Jump to content

e1wasf

Members
  • Posts

    15
  • Joined

  • Last visited

Posts posted by e1wasf

  1. Malwarebytes' Anti-Malware 1.50

    www.malwarebytes.org

    Database version: 5247

    Windows 6.1.7601 Service Pack 1, v.178

    Internet Explorer 8.0.7601.16562

    5/12/2010 5:23:58 PM

    mbam-log-2010-12-05 (17-23-58).txt

    Scan type: Quick scan

    Objects scanned: 143937

    Time elapsed: 2 minute(s), 44 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

  2. Avira AntiVir Personal

    Report file date: Sunday, 5 December 2010 01:09

    Scanning for 3118676 virus strains and unwanted programs.

    The program is running as an unrestricted full version.

    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus

    Serial number : 0000149996-ADJIE-0000001

    Platform : Windows 7

    Windows version : (Service Pack 1, v.178) [6.1.7601]

    Boot mode : Normally booted

    Username : SYSTEM

    Computer name : EVAN-PC

    Version information:

    BUILD.DAT : 10.0.0.596 31825 Bytes 16/11/2010 15:57:00

    AVSCAN.EXE : 10.0.3.1 434344 Bytes 2/08/2010 05:09:56

    AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 02:57:04

    LUKE.DLL : 10.0.2.3 104296 Bytes 2/08/2010 05:10:00

    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 13:40:49

    VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 23:05:36

    VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 09:27:49

    VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 07:37:42

    VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 06:37:42

    VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 01:29:03

    VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 05:10:03

    VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 05:10:04

    VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 05:10:06

    VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:02:12

    VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 14:02:21

    VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 14:02:22

    VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 14:02:22

    VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 14:02:23

    VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 14:02:24

    VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 14:02:27

    VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 14:02:28

    VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:02:31

    VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 14:02:33

    VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 14:02:35

    VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 14:02:36

    VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 14:02:37

    VBASE021.VDF : 7.10.14.87 143872 Bytes 24/11/2010 14:02:39

    VBASE022.VDF : 7.10.14.116 140800 Bytes 26/11/2010 14:02:41

    VBASE023.VDF : 7.10.14.147 150528 Bytes 30/11/2010 14:02:43

    VBASE024.VDF : 7.10.14.175 126464 Bytes 3/12/2010 14:02:45

    VBASE025.VDF : 7.10.14.176 2048 Bytes 3/12/2010 14:02:45

    VBASE026.VDF : 7.10.14.177 2048 Bytes 3/12/2010 14:02:46

    VBASE027.VDF : 7.10.14.178 2048 Bytes 3/12/2010 14:02:46

    VBASE028.VDF : 7.10.14.179 2048 Bytes 3/12/2010 14:02:46

    VBASE029.VDF : 7.10.14.180 2048 Bytes 3/12/2010 14:02:47

    VBASE030.VDF : 7.10.14.181 2048 Bytes 3/12/2010 14:02:47

    VBASE031.VDF : 7.10.14.189 37888 Bytes 3/12/2010 14:02:48

    Engineversion : 8.2.4.120

    AEVDF.DLL : 8.1.2.1 106868 Bytes 2/08/2010 05:09:54

    AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 4/12/2010 14:03:21

    AESCN.DLL : 8.1.7.2 127349 Bytes 4/12/2010 14:03:18

    AESBX.DLL : 8.1.3.2 254324 Bytes 4/12/2010 14:03:23

    AERDL.DLL : 8.1.9.2 635252 Bytes 4/12/2010 14:03:17

    AEPACK.DLL : 8.2.4.1 512375 Bytes 4/12/2010 14:03:14

    AEOFFICE.DLL : 8.1.1.10 201084 Bytes 4/12/2010 14:03:10

    AEHEUR.DLL : 8.1.2.52 3109238 Bytes 4/12/2010 14:03:09

    AEHELP.DLL : 8.1.16.0 246136 Bytes 4/12/2010 14:02:59

    AEGEN.DLL : 8.1.5.0 397685 Bytes 4/12/2010 14:02:58

    AEEMU.DLL : 8.1.3.0 393589 Bytes 4/12/2010 14:02:56

    AECORE.DLL : 8.1.19.0 196984 Bytes 4/12/2010 14:02:54

    AEBB.DLL : 8.1.1.0 53618 Bytes 2/08/2010 05:09:48

    AVWINLL.DLL : 10.0.0.0 19304 Bytes 2/08/2010 05:09:56

    AVPREF.DLL : 10.0.0.0 44904 Bytes 2/08/2010 05:09:55

    AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 04:27:13

    AVREG.DLL : 10.0.3.2 53096 Bytes 2/08/2010 05:09:55

    AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2/08/2010 05:09:56

    AVARKT.DLL : 10.0.0.14 227176 Bytes 2/08/2010 05:09:54

    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2/08/2010 05:09:55

    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 04:27:22

    AVSMTP.DLL : 10.0.0.17 63848 Bytes 2/08/2010 05:09:56

    NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 04:27:21

    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 03:10:20

    RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/08/2010 05:10:08

    Configuration settings for the scan:

    Jobname.............................: Complete system scan

    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

    Logging.............................: low

    Primary action......................: interactive

    Secondary action....................: ignore

    Scan master boot sector.............: on

    Scan boot sector....................: on

    Boot sectors........................: C:, D:,

    Process scan........................: on

    Extended process scan...............: on

    Scan registry.......................: on

    Search for rootkits.................: on

    Integrity checking of system files..: off

    Scan all files......................: All files

    Scan archives.......................: on

    Recursion depth.....................: 20

    Smart extensions....................: on

    Macro heuristic.....................: on

    File heuristic......................: medium

    Start of the scan: Sunday, 5 December 2010 01:09

    Starting search for hidden objects.

    HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\datasecu

    [NOTE] The registry entry is invisible.

    HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information\rkeysecu

    [NOTE] The registry entry is invisible.

    HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\languagelist

    [NOTE] The registry entry is invisible.

    HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\p2pcollab.dll,-8042

    [NOTE] The registry entry is invisible.

    HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\qagentrt.dll,-10

    [NOTE] The registry entry is invisible.

    HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\dnsapi.dll,-103

    [NOTE] The registry entry is invisible.

    HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-843

    [NOTE] The registry entry is invisible.

    HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\1C7\52C64B7E\@%systemroot%\system32\fveui.dll,-844

    [NOTE] The registry entry is invisible.

    The scan of running processes will be started

    Scan process 'opera.exe' - '107' Module(s) have been scanned

    Scan process 'svchost.exe' - '28' Module(s) have been scanned

    Scan process 'vssvc.exe' - '47' Module(s) have been scanned

    Scan process 'avscan.exe' - '80' Module(s) have been scanned

    Scan process 'avscan.exe' - '28' Module(s) have been scanned

    Scan process 'avcenter.exe' - '75' Module(s) have been scanned

    Scan process 'DllHost.exe' - '40' Module(s) have been scanned

    Scan process 'svchost.exe' - '59' Module(s) have been scanned

    Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned

    Scan process 'svchost.exe' - '67' Module(s) have been scanned

    Scan process 'wmpnetwk.exe' - '103' Module(s) have been scanned

    Scan process 'SearchIndexer.exe' - '49' Module(s) have been scanned

    Scan process 'wweb32.exe' - '32' Module(s) have been scanned

    Scan process 'Rainmeter.exe' - '76' Module(s) have been scanned

    Scan process 'HUD.exe' - '34' Module(s) have been scanned

    Scan process 'avgnt.exe' - '57' Module(s) have been scanned

    Scan process 'jusched.exe' - '25' Module(s) have been scanned

    Scan process 'reader_sl.exe' - '20' Module(s) have been scanned

    Scan process 'VDeck.exe' - '57' Module(s) have been scanned

    Scan process 'itype.exe' - '59' Module(s) have been scanned

    Scan process 'Explorer.EXE' - '189' Module(s) have been scanned

    Scan process 'taskhost.exe' - '50' Module(s) have been scanned

    Scan process 'Dwm.exe' - '31' Module(s) have been scanned

    Scan process 'svchost.exe' - '37' Module(s) have been scanned

    Scan process 'conhost.exe' - '14' Module(s) have been scanned

    Scan process 'avshadow.exe' - '31' Module(s) have been scanned

    Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned

    Scan process 'WLIDSVC.EXE' - '79' Module(s) have been scanned

    Scan process 'svchost.exe' - '32' Module(s) have been scanned

    Scan process 'sppsvc.exe' - '27' Module(s) have been scanned

    Scan process 'NBService.exe' - '51' Module(s) have been scanned

    Scan process 'FsUsbExService.Exe' - '24' Module(s) have been scanned

    Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned

    Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned

    Scan process 'avguard.exe' - '71' Module(s) have been scanned

    Scan process 'svchost.exe' - '62' Module(s) have been scanned

    Scan process 'sched.exe' - '50' Module(s) have been scanned

    Scan process 'spoolsv.exe' - '92' Module(s) have been scanned

    Scan process 'nvvsvc.exe' - '43' Module(s) have been scanned

    Scan process 'svchost.exe' - '88' Module(s) have been scanned

    Scan process 'svchost.exe' - '87' Module(s) have been scanned

    Scan process 'AUDIODG.EXE' - '47' Module(s) have been scanned

    Scan process 'svchost.exe' - '150' Module(s) have been scanned

    Scan process 'svchost.exe' - '114' Module(s) have been scanned

    Scan process 'svchost.exe' - '103' Module(s) have been scanned

    Scan process 'svchost.exe' - '34' Module(s) have been scanned

    Scan process 'nvvsvc.exe' - '30' Module(s) have been scanned

    Scan process 'svchost.exe' - '52' Module(s) have been scanned

    Scan process 'winlogon.exe' - '31' Module(s) have been scanned

    Scan process 'lsm.exe' - '16' Module(s) have been scanned

    Scan process 'lsass.exe' - '72' Module(s) have been scanned

    Scan process 'services.exe' - '33' Module(s) have been scanned

    Scan process 'wininit.exe' - '26' Module(s) have been scanned

    Scan process 'csrss.exe' - '16' Module(s) have been scanned

    Scan process 'csrss.exe' - '16' Module(s) have been scanned

    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:

    Master boot sector HD0

    [iNFO] No virus was found!

