) C:\Windows\system32\drivers\tdpipe.sys
2010/12/03 23:44:05.0277 TDTCP (d536c371fa5a43f2bee3b60b0857ee77) C:\Windows\system32\drivers\tdtcp.sys
2010/12/03 23:44:05.0295 tdx (b6cb4ecc4142388ceb7c6c568f9e6cd1) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/03 23:44:05.0305 TermDD (5cab301fa1300f19dab769f18f05bd17) C:\Windows\system32\drivers\termdd.sys
2010/12/03 23:44:05.0335 terminpt (e9fddf205210c265c9448f4eab0545a4) C:\Windows\system32\DRIVERS\terminpt.sys
2010/12/03 23:44:05.0387 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys
2010/12/03 23:44:05.0432 tssecsrv (14ac0bc654508bf98f9a501f402709cc) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/03 23:44:05.0467 TsUsbFlt (d0a10ef0d435739a32eed44b6f4cfa21) C:\Windows\system32\drivers\tsusbflt.sys
2010/12/03 23:44:05.0512 tunnel (ff8fb6c8b15dacfe71057d7b0e79b427) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/03 23:44:05.0547 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/03 23:44:05.0575 udfs (00e6889653b8b7f220d3565c953bb185) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/03 23:44:05.0605 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/03 23:44:05.0667 umbus (b44b6c1f50daa3ed532aa1cfdfd2b192) C:\Windows\system32\drivers\umbus.sys
2010/12/03 23:44:05.0690 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/03 23:44:05.0745 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/03 23:44:05.0767 usbccgp (76880d8312c4595a6a2909819a869010) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/03 23:44:05.0802 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2010/12/03 23:44:05.0822 usbehci (dfb8c7a7fdc1e90ab39f4874cc1aae32) C:\Windows\system32\drivers\usbehci.sys
2010/12/03 23:44:05.0845 usbhub (b580202f0b982c6e8b7403fb7d285dfe) C:\Windows\system32\drivers\usbhub.sys
2010/12/03 23:44:05.0865 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2010/12/03 23:44:05.0930 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/03 23:44:05.0972 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/03 23:44:05.0992 USBSTOR (251fae54062b021516ba4e538d1ecfb2) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/03 23:44:06.0032 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2010/12/03 23:44:06.0057 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2010/12/03 23:44:06.0090 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/03 23:44:06.0105 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/03 23:44:06.0140 vhdmp (63af903a647295d801163a166351c566) C:\Windows\system32\drivers\vhdmp.sys
2010/12/03 23:44:06.0205 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2010/12/03 23:44:06.0220 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/03 23:44:06.0295 VIAHdAudAddService (ec1fdb8461acca4e34c2022e2b32cf5c) C:\Windows\system32\drivers\viahduaa.sys
2010/12/03 23:44:06.0332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2010/12/03 23:44:06.0372 vmbus (64d56d26b8d79c31584267ace105521a) C:\Windows\system32\drivers\vmbus.sys
2010/12/03 23:44:06.0395 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/03 23:44:06.0407 volmgr (608cfc7d3b638ba5843be026951e03d3) C:\Windows\system32\drivers\volmgr.sys
2010/12/03 23:44:06.0427 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/03 23:44:06.0447 volsnap (cc63437be17db71b356887736680e266) C:\Windows\system32\drivers\volsnap.sys
2010/12/03 23:44:06.0487 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/03 23:44:06.0507 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/03 23:44:06.0530 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/03 23:44:06.0567 WANARP (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/03 23:44:06.0575 Wanarpv6 (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/03 23:44:06.0602 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/03 23:44:06.0632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/03 23:44:06.0675 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/03 23:44:06.0695 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/03 23:44:06.0777 WinUsb (8be4eeaaed25e769c8b3b62df34420c6) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/03 23:44:06.0825 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/03 23:44:06.0855 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/03 23:44:06.0907 WudfPf (07c8005ad9feb4f050e8f83cb177e546) C:\Windows\system32\drivers\WudfPf.sys
2010/12/03 23:44:06.0940 WUDFRd (59504d70479fdd577adee9ac760290d1) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/03 23:44:06.0987 ================================================================================
2010/12/03 23:44:06.0987 Scan finished
2010/12/03 23:44:06.0987 ================================================================================
BTW, thanks for the prompt reply.
-
Hi there,
Thanks in advance for your assistance!
All my google links have been getting redirected since last month, and I've absolutely no idea why. Both IE and Opera seem to have the same problem. I can access most links by clicking on the 'cached' option, but I'm getting sick of having to resort to this.
I've run multiple MBAM scans to no avail. The following is the most recent log.
=========
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5214
Windows 6.1.7601 Service Pack 1, v.178
Internet Explorer 8.0.7601.16562
3/12/2010 11:13:53 PM
mbam-log-2010-12-03 (23-13-53).txt
Scan type: Quick scan
Objects scanned: 143562
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
=========
Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:48 PM, on 3/12/2010
Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.16562)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\framework.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Users\Evan\AppData\Local\Temp\msconfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [framework] framework.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6983 bytes
=========
Thank you for your time.
Opera/IE google redirect
in Resolved Malware Removal Logs
Posted
Done, done and done.
Holy crap! Wow!
I cannot thank you enough, mate.