    Start scanning boot sectors:

    Boot sector 'C:\'

    [iNFO] No virus was found!

    Boot sector 'D:\'

    [iNFO] No virus was found!

    Starting to scan executable files (registry).

    The registry was scanned ( '383' files ).

    Starting the file scan:

    Begin scan in 'C:\'

    C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe

    [DETECTION] Is the TR/Buzus.cinr Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir

    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir

    [DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir

    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir

    [DETECTION] Is the TR/ATRAPS.Gen Trojan

    --> Object

    [DETECTION] Is the TR/ATRAPS.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir

    [DETECTION] Is the TR/Spy.Agent.212992 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir

    [DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir

    [DETECTION] Is the TR/VB.Inject.II.5 Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir

    [DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm

    C:\Qoobox\Quarantine\C\Windows\framework.exe.vir

    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program

    C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

    [DETECTION] Is the TR/Spy.96256.35 Trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    --> vmain.class

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus

    --> bpac/a.class

    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    --> vmain.class

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus

    --> bpac/Bombapack.class

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    --> vmain.class

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus

    --> CustomClass.class

    [DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus

    --> dostuff.class

    [DETECTION] Contains recognition pattern of the JAVA/Rowindal.B Java virus

    --> mosdef.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.C Java virus

    --> SiteError.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.D Java virus

    --> SuperPolicy.class

    [DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vload.class

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vmain.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vload.class

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vmain.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vload.class

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vmain.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vload.class

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vmain.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

    --> a4cb9b1a8a5.class

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

    --> a66d578f084.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus

    --> aa79d1019d8.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus

    --> ab16db71cdc.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus

    --> ab5601d4848.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus

    --> ae28546890f.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus

    --> af439f03798.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    --> vmain.class

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vload.class

    [DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus

    --> vmain.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

    --> bpac/a.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus

    --> bpac/a.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus

    --> Client.class

    [DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

    --> a4cb9b1a8a5.class

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.E Java virus

    --> a66d578f084.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus

    --> aa79d1019d8.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus

    --> ab16db71cdc.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus

    --> ab5601d4848.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus

    --> ae28546890f.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus

    --> af439f03798.class

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b

    [0] Archive type: ZIP

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    --> vmain.class

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    C:\Users\Evan\AppData\Roaming\awqyfeb.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\cfxsibl.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\cywelkj.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\dphmosj.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\dzoiakq.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\fncdtqe.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\fqkenby.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\ftocyye.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\gbsxcuo.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\gibmfis.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\hpnjbyj.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\hthpxiy.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\hyecael.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\icbuxha.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    C:\Users\Evan\AppData\Roaming\iovzqpb.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\iswztnt.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\jdqetzt.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\jflldmo.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\jzcospg.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\lrvjwjb.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\mgnrzzq.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    C:\Users\Evan\AppData\Roaming\mrvphbz.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\mycomputp.dll

    [DETECTION] Is the TR/Spy.75776.26 Trojan

    C:\Users\Evan\AppData\Roaming\nrvtymn.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\nuotiem.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\olntwll.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\ovujbzz.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\packet.exe

    [DETECTION] Is the TR/VBKrypt.dlc Trojan

    C:\Users\Evan\AppData\Roaming\pdiolxr.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\qbowqth.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\qjgskpq.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\quscblv.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\rapthsp.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\rrhflfq.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\shtgurs.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    C:\Users\Evan\AppData\Roaming\tlwkvcl.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\trpjyqb.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\uigljis.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\uuxwtnm.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\vckypiz.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\vhmnzzq.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\vhuhykr.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\vuwnufn.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\vwvbwzl.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\ycwwfnz.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    C:\Users\Evan\AppData\Roaming\ymdjsau.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\ysybmyz.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    C:\Users\Evan\AppData\Roaming\yvrfwyu.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    C:\Users\Evan\AppData\Roaming\zculrje.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    C:\Users\Evan\AppData\Roaming\zlyqlpy.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    Begin scan in 'D:\'

    D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe

    [DETECTION] Is the TR/Agent.4964526 Trojan

    D:\Music\Opeth\opeth - damnation - in my time of need.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Music\Opeth\opeth - harvest.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Music\Pantera\pantera - cementery gates.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Music\Pantera\pantera - this love.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe

    [0] Archive type: NSIS

    [DETECTION] Is the TR/Dldr.Inject.ahi Trojan

    --> [unknownDir]/LiveUpdate.exe

    [DETECTION] Is the TR/Dldr.Inject.ahi Trojan

    Beginning disinfection:

    D:\Warez\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\Nero-9.4.26.0_trial.exe

    [DETECTION] Is the TR/Dldr.Inject.ahi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '480cf1b0.qua'.

    D:\Music\Rockstar Supernova\Rock Star Supernova - Dilana - SuperSoul.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '50aade2b.qua'.

    D:\Music\Rockstar Supernova\Magni - When the Time Comes (original).mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '02c984fd.qua'.

    D:\Music\Pantera\pantera - this love.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '64f7cb3f.qua'.

    D:\Music\Pantera\pantera - the great southern trendkill - floods.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '2173e604.qua'.

    D:\Music\Pantera\pantera - cementery gates.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '5e68d466.qua'.

    D:\Music\Opeth\opeth - harvest.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '12e7f803.qua'.

    D:\Music\Opeth\opeth - damnation - in my time of need.mp3

    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

    [NOTE] The file was moved to the quarantine directory under the name '6effb851.qua'.

    D:\Documents\KeyProwler Pro 3.3.6.0 www.shoptinhoc.com\KeyProwler Pro v3.3.6.0.exe

    [DETECTION] Is the TR/Agent.4964526 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '43899707.qua'.

    C:\Users\Evan\AppData\Roaming\Microsoft\sierra.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5acdac99.qua'.

    C:\Users\Evan\AppData\Roaming\zlyqlpy.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '36bd80b4.qua'.

    C:\Users\Evan\AppData\Roaming\zculrje.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '4718b936.qua'.

    C:\Users\Evan\AppData\Roaming\yvrfwyu.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '490189ec.qua'.

    C:\Users\Evan\AppData\Roaming\ysybmyz.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0c37f0a3.qua'.

    C:\Users\Evan\AppData\Roaming\ymdjsau.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0511f40e.qua'.

    C:\Users\Evan\AppData\Roaming\ycwwfnz.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5d7fed71.qua'.

    C:\Users\Evan\AppData\Roaming\vwvbwzl.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '718a94a1.qua'.

    C:\Users\Evan\AppData\Roaming\vuwnufn.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '4f75f479.qua'.

    C:\Users\Evan\AppData\Roaming\vhuhykr.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '2c65df1f.qua'.

    C:\Users\Evan\AppData\Roaming\vhmnzzq.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0aa59f02.qua'.

    C:\Users\Evan\AppData\Roaming\vckypiz.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '3833e4ac.qua'.

    C:\Users\Evan\AppData\Roaming\uuxwtnm.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '3261cfcc.qua'.

    C:\Users\Evan\AppData\Roaming\uigljis.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0d21ab9d.qua'.

    C:\Users\Evan\AppData\Roaming\trpjyqb.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '7306a7a1.qua'.

    C:\Users\Evan\AppData\Roaming\tlwkvcl.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '2665a36c.qua'.

    C:\Users\Evan\AppData\Roaming\shtgurs.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '2becd258.qua'.

    C:\Users\Evan\AppData\Roaming\rrhflfq.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '37bdc64a.qua'.

    C:\Users\Evan\AppData\Roaming\rapthsp.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '06668b95.qua'.

    C:\Users\Evan\AppData\Roaming\quscblv.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '6a379fbf.qua'.

    C:\Users\Evan\AppData\Roaming\qjgskpq.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '23a1bab2.qua'.

    C:\Users\Evan\AppData\Roaming\qbowqth.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '783cb27b.qua'.

    C:\Users\Evan\AppData\Roaming\pdiolxr.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '1e84be90.qua'.

    C:\Users\Evan\AppData\Roaming\packet.exe

    [DETECTION] Is the TR/VBKrypt.dlc Trojan

    [NOTE] The file was moved to the quarantine directory under the name '4934cc35.qua'.

    C:\Users\Evan\AppData\Roaming\ovujbzz.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '6b769b5a.qua'.

    C:\Users\Evan\AppData\Roaming\olntwll.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0361e1c2.qua'.

    C:\Users\Evan\AppData\Roaming\nuotiem.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '2316e54e.qua'.

    C:\Users\Evan\AppData\Roaming\nrvtymn.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '762ba3f9.qua'.

    C:\Users\Evan\AppData\Roaming\mycomputp.dll

    [DETECTION] Is the TR/Spy.75776.26 Trojan

    [WARNING] The file could not be copied to quarantine!

    [WARNING] The file could not be deleted!

    [NOTE] The file is scheduled for deleting after reboot.

    C:\Users\Evan\AppData\Roaming\mrvphbz.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '1770b41c.qua'.

    C:\Users\Evan\AppData\Roaming\mgnrzzq.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '048c88fa.qua'.

    C:\Users\Evan\AppData\Roaming\lrvjwjb.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '162df432.qua'.

    C:\Users\Evan\AppData\Roaming\jzcospg.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '01509798.qua'.

    C:\Users\Evan\AppData\Roaming\jflldmo.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5b49a564.qua'.

    C:\Users\Evan\AppData\Roaming\jdqetzt.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '7e49df76.qua'.

    C:\Users\Evan\AppData\Roaming\iswztnt.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0a08c776.qua'.

    C:\Users\Evan\AppData\Roaming\iovzqpb.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '280b95f6.qua'.

    C:\Users\Evan\AppData\Roaming\icbuxha.exe

    [DETECTION] Is the TR/VBKrypt.dqr.1 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5db4ed93.qua'.

    C:\Users\Evan\AppData\Roaming\hyecael.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '76e0b1e5.qua'.

    C:\Users\Evan\AppData\Roaming\hthpxiy.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '11baf95f.qua'.

    C:\Users\Evan\AppData\Roaming\hpnjbyj.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5ac0c045.qua'.

    C:\Users\Evan\AppData\Roaming\gibmfis.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5a0aca6d.qua'.

    C:\Users\Evan\AppData\Roaming\gbsxcuo.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '10949f7a.qua'.

    C:\Users\Evan\AppData\Roaming\ftocyye.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '7eb9b0c0.qua'.

    C:\Users\Evan\AppData\Roaming\fqkenby.exe

    [DETECTION] Is the TR/VBKrypt.dfi Trojan

    [NOTE] The file was moved to the quarantine directory under the name '3395eebd.qua'.

    C:\Users\Evan\AppData\Roaming\fncdtqe.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5b89c985.qua'.

    C:\Users\Evan\AppData\Roaming\dzoiakq.exe

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '210cf358.qua'.

    C:\Users\Evan\AppData\Roaming\dphmosj.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5055af0b.qua'.

    C:\Users\Evan\AppData\Roaming\cywelkj.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '20a18512.qua'.

    C:\Users\Evan\AppData\Roaming\cfxsibl.exe

    [DETECTION] Is the TR/Trash.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5bd2f934.qua'.

    C:\Users\Evan\AppData\Roaming\awqyfeb.exe

    [DETECTION] Is the TR/VBKrypt.dbb Trojan

    [NOTE] The file was moved to the quarantine directory under the name '15908a2f.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\36c06809-4f45626b

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    [NOTE] The file was moved to the quarantine directory under the name '6bddf148.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

    [NOTE] The file was moved to the quarantine directory under the name '1f7ad90d.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394

    [DETECTION] Contains recognition pattern of the JAVA/Runner.1458 Java virus

    [NOTE] The file was moved to the quarantine directory under the name '14018566.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385

    [DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus

    [NOTE] The file was moved to the quarantine directory under the name '47a99691.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc

    [DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

    [NOTE] The file was moved to the quarantine directory under the name '22c1bdfc.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    [NOTE] The file was moved to the quarantine directory under the name '0a57ed5d.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3e36666f-7c2443af

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    [NOTE] The file was moved to the quarantine directory under the name '7eeab4d5.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e

    [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus

    [NOTE] The file was moved to the quarantine directory under the name '31f9cc5e.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    [NOTE] The file was moved to the quarantine directory under the name '0e2c95f9.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    [NOTE] The file was moved to the quarantine directory under the name '7406967c.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    [NOTE] The file was moved to the quarantine directory under the name '247c910c.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1

    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus

    [NOTE] The file was moved to the quarantine directory under the name '72029b7c.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8

    [DETECTION] Contains recognition pattern of the JAVA/Rowindal.C Java virus

    [NOTE] The file was moved to the quarantine directory under the name '35c39f9a.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47b837e3-38d16d90

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    [NOTE] The file was moved to the quarantine directory under the name '1688f119.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\463e7fd4-3b0c8c21

    [DETECTION] Contains recognition pattern of the JAVA/OpenStream.A Java virus

    [NOTE] The file was moved to the quarantine directory under the name '5172d8f7.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\15585d14-626fba8e

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    [NOTE] The file was moved to the quarantine directory under the name '23148b62.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\521840ca-258e909e

    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus

    [NOTE] The file was moved to the quarantine directory under the name '087fc871.qua'.

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-492eb2c9

    [DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit

    [NOTE] The file was moved to the quarantine directory under the name '4be3c6fc.qua'.

    C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

    [DETECTION] Is the TR/Spy.96256.35 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '016bbfbf.qua'.

    C:\Qoobox\Quarantine\C\Windows\framework.exe.vir

    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCBot.A.56 back-door program

    [NOTE] The file was moved to the quarantine directory under the name '0c10a116.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe.vir

    [DETECTION] Contains recognition pattern of the WORM/IrcBot.659456.A worm

    [NOTE] The file was moved to the quarantine directory under the name '23c7e98f.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Run.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '1c0da097.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe.vir

    [DETECTION] Is the TR/VB.Inject.II.5 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '23f3b67d.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\metus.exe.vir

    [DETECTION] Contains recognition pattern of the WORM/Agent.123904.42 worm

    [NOTE] The file was moved to the quarantine directory under the name '4635e6aa.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '6021c1b5.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '6ca492cd.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zrzysia.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '59c9e414.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\zqbfyik.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '22c1e35f.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\xlsyxge.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '04f0e66f.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wznaqna.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '6878aba7.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\wydfbon.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '4822be17.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\uritwwj.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '2f18d4e3.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\tacwijc.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '52e0b77c.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\sijvkve.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0ee2b81b.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\rgyumdx.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '46aa839b.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\raid64.exe.vir

    [DETECTION] Is the TR/Spy.Agent.212992 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '2862ee63.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\qmphdby.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '0dacb0b9.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\pfiekwq.exe.vir

    [DETECTION] Is the TR/ATRAPS.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '7fcca06c.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\khwqjbc.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '11259c9d.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jvmaatn.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '7fcba405.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jmkfrya.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '01dbfde7.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jlffmtc.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '1851ad4a.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\jktulqc.exe.vir

    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '08a0c28e.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\icnsmhy.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '112fcfed.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\hqqwuct.exe.vir

    [DETECTION] Contains recognition pattern of the WORM/Agent.98304.D worm

    [NOTE] The file was moved to the quarantine directory under the name '507292c0.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gxaltrj.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '5ec6c6a6.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\gpufpcc.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '72abc671.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\eumglcu.exe.vir

    [DETECTION] Is the TR/Dropper.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '4455e9c1.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ejeifad.exe.vir

    [DETECTION] Is the TR/Drop.Small.fhx.3 Trojan

    [NOTE] The file was moved to the quarantine directory under the name '440381ce.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\dtrspqj.exe.vir

    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '3f1ebff0.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\ddlovii.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '3aad9cac.qua'.

    C:\Qoobox\Quarantine\C\Users\Evan\AppData\Roaming\aladumu.exe.vir

    [DETECTION] Is the TR/Hijacker.Gen Trojan

    [NOTE] The file was moved to the quarantine directory under the name '550adbbb.qua'.

    C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\Trainer\Burnout Paradise Trainer.exe

    [DETECTION] Is the TR/Buzus.cinr Trojan

    [NOTE] The file was moved to the quarantine directory under the name '7cb7a01e.qua'.

    The repair notes were written to the file 'C:\avrescue\rescue.avp'.

    End of the scan: Sunday, 5 December 2010 01:49

    Used time: 38:43 Minute(s)

    The scan has been done completely.

    21601 Scanned directories

    416254 Files were scanned

    134 Viruses and/or unwanted programs were found

    0 Files were classified as suspicious

    0 files were deleted

    0 Viruses and unwanted programs were repaired

    112 Files were moved to quarantine

    0 Files were renamed

    0 Files cannot be scanned

    416120 Files not concerned

    2337 Archives were scanned

    1 Warnings

    113 Notes

    546485 Objects were scanned with rootkit scan

    8 Hidden objects were found

  3. ComboFix 10-12-03.03 - Evan 05/12/2010 0:21.1.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2541 [GMT 11:00]

    Running from: c:\users\Evan\Desktop\ComboFix.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\users\Evan\AppData\Roaming\aladumu.exe

    c:\users\Evan\AppData\Roaming\ddlovii.exe

    c:\users\Evan\AppData\Roaming\dtrspqj.exe

    c:\users\Evan\AppData\Roaming\eehzkak.exe

    c:\users\Evan\AppData\Roaming\ejeifad.exe

    c:\users\Evan\AppData\Roaming\eumglcu.exe

    c:\users\Evan\AppData\Roaming\fkfivbs.exe

    c:\users\Evan\AppData\Roaming\gpufpcc.exe

    c:\users\Evan\AppData\Roaming\gxaltrj.exe

    c:\users\Evan\AppData\Roaming\hqqwuct.exe

    c:\users\Evan\AppData\Roaming\icnsmhy.exe

    c:\users\Evan\AppData\Roaming\jjwepwp.exe

    c:\users\Evan\AppData\Roaming\jktulqc.exe

    c:\users\Evan\AppData\Roaming\jlffmtc.exe

    c:\users\Evan\AppData\Roaming\jmkfrya.exe

    c:\users\Evan\AppData\Roaming\jvmaatn.exe

    c:\users\Evan\AppData\Roaming\khwqjbc.exe

    c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe

    c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe

    c:\users\Evan\AppData\Roaming\Microsoft\metus.exe

    c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe

    c:\users\Evan\AppData\Roaming\Microsoft\Run.exe

    c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe

    c:\users\Evan\AppData\Roaming\pfiekwq.exe

    c:\users\Evan\AppData\Roaming\ptibrrh.exe

    c:\users\Evan\AppData\Roaming\qmphdby.exe

    c:\users\Evan\AppData\Roaming\raid64.exe

    c:\users\Evan\AppData\Roaming\rgyumdx.exe

    c:\users\Evan\AppData\Roaming\sijvkve.exe

    c:\users\Evan\AppData\Roaming\tacwijc.exe

    c:\users\Evan\AppData\Roaming\tahjmdr.exe

    c:\users\Evan\AppData\Roaming\uritwwj.exe

    c:\users\Evan\AppData\Roaming\wydfbon.exe

    c:\users\Evan\AppData\Roaming\wznaqna.exe

    c:\users\Evan\AppData\Roaming\xlsyxge.exe

    c:\users\Evan\AppData\Roaming\xuxqnoh.exe

    c:\users\Evan\AppData\Roaming\zqbfyik.exe

    c:\users\Evan\AppData\Roaming\zrzysia.exe

    c:\windows\framework.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

    Infected copy of c:\windows\System32\wininit.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

    .

    ((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))

    .

    2010-12-04 13:25 . 2010-12-04 13:27 -------- d-----w- c:\users\Evan\AppData\Local\temp

    2010-12-04 13:25 . 2010-12-04 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Common Files\Java

    2010-12-03 20:53 . 2010-12-03 20:53 -------- d-----w- c:\program files\Java

    2010-12-03 18:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEF266C6-F3E1-4AE8-B172-276EE4CB8BF8}\mpengine.dll

    2010-12-03 18:21 . 2010-12-03 18:21 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2010-12-03 18:10 . 2010-12-03 18:10 -------- d-----w- c:\windows\system32\%LocalAppData%

    2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro

    2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL

    2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket

    2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com

    2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision

    2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

    2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

    2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

    2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision

    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-03 20:53 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe

    2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

    2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

    2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

    2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

    "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]

    "NPSStartup"="" [bU]

    "framework"="framework.exe" [bU]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]

    Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

    WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

    @="SecurityDevices"

    [HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

    path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

    2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDS]

    c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Control Manager v2.2]

    c:\users\Evan\AppData\Local\Temp\staklic.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

    2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

    2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]

    2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework]

    c:\users\Evan\AppData\Local\Temp\dxdiag.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GodServices]

    c:\users\Evan\AppData\Local\Temp\godservices.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]

    c:\users\Evan\AppData\Roaming\install\Svchost.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

    2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Service]

    c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

    2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]

    c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Protector]

    c:\users\Evan\AppData\Roaming\winlogon.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]

    2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outbreak.exe]

    c:\windows\outbreak.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

    2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

    2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartServiceWKKBTRRS]

    c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup]

    c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]

    2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System RAID Manager]

    c:\users\Evan\AppData\Roaming\raid64.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDoS]

    c:\users\Evan\AppData\Roaming\WinDoS.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defense]

    c:\users\Evan\AppData\Roaming\winlogon.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]

    c:\users\Evan\AppData\Local\Temp\svchost.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]

    c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinsysMon]

    c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XA5RJ9EADJ]

    c:\users\Evan\AppData\Local\Temp\Ezr.exe [bU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]

    c:\users\Evan\AppData\Local\Temp\Ezq.exe [bU]

    R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]

    R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]

    R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]

    R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]

    R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]

    R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

    R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]

    R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]

    R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

    R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]

    R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]

    R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]

    R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]

    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]

    R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]

    R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

    R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]

    R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]

    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]

    R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

    R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

    R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]

    R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]

    R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]

    R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]

    R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]

    R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

    R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]

    R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]

    R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]

    R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]

    R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]

    R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]

    R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 MsRPC;MsRPC; [x]

    R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]

    R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]

    R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]

    R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]

    R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]

    R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]

    R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]

    R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

    R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]

    R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]

    R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]

    R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]

    R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]

    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]

    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]

    R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

    R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

    R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]

    R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]

    R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]

    R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]

    R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]

    R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]

    R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

    R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

    R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]

    R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]

    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]

    R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]

    R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]

    R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]

    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]

    S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]

    S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]

    S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]

    S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]

    S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]

    S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]

    S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]

    S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]

    S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]

    S0 spldr;Security Processor Loader Driver; [x]

    S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]

    S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]

    S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]

    S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]

    S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]

    S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]

    S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]

    S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]

    S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]

    S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]

    S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]

    S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

    S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]

    S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]

    S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]

    S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]

    S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]

    S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]

    S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]

    S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]

    S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]

    S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]

    S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]

    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]

    S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]

    S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]

    S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]

    S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]

    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]

    S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]

    S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]

    S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]

    S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

    S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]

    S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]

    S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]

    S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]

    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]

    S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - FSUSBEXDISK

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    RPCSS REG_MULTI_SZ RpcEptMapper RpcSs

    defragsvc REG_MULTI_SZ defragsvc

    WerSvcGroup REG_MULTI_SZ wersvc

    LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc

    swprv REG_MULTI_SZ swprv

    LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg

    NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

    regsvc REG_MULTI_SZ RemoteRegistry

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

    DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch

    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

    sdrsvc REG_MULTI_SZ sdrsvc

    WbioSvcGroup REG_MULTI_SZ WbioSrvc

    wcssvc REG_MULTI_SZ WcsPlugInService

    AxInstSVGroup REG_MULTI_SZ AxInstSV

    secsvcs REG_MULTI_SZ WinDefend

    PeerDist REG_MULTI_SZ PeerDistSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    AeLookupSvc

    CertPropSvc

    SCPolicySvc

    lanmanserver

    gpsvc

    IKEEXT

    AudioSrv

    FastUserSwitchingCompatibility

    Nla

    NWCWorkstation

    SRService

    Wmi

    WmdmPmSp

    TermService

    wuauserv

    BITS

    ShellHWDetection

    LogonHours

    PCAudit

    helpsvc

    uploadmgr

    iphlpsvc

    seclogon

    AppInfo

    msiscsi

    MMCSS

    wercplsupport

    EapHost

    ProfSvc

    schedule

    hkmsvc

    SessionEnv

    winmgmt

    browser

    Themes

    BDESVC

    AppMgmt

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted

    homegrouplistener

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

    WdiServiceHost

    sppuinotify

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

    lanmanworkstation

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

    BthHFSrv

    homegroupprovider

    [HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D}]

    c:\users\Evan\AppData\Local\Temp\msconfig.exe [bU]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.ninemsn.com.au/

    uInternet Settings,ProxyOverride = *.local

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-05 00:27

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files:

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]

    "datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,

    fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\

    "rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\nvvsvc.exe

    c:\windows\system32\AUDIODG.EXE

    c:\windows\system32\nvvsvc.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\windows\system32\taskhost.exe

    c:\windows\system32\conhost.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\windows\system32\DllHost.exe

    .

    **************************************************************************

    .

    Completion time: 2010-12-05 00:29:24 - machine was rebooted

    ComboFix-quarantined-files.txt 2010-12-04 13:29

    ComboFix2.txt 2010-12-03 13:59

    ComboFix3.txt 2010-12-03 13:16

    Pre-Run: 13,405,892,608 bytes free

    Post-Run: 13,627,445,248 bytes free

    - - End Of File - - 1B0F8273C4950F991ACE18042CE737C6

  4. ESET log:

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\56a12ea4-766692f8 multiple threats

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c0702e6-7dd75de1 probably a variant of Win32/Agent.FXHNPDJ trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25b32d04-78122087 probably a variant of Win32/Agent.FXHNPDJ trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\15467029-6ee724b4 probably a variant of Win32/Agent.FXHNPDJ trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-27f04b56 probably a variant of Win32/Agent.FXHNPDJ trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6c959aab-2ea1f28e multiple threats

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\739d2831-518d9c2a probably a variant of Win32/Agent.FXHNPDJ trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-2ab473fc a variant of Java/TrojanDownloader.OpenStream.NAU trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57e27139-10ff6385 a variant of Java/TrojanDownloader.OpenStream.NAU trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\6b535139-4390f394 Java/TrojanDownloader.Agent.NBB trojan

    C:\Users\Evan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1df965c9-3df06b51 multiple threats

    C:\Users\Evan\AppData\Roaming\awqyfeb.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\dphmosj.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\dtrspqj.exe Win32/Dewnad.AK worm

    C:\Users\Evan\AppData\Roaming\dzoiakq.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\ejeifad.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\eumglcu.exe a variant of Win32/Injector.CNY trojan

    C:\Users\Evan\AppData\Roaming\fncdtqe.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\fqkenby.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\ftocyye.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\gibmfis.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\gpufpcc.exe a variant of Win32/Injector.CLJ trojan

    C:\Users\Evan\AppData\Roaming\gxaltrj.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\hpnjbyj.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\hqqwuct.exe a variant of MSIL/Agent.NCX trojan

    C:\Users\Evan\AppData\Roaming\hthpxiy.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\hyecael.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\icbuxha.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\icnsmhy.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\iovzqpb.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\iswztnt.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\jdqetzt.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\jflldmo.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\jktulqc.exe Win32/Dewnad.AK worm

    C:\Users\Evan\AppData\Roaming\jlffmtc.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\jmkfrya.exe a variant of Win32/Injector.CFX trojan

    C:\Users\Evan\AppData\Roaming\mgnrzzq.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\mrvphbz.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\mycomputp.dll Win32/Agent.RMC trojan

    C:\Users\Evan\AppData\Roaming\nrvtymn.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\nuotiem.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\ovujbzz.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\packet.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\pfiekwq.exe probably a variant of Win32/AutoRun.IRCBot.FC worm

    C:\Users\Evan\AppData\Roaming\qjgskpq.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\qmphdby.exe probably unknown NewHeur_PE virus

    C:\Users\Evan\AppData\Roaming\quscblv.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\raid64.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\rgyumdx.exe a variant of Win32/Injector.CLJ trojan

    C:\Users\Evan\AppData\Roaming\rrhflfq.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\shtgurs.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\sijvkve.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\tacwijc.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\tlwkvcl.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\trpjyqb.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\uigljis.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\uritwwj.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\vckypiz.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\vhmnzzq.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\vhuhykr.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\vwvbwzl.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\xlsyxge.exe Win32/AutoRun.IRCBot.CX worm

    C:\Users\Evan\AppData\Roaming\ycwwfnz.exe a variant of Win32/Injector.DAL trojan

    C:\Users\Evan\AppData\Roaming\ysybmyz.exe a variant of Win32/Injector.CHV trojan

    C:\Users\Evan\AppData\Roaming\zlyqlpy.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\zrzysia.exe Win32/Oficla.HW trojan

    C:\Users\Evan\AppData\Roaming\Microsoft\Crypted.exe a variant of Win32/Injector.CUA trojan

    C:\Users\Evan\AppData\Roaming\Microsoft\eraseme.exe probably a variant of Win32/Injector.AXP trojan

    C:\Users\Evan\AppData\Roaming\Microsoft\metus.exe Win32/Dewnad.AM worm

    C:\Users\Evan\AppData\Roaming\Microsoft\newcrypt.exe a variant of Win32/Injector.CTL trojan

    C:\Users\Evan\AppData\Roaming\Microsoft\Run.exe probably a variant of MSIL/Injector.I trojan

    C:\Users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe probably a variant of Win32/IRCBot.DRVMJMG trojan

    C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan

    C:\Windows\explorer.exe Win32/Bamital.EL trojan

    C:\Windows\framework.exe probably a variant of Win32/Injector.CRM trojan

    C:\Windows\System32\wininit.exe Win32/Bamital.EL trojan

    D:\Svchost.exe a variant of Win32/Injector.CUA trojan

  5. The Kaspersky updates are giving me a lot of trouble. The downloading took its sweet time (around a couple of hours for only a 100 MB :( ), and now it says the update failed because the Internet connection was inconsistent. :)

    I refreshed and tried again. Now it won't even attempt to start updating - I just keep getting the 'inconsistent' error.

    Is there an alternative software I can try? Oh and obviously the redirecting problem's back after the system restore - should I run ComboFix (without your CFScript) to fix it up again?

  6. Oh wait. Hold on.

    I clicked 'Repair Windows' at the safe mode prompt and managed to restore the system to previous settings. It seems to have done the job. We're back to square one I guess.

    This is the current HTL:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 5:24:14 AM, on 4/12/2010

    Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505)

    MSIE: Internet Explorer v8.00 (8.00.7601.16562)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Microsoft IntelliType Pro\itype.exe

    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

    C:\Program Files\Rainmeter\Rainmeter.exe

    C:\Program Files\WordWeb\wweb32.exe

    C:\Windows\framework.exe

    C:\Users\Evan\AppData\Local\temp\msconfig.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: [framework] framework.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe

    O4 - HKCU\..\Run: [Apple iPod Service] C:\Users\Evan\AppData\Roaming\iTunes.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

    O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

    O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

    O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --

    End of file - 7412 bytes

  7. Whoa! WHoa! Dude, something went seriously wrong. I'm on my brother's laptop right now.

    I ran the MBAM scam as you asked. It found 1 infection in the appdata/temp directory if I remember correctly. Everything went wrong after rebooting. The log-on screen was stuck on 'preparing desktop' for quite a bit. When the desktop did load, an error message popped up:

    C:\Windows\system32\config\systemprofile\Desktop is not accessible

    Access is denied.

    I tried rebooting again, to no avail. The windows 7 taskbar has been replaced with the classic version. The desktop icons are gone. And most executable files won't run. I can still, however, access files on my HDD (not the ones on the desktop though).

    I tried to run MBAM, but it won't load. The error message says 'The dependency service or group failed to start'. I tried to take a screenshot, but nothing on mspaint will save - it says 'Location is denied' every time I try.

    The internet connection seems to be fine. Opera won't load. IE loads and gets stuck on the homepage.

    :D

    What am I supposed to do now? Also, it's a home PC, not a business one.

  8. Cheers. New log.

    ComboFix 10-12-02.05 - Evan 04/12/2010 0:52.2.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2374 [GMT 11:00]

    Running from: c:\users\Evan\Desktop\ComboFix.exe

    Command switches used :: c:\users\Evan\Desktop\CFScript.txt

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_AppMgmt

    ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))

    .

    2010-12-03 13:55 . 2010-12-03 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-12-03 13:06 . 2010-12-03 13:57 -------- d-----w- c:\users\Evan\AppData\Local\temp

    2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro

    2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll

    2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL

    2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket

    2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com

    2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision

    2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

    2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

    2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

    2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision

    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe

    2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe

    2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

    2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

    2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

    2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

    2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

    "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]

    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

    c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]

    Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

    WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

    @="SecurityDevices"

    [HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

    path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

    backupExtension=.Startup

    R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]

    R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]

    R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]

    R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]

    R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]

    R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

    R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]

    R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]

    R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

    R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]

    R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]

    R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]

    R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]

    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]

    R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]

    R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

    R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]

    R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]

    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]

    R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

    R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

    R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]

    R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]

    R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]

    R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]

    R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]

    R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

    R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]

    R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]

    R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]

    R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]

    R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]

    R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]

    R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 MsRPC;MsRPC; [x]

    R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]

    R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]

    R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]

    R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]

    R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]

    R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]

    R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]

    R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

    R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]

    R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]

    R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]

    R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]

    R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]

    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]

    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]

    R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

    R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

    R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]

    R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]

    R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]

    R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]

    R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]

    R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]

    R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

    R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

    R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]

    R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]

    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]

    R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]

    R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]

    R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]

    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]

    S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]

    S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]

    S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]

    S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]

    S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]

    S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]

    S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]

    S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]

    S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]

    S0 spldr;Security Processor Loader Driver; [x]

    S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]

    S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]

    S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]

    S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]

    S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]

    S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]

    S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]

    S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]

    S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]

    S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]

    S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]

    S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

    S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]

    S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]

    S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]

    S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]

    S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]

    S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]

    S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]

    S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]

    S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]

    S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]

    S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]

    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]

    S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]

    S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]

    S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]

    S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]

    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]

    S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]

    S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]

    S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]

    S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

    S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]

    S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]

    S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]

    S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]

    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]

    S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - FSUSBEXDISK

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    RPCSS REG_MULTI_SZ RpcEptMapper RpcSs

    defragsvc REG_MULTI_SZ defragsvc

    WerSvcGroup REG_MULTI_SZ wersvc

    LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc

    swprv REG_MULTI_SZ swprv

    LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg

    NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

    regsvc REG_MULTI_SZ RemoteRegistry

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

    DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch

    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

    sdrsvc REG_MULTI_SZ sdrsvc

    WbioSvcGroup REG_MULTI_SZ WbioSrvc

    wcssvc REG_MULTI_SZ WcsPlugInService

    AxInstSVGroup REG_MULTI_SZ AxInstSV

    secsvcs REG_MULTI_SZ WinDefend

    PeerDist REG_MULTI_SZ PeerDistSvc

    NETSVCS REQUIRES REPAIRS - current entries shown

    Ias

    Irmon

    Ntmssvc

    Nwsapagent

    Rasauto

    Rasman

    Remoteaccess

    SENS

    Sharedaccess

    Tapisrv

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted

    homegrouplistener

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

    WdiServiceHost

    sppuinotify

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

    lanmanworkstation

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

    BthHFSrv

    homegroupprovider

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.ninemsn.com.au/

    uInternet Settings,ProxyOverride = *.local

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:57

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:57

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:57

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:57

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:57

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files:

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]

    "datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,

    fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\

    "rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\nvvsvc.exe

    c:\windows\system32\AUDIODG.EXE

    c:\windows\system32\nvvsvc.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\windows\system32\taskhost.exe

    c:\windows\system32\conhost.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\windows\system32\DllHost.exe

    .

    **************************************************************************

    .

    Completion time: 2010-12-04 00:59:18 - machine was rebooted

    ComboFix-quarantined-files.txt 2010-12-03 13:59

    ComboFix2.txt 2010-12-03 13:16

    Pre-Run: 14,322,110,464 bytes free

    Post-Run: 14,011,912,192 bytes free

    - - End Of File - - A05D838CB57422A0FD48D48FB7033356

  9. Combofix report as requested:

    ComboFix 10-12-02.05 - Evan 04/12/2010 0:02.1.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.2291 [GMT 11:00]

    Running from: c:\users\Evan\Desktop\ComboFix.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\users\Evan\AppData\Local\Temp\A10F.tmp

    c:\users\Evan\AppData\Roaming\aladumu.exe

    c:\users\Evan\AppData\Roaming\ddlovii.exe

    c:\users\Evan\AppData\Roaming\dtrspqj.exe

    c:\users\Evan\AppData\Roaming\eehzkak.exe

    c:\users\Evan\AppData\Roaming\ejeifad.exe

    c:\users\Evan\AppData\Roaming\eumglcu.exe

    c:\users\Evan\AppData\Roaming\fkfivbs.exe

    c:\users\Evan\AppData\Roaming\google_cache243.tmp

    c:\users\Evan\AppData\Roaming\google_cache746.tmp

    c:\users\Evan\AppData\Roaming\gpufpcc.exe

    c:\users\Evan\AppData\Roaming\gxaltrj.exe

    c:\users\Evan\AppData\Roaming\hqqwuct.exe

    c:\users\Evan\AppData\Roaming\icnsmhy.exe

    c:\users\Evan\AppData\Roaming\jjwepwp.exe

    c:\users\Evan\AppData\Roaming\jktulqc.exe

    c:\users\Evan\AppData\Roaming\jlffmtc.exe

    c:\users\Evan\AppData\Roaming\jmkfrya.exe

    c:\users\Evan\AppData\Roaming\jvmaatn.exe

    c:\users\Evan\AppData\Roaming\khwqjbc.exe

    c:\users\Evan\AppData\Roaming\Microsoft\Crypted.exe

    c:\users\Evan\AppData\Roaming\Microsoft\eraseme.exe

    c:\users\Evan\AppData\Roaming\Microsoft\metus.exe

    c:\users\Evan\AppData\Roaming\Microsoft\newcrypt.exe

    c:\users\Evan\AppData\Roaming\Microsoft\Run.exe

    c:\users\Evan\AppData\Roaming\Microsoft\wglkjwelgke.exe

    c:\users\Evan\AppData\Roaming\pfiekwq.exe

    c:\users\Evan\AppData\Roaming\ptibrrh.exe

    c:\users\Evan\AppData\Roaming\qmphdby.exe

    c:\users\Evan\AppData\Roaming\raid64.exe

    c:\users\Evan\AppData\Roaming\rgyumdx.exe

    c:\users\Evan\AppData\Roaming\sijvkve.exe

    c:\users\Evan\AppData\Roaming\tacwijc.exe

    c:\users\Evan\AppData\Roaming\tahjmdr.exe

    c:\users\Evan\AppData\Roaming\uritwwj.exe

    c:\users\Evan\AppData\Roaming\wydfbon.exe

    c:\users\Evan\AppData\Roaming\wznaqna.exe

    c:\users\Evan\AppData\Roaming\xlsyxge.exe

    c:\users\Evan\AppData\Roaming\xuxqnoh.exe

    c:\users\Evan\AppData\Roaming\zqbfyik.exe

    c:\users\Evan\AppData\Roaming\zrzysia.exe

    c:\windows\framework.exe

    D:\Autorun.inf

    Infected copy of c:\windows\explorer.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

    Infected copy of c:\windows\System32\wininit.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected

    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.16562_none_53841795d828c730\explorer.exe

    .

    ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))

    .

    2010-12-03 12:11 . 2010-12-03 12:11 388096 ----a-r- c:\users\Evan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2010-12-03 12:11 . 2010-12-03 12:11 -------- d-----w- c:\program files\Trend Micro

    2010-12-03 11:08 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFD1FEE-B8BC-4517-9A47-9AF60BD2D77B}\mpengine.dll

    2010-12-01 09:26 . 2009-07-14 01:16 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXKPTPRC.DLL

    2010-11-16 16:45 . 2010-11-16 17:11 -------- d-----w- c:\users\Evan\AppData\Roaming\Mobipocket

    2010-11-16 16:45 . 2010-11-16 16:45 -------- d-----w- c:\program files\Mobipocket.com

    2010-11-13 06:21 . 2010-11-13 06:21 -------- d-----w- c:\users\Evan\AppData\Local\Activision

    2010-11-13 06:21 . 2010-06-01 17:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

    2010-11-13 06:21 . 2010-06-01 17:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

    2010-11-13 06:21 . 2010-06-01 17:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

    2010-11-13 06:21 . 2010-05-26 00:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

    2010-11-13 06:21 . 2010-05-26 00:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    2010-11-13 06:01 . 2010-11-13 06:01 -------- d-----w- c:\program files\Activision

    2010-11-06 00:37 . 2010-11-06 00:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-02 16:06 . 2010-10-20 12:15 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe

    2010-11-29 06:42 . 2010-04-20 11:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-11-29 06:42 . 2010-04-20 11:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-10-18 23:41 . 2009-11-14 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe

    2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

    2010-09-22 13:32 . 2010-09-22 13:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

    2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

    2010-09-14 17:50 . 2010-06-08 06:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

    2010-06-03 14:53 442368 ----a-w- c:\windows\System32\ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

    "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 16982016]

    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

    c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]

    Rainmeter.exe - Shortcut.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

    WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-14 42176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

    @="SecurityDevices"

    [HKLM\~\startupfolder\C:^Users^Evan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

    path=c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apple iPod Service]

    2010-12-02 16:06 59392 --sh--r- c:\users\Evan\AppData\Roaming\iTunes.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

    2009-05-12 23:22 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

    2008-07-22 01:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

    2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON TX110 Series]

    2008-09-25 20:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

    2009-06-01 02:51 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

    2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    2010-09-22 13:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    2001-07-09 00:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Packet Monitor]

    2010-07-22 16:33 266240 ----a-w- c:\users\Evan\AppData\Roaming\packet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

    2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

    2010-06-03 14:51 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrokeIt]

    2009-06-16 17:52 24712 ----a-w- c:\program files\TCB Networks\StrokeIt\strokeit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-06-03 3179520]

    R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-06-03 164352]

    R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-06-03 10240]

    R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]

    R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]

    R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-06-03 80264]

    R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]

    R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2009-07-13 50176]

    R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]

    R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]

    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

    R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]

    R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]

    R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]

    R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]

    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]

    R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]

    R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]

    R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]

    R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]

    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]

    R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]

    R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]

    R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-06-03 332168]

    R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-06-03 65536]

    R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-06-03 232840]

    R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]

    R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]

    R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]

    R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]

    R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]

    R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-06-03 130440]

    R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-06-03 28040]

    R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-06-03 116104]

    R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]

    R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 MsRPC;MsRPC; [x]

    R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]

    R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]

    R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]

    R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]

    R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-06-03 143752]

    R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]

    R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-06-03 15872]

    R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

    R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-06-03 26624]

    R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]

    R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]

    R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]

    R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]

    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]

    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]

    R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]

    R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-06-03 28032]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

    R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2010-06-03 25600]

    R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-06-03 204800]

    R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-06-03 31232]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-06-03 50048]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]

    R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]

    R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]

    R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-06-03 159616]

    R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

    R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

    R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]

    R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968]

    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]

    R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2009-07-14 1202688]

    R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]

    R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]

    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]

    R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]

    R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-06-03 22408]

    S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]

    S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]

    S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]

    S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-06-03 194808]

    S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-06-03 14216]

    S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]

    S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]

    S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]

    S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-06-03 173448]

    S0 spldr;Security Processor Loader Driver; [x]

    S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-06-03 40712]

    S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]

    S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-06-03 176008]

    S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-06-03 53128]

    S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]

    S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]

    S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-06-03 388096]

    S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-06-03 78336]

    S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]

    S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]

    S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]

    S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]

    S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-06-03 74240]

    S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-06-03 63488]

    S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]

    S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-10 233472]

    S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]

    S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]

    S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]

    S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-06-03 35328]

    S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]

    S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-13 31232]

    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]

    S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-06-03 728448]

    S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]

    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]

    S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]

    S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]

    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]

    S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-06-03 222208]

    S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-06-03 95744]

    S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]

    S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

    S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-06-03 307200]

    S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-06-03 113664]

    S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-06-03 108544]

    S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-06-03 39936]

    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-09-08 901120]

    S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

    S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    RPCSS REG_MULTI_SZ RpcEptMapper RpcSs

    defragsvc REG_MULTI_SZ defragsvc

    WerSvcGroup REG_MULTI_SZ wersvc

    LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc

    swprv REG_MULTI_SZ swprv

    LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg

    NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

    regsvc REG_MULTI_SZ RemoteRegistry

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

    DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch

    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

    sdrsvc REG_MULTI_SZ sdrsvc

    WbioSvcGroup REG_MULTI_SZ WbioSrvc

    wcssvc REG_MULTI_SZ WcsPlugInService

    AxInstSVGroup REG_MULTI_SZ AxInstSV

    secsvcs REG_MULTI_SZ WinDefend

    PeerDist REG_MULTI_SZ PeerDistSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    AeLookupSvc

    CertPropSvc

    SCPolicySvc

    lanmanserver

    gpsvc

    IKEEXT

    AudioSrv

    FastUserSwitchingCompatibility

    Nla

    NWCWorkstation

    SRService

    Wmi

    WmdmPmSp

    TermService

    wuauserv

    BITS

    ShellHWDetection

    LogonHours

    PCAudit

    helpsvc

    uploadmgr

    iphlpsvc

    seclogon

    AppInfo

    msiscsi

    MMCSS

    wercplsupport

    EapHost

    ProfSvc

    schedule

    hkmsvc

    SessionEnv

    winmgmt

    browser

    Themes

    BDESVC

    AppMgmt

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted

    homegrouplistener

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

    WdiServiceHost

    sppuinotify

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService

    lanmanworkstation

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

    BthHFSrv

    homegroupprovider

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.ninemsn.com.au/

    uInternet Settings,ProxyOverride = *.local

    .

    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-NPSStartup - (no file)

    HKLM-Run-framework - framework.exe

    SafeBoot-WudfPf

    SafeBoot-WudfRd

    SafeBoot-sacsvr

    SafeBoot-vmms

    MSConfigStartUp-DDS - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe

    MSConfigStartUp-Driver Control Manager v2 - c:\users\Evan\AppData\Local\Temp\staklic.exe

    MSConfigStartUp-Framework - c:\users\Evan\AppData\Local\Temp\dxdiag.exe

    MSConfigStartUp-GodServices - c:\users\Evan\AppData\Local\Temp\godservices.exe

    MSConfigStartUp-HKCU - c:\users\Evan\AppData\Roaming\install\Svchost.exe

    MSConfigStartUp-Internet Security Service - c:\systemfiles\x-f-324553-12314-3344-1\ise32.exe

    MSConfigStartUp-Microsoft - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe

    MSConfigStartUp-Microsoft Protector - c:\users\Evan\AppData\Roaming\winlogon.exe

    MSConfigStartUp-outbreak - c:\windows\outbreak.exe

    MSConfigStartUp-StartServiceWKKBTRRS - c:\users\Evan\AppData\Local\WKKBTRRS\StartService.exe

    MSConfigStartUp-Startup - c:\users\Evan\AppData\Roaming\Microsoft\svchost.exe

    MSConfigStartUp-System RAID Manager - c:\users\Evan\AppData\Roaming\raid64.exe

    MSConfigStartUp-WinDoS - c:\users\Evan\AppData\Roaming\WinDoS.exe

    MSConfigStartUp-Windows Defense - c:\users\Evan\AppData\Roaming\winlogon.exe

    MSConfigStartUp-Windows Firewall - c:\users\Evan\AppData\Local\Temp\svchost.exe

    MSConfigStartUp-Windows Update - c:\users\Evan\AppData\Roaming\Microsoft\winupdate.exe

    MSConfigStartUp-WinsysMon - c:\users\Evan\Desktop\Nero.v9.4.26.0.Ultra.Edition.Incl.KEYMAKER-NOTM\LiveUpdate.exe

    MSConfigStartUp-XA5RJ9EADJ - c:\users\Evan\AppData\Local\Temp\Ezr.exe

    MSConfigStartUp-YVIBBBHA8C - c:\users\Evan\AppData\Local\Temp\Ezq.exe

    ActiveSetup-{FDEBDB3F-BD6F-FDF9-C2FC-DACABC0EFA2D} - c:\users\Evan\AppData\Local\Temp\msconfig.exe

    AddRemove-{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0} - c:\program files\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-12-04 00:14

    Windows 6.1.7601 Service Pack 1, v.178 NTFS

    detected NTDLL code modification:

    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files:

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2818589939-313886579-481562505-1000\Software\SecuROM\License information*]

    "datasecu"=hex:07,37,cc,61,5a,d0,52,78,34,12,c1,93,40,fc,db,dc,d4,0f,3a,a7,8c,

    fe,10,76,76,c2,25,36,19,92,f5,3e,f9,62,17,ec,e0,f1,d1,89,5c,ab,c1,86,b9,78,\

    "rkeysecu"=hex:d5,0a,79,73,61,f8,40,ae,45,cd,7f,f7,94,a1,ff,c8

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\nvvsvc.exe

    c:\windows\system32\nvvsvc.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\windows\system32\taskhost.exe

    c:\windows\system32\conhost.exe

    c:\windows\system32\AUDIODG.EXE

    c:\windows\system32\DllHost.exe

    .

    **************************************************************************

    .

    Completion time: 2010-12-04 00:16:03 - machine was rebooted

    ComboFix-quarantined-files.txt 2010-12-03 13:16

    Pre-Run: 13,505,970,176 bytes free

    Post-Run: 14,288,687,104 bytes free

    - - End Of File - - 93875AD38FD444541307BF8D8B6CBA4F

  10. Here's the TDSS Killer report you asked for:

    2010/12/03 23:43:11.0006 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

    2010/12/03 23:43:11.0006 ================================================================================

    2010/12/03 23:43:11.0006 SystemInfo:

    2010/12/03 23:43:11.0006

    2010/12/03 23:43:11.0006 OS Version: 6.1.7601 ServicePack: 1.0

    2010/12/03 23:43:11.0006 Product type: Workstation

    2010/12/03 23:43:11.0006 ComputerName: EVAN-PC

    2010/12/03 23:43:11.0009 UserName: Evan

    2010/12/03 23:43:11.0009 Windows directory: C:\Windows

    2010/12/03 23:43:11.0009 System windows directory: C:\Windows

    2010/12/03 23:43:11.0009 Processor architecture: Intel x86

    2010/12/03 23:43:11.0009 Number of processors: 2

    2010/12/03 23:43:11.0009 Page size: 0x1000

    2010/12/03 23:43:11.0009 Boot type: Normal boot

    2010/12/03 23:43:11.0009 ================================================================================

    2010/12/03 23:43:11.0226 Initialize success

    2010/12/03 23:43:57.0324 ================================================================================

    2010/12/03 23:43:57.0324 Scan started

    2010/12/03 23:43:57.0324 Mode: Manual;

    2010/12/03 23:43:57.0324 ================================================================================

    2010/12/03 23:43:58.0259 1394ohci (603257be9bb6c63c59a209cb188397cd) C:\Windows\system32\drivers\1394ohci.sys

    2010/12/03 23:43:58.0282 ACPI (03d30820e6925134f87b3b91efa6d531) C:\Windows\system32\drivers\ACPI.sys

    2010/12/03 23:43:58.0317 AcpiPmi (757b46b5b13a721631a3986f46ec19e4) C:\Windows\system32\drivers\acpipmi.sys

    2010/12/03 23:43:58.0362 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

    2010/12/03 23:43:58.0382 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

    2010/12/03 23:43:58.0407 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

    2010/12/03 23:43:58.0462 AFD (a747f082a94b948329d95bd5b81240ca) C:\Windows\system32\drivers\afd.sys

    2010/12/03 23:43:58.0487 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

    2010/12/03 23:43:58.0502 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

    2010/12/03 23:43:58.0537 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

    2010/12/03 23:43:58.0559 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

    2010/12/03 23:43:58.0577 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

    2010/12/03 23:43:58.0624 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

    2010/12/03 23:43:58.0644 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

    2010/12/03 23:43:58.0672 amdsata (1591fc5c5ab39cd8a3bc15aca8208db6) C:\Windows\system32\drivers\amdsata.sys

    2010/12/03 23:43:58.0692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

    2010/12/03 23:43:58.0729 amdxata (6c448694cbc493da5163aee19895eaf5) C:\Windows\system32\drivers\amdxata.sys

    2010/12/03 23:43:58.0757 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

    2010/12/03 23:43:58.0869 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

    2010/12/03 23:43:58.0889 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

    2010/12/03 23:43:58.0914 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

    2010/12/03 23:43:58.0932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

    2010/12/03 23:43:58.0974 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

    2010/12/03 23:43:59.0014 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

    2010/12/03 23:43:59.0034 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

    2010/12/03 23:43:59.0059 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

    2010/12/03 23:43:59.0084 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

    2010/12/03 23:43:59.0104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

    2010/12/03 23:43:59.0149 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

    2010/12/03 23:43:59.0174 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

    2010/12/03 23:43:59.0187 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

    2010/12/03 23:43:59.0212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

    2010/12/03 23:43:59.0227 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

    2010/12/03 23:43:59.0249 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

    2010/12/03 23:43:59.0272 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

    2010/12/03 23:43:59.0339 cdrom (bbd597af715a0baf883f935507a46525) C:\Windows\system32\drivers\cdrom.sys

    2010/12/03 23:43:59.0369 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

    2010/12/03 23:43:59.0407 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

    2010/12/03 23:43:59.0424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

    2010/12/03 23:43:59.0482 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

    2010/12/03 23:43:59.0507 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

    2010/12/03 23:43:59.0517 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

    2010/12/03 23:43:59.0544 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

    2010/12/03 23:43:59.0584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

    2010/12/03 23:43:59.0627 CSC (e03cc0f59998002d46119157c656dbcf) C:\Windows\system32\drivers\csc.sys

    2010/12/03 23:43:59.0672 dc3d (abff959dc463e6e1a49dca6657e60b80) C:\Windows\system32\DRIVERS\dc3d.sys

    2010/12/03 23:43:59.0712 DfsC (b0da84490580264b2e7e0d4ea32ce114) C:\Windows\system32\Drivers\dfsc.sys

    2010/12/03 23:43:59.0729 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

    2010/12/03 23:43:59.0747 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

    2010/12/03 23:43:59.0807 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

    2010/12/03 23:43:59.0847 DXGKrnl (7f9b0a1d0bfb7e5b36a3524ab3a5c106) C:\Windows\System32\drivers\dxgkrnl.sys

    2010/12/03 23:43:59.0932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

    2010/12/03 23:43:59.0977 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

    2010/12/03 23:44:00.0002 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

    2010/12/03 23:44:00.0032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

    2010/12/03 23:44:00.0057 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

    2010/12/03 23:44:00.0074 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

    2010/12/03 23:44:00.0117 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

    2010/12/03 23:44:00.0134 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

    2010/12/03 23:44:00.0172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

    2010/12/03 23:44:00.0192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

    2010/12/03 23:44:00.0217 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

    2010/12/03 23:44:00.0307 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

    2010/12/03 23:44:00.0329 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

    2010/12/03 23:44:00.0367 fvevol (722975f0ee50e2f887853804e75ee43a) C:\Windows\system32\DRIVERS\fvevol.sys

    2010/12/03 23:44:00.0392 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

    2010/12/03 23:44:00.0424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    2010/12/03 23:44:00.0444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

    2010/12/03 23:44:00.0497 HdAudAddService (e7a94cb497afeec4166fad66afd70da0) C:\Windows\system32\drivers\HdAudio.sys

    2010/12/03 23:44:00.0539 HDAudBus (600b32e92caf9572a1139899ab53bdbb) C:\Windows\system32\drivers\HDAudBus.sys

    2010/12/03 23:44:00.0564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

    2010/12/03 23:44:00.0577 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

    2010/12/03 23:44:00.0594 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

    2010/12/03 23:44:00.0642 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

    2010/12/03 23:44:00.0677 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

    2010/12/03 23:44:00.0764 HTTP (0310c24b401d870ecee27feb0b3eb079) C:\Windows\system32\drivers\HTTP.sys

    2010/12/03 23:44:00.0779 hwpolicy (742249da1c4c957b4eaeefe02915d0f3) C:\Windows\system32\drivers\hwpolicy.sys

    2010/12/03 23:44:00.0822 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

    2010/12/03 23:44:00.0862 iaStorV (63ef40750bf61b05e2a4475e0d307692) C:\Windows\system32\drivers\iaStorV.sys

    2010/12/03 23:44:00.0894 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

    2010/12/03 23:44:00.0937 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

    2010/12/03 23:44:00.0962 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

    2010/12/03 23:44:00.0987 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    2010/12/03 23:44:01.0024 IPMIDRV (a412aecd778ffb8632c0052b2420ec9c) C:\Windows\system32\drivers\IPMIDrv.sys

    2010/12/03 23:44:01.0044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

    2010/12/03 23:44:01.0062 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

    2010/12/03 23:44:01.0094 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

    2010/12/03 23:44:01.0124 iScsiPrt (eea76b05d67d676fc3ce95a0b9a6a5a4) C:\Windows\system32\drivers\msiscsi.sys

    2010/12/03 23:44:01.0177 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

    2010/12/03 23:44:01.0197 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

    2010/12/03 23:44:01.0237 KSecDD (db32186d6beb61cc42cf868d362dd7bc) C:\Windows\system32\Drivers\ksecdd.sys

    2010/12/03 23:44:01.0264 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

    2010/12/03 23:44:01.0302 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

    2010/12/03 23:44:01.0339 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

    2010/12/03 23:44:01.0362 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

    2010/12/03 23:44:01.0379 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

    2010/12/03 23:44:01.0434 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

    2010/12/03 23:44:01.0467 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

    2010/12/03 23:44:01.0484 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

    2010/12/03 23:44:01.0504 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

    2010/12/03 23:44:01.0532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

    2010/12/03 23:44:01.0567 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

    2010/12/03 23:44:01.0602 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

    2010/12/03 23:44:01.0632 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

    2010/12/03 23:44:01.0647 mountmgr (531df893843d02ce62d3bfa76951c77e) C:\Windows\system32\drivers\mountmgr.sys

    2010/12/03 23:44:01.0679 mpio (1c13ba296f05dbcc3a4a483ab6e2851a) C:\Windows\system32\drivers\mpio.sys

    2010/12/03 23:44:01.0702 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

    2010/12/03 23:44:01.0722 MRxDAV (7836199ea1d407ac82a1ce73a6b98581) C:\Windows\system32\drivers\mrxdav.sys

    2010/12/03 23:44:01.0764 mrxsmb (54a4950980c55723425634b77157f815) C:\Windows\system32\DRIVERS\mrxsmb.sys

    2010/12/03 23:44:01.0802 mrxsmb10 (96008baa0a46847ee3325e0703ef9363) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    2010/12/03 23:44:01.0834 mrxsmb20 (aed9002a283f48b2d33ff9d927ceac21) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    2010/12/03 23:44:01.0862 msahci (08bcec2f04aeae1a4ed35956e6a128ed) C:\Windows\system32\drivers\msahci.sys

    2010/12/03 23:44:01.0882 msdsm (5060e60d01588cd3fd48e27d1aaa9d2f) C:\Windows\system32\drivers\msdsm.sys

    2010/12/03 23:44:01.0922 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

    2010/12/03 23:44:01.0962 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

    2010/12/03 23:44:02.0002 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

    2010/12/03 23:44:02.0029 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

    2010/12/03 23:44:02.0049 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

    2010/12/03 23:44:02.0067 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

    2010/12/03 23:44:02.0109 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

    2010/12/03 23:44:02.0149 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

    2010/12/03 23:44:02.0172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

    2010/12/03 23:44:02.0184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

    2010/12/03 23:44:02.0252 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys

    2010/12/03 23:44:02.0354 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

    2010/12/03 23:44:02.0407 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

    2010/12/03 23:44:02.0449 NDIS (066bd99a254ffacdc446d298fe1b60e4) C:\Windows\system32\drivers\ndis.sys

    2010/12/03 23:44:02.0472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

    2010/12/03 23:44:02.0487 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

    2010/12/03 23:44:02.0509 Ndisuio (32c16991267cab0dbf23ed337f06bf8b) C:\Windows\system32\DRIVERS\ndisuio.sys

    2010/12/03 23:44:02.0527 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

    2010/12/03 23:44:02.0584 NDProxy (d14dd19ab140c8489f8e3d31c4d02700) C:\Windows\system32\drivers\NDProxy.sys

    2010/12/03 23:44:02.0639 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

    2010/12/03 23:44:02.0679 NetBT (99d37ca2ddf10e03026cd49531b9d4f7) C:\Windows\system32\DRIVERS\netbt.sys

    2010/12/03 23:44:02.0724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

    2010/12/03 23:44:02.0739 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

    2010/12/03 23:44:02.0792 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

    2010/12/03 23:44:02.0832 Ntfs (7978f7f87bc19385f405ce65d405a86d) C:\Windows\system32\drivers\Ntfs.sys

    2010/12/03 23:44:02.0869 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys

    2010/12/03 23:44:02.0882 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

    2010/12/03 23:44:03.0109 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys

    2010/12/03 23:44:03.0189 nvraid (e8a72c0362bf9cd69bdf777b02862913) C:\Windows\system32\drivers\nvraid.sys

    2010/12/03 23:44:03.0224 nvstor (992865e9294e4da1dded4c4ad36416d3) C:\Windows\system32\drivers\nvstor.sys

    2010/12/03 23:44:03.0262 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

    2010/12/03 23:44:03.0302 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

    2010/12/03 23:44:03.0337 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

    2010/12/03 23:44:03.0352 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

    2010/12/03 23:44:03.0372 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

    2010/12/03 23:44:03.0439 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys

    2010/12/03 23:44:03.0469 pci (7fedb00b310d59714cc6b01230d13fbb) C:\Windows\system32\drivers\pci.sys

    2010/12/03 23:44:03.0507 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

    2010/12/03 23:44:03.0534 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

    2010/12/03 23:44:03.0557 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

    2010/12/03 23:44:03.0582 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

    2010/12/03 23:44:03.0654 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys

    2010/12/03 23:44:03.0692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

    2010/12/03 23:44:03.0712 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

    2010/12/03 23:44:03.0752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

    2010/12/03 23:44:03.0797 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

    2010/12/03 23:44:03.0822 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

    2010/12/03 23:44:03.0834 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

    2010/12/03 23:44:03.0859 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

    2010/12/03 23:44:03.0882 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

    2010/12/03 23:44:03.0899 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

    2010/12/03 23:44:03.0929 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

    2010/12/03 23:44:03.0947 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

    2010/12/03 23:44:03.0987 rdbss (533156fa661cf702386e4ca914d48e6e) C:\Windows\system32\DRIVERS\rdbss.sys

    2010/12/03 23:44:04.0002 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

    2010/12/03 23:44:04.0034 RDPCDD (894200dc7aee085e1ac6abc3dcfa5e5a) C:\Windows\system32\DRIVERS\RDPCDD.sys

    2010/12/03 23:44:04.0059 RDPDR (f053ce8ab18f35b8f216f5a77e0f85d1) C:\Windows\system32\drivers\rdpdr.sys

    2010/12/03 23:44:04.0069 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

    2010/12/03 23:44:04.0087 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

    2010/12/03 23:44:04.0132 RdpVideoMiniport (105c69a890f730c1b94abcff89548649) C:\Windows\system32\drivers\rdpvideominiport.sys

    2010/12/03 23:44:04.0167 RDPWD (c8108461da6a5b209daaeed035c8b19e) C:\Windows\system32\drivers\RDPWD.sys

    2010/12/03 23:44:04.0187 rdyboost (609fd23d206708babec757bb195464bb) C:\Windows\system32\drivers\rdyboost.sys

    2010/12/03 23:44:04.0239 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

    2010/12/03 23:44:04.0277 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys

    2010/12/03 23:44:04.0297 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

    2010/12/03 23:44:04.0342 sbp2port (1580603cc7d15d42746a40a08f141b90) C:\Windows\system32\drivers\sbp2port.sys

    2010/12/03 23:44:04.0379 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys

    2010/12/03 23:44:04.0397 scfilter (46149917671695c6c53e5cce21bfb964) C:\Windows\system32\DRIVERS\scfilter.sys

    2010/12/03 23:44:04.0429 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

    2010/12/03 23:44:04.0454 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

    2010/12/03 23:44:04.0472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

    2010/12/03 23:44:04.0504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

    2010/12/03 23:44:04.0557 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

    2010/12/03 23:44:04.0569 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

    2010/12/03 23:44:04.0587 sffp_sd (f6cad0228b66355238c80e64b702fe94) C:\Windows\system32\drivers\sffp_sd.sys

    2010/12/03 23:44:04.0612 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

    2010/12/03 23:44:04.0637 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

    2010/12/03 23:44:04.0652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

    2010/12/03 23:44:04.0672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

    2010/12/03 23:44:04.0687 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

    2010/12/03 23:44:04.0712 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

    2010/12/03 23:44:04.0767 srv (565d5d7437009cfd5ddf6072cc079e85) C:\Windows\system32\DRIVERS\srv.sys

    2010/12/03 23:44:04.0792 srv2 (2ce50dafb60833ee9815331bf78e6cec) C:\Windows\system32\DRIVERS\srv2.sys

    2010/12/03 23:44:04.0810 srvnet (20dd90c055e21e57e0586e2528a2268f) C:\Windows\system32\DRIVERS\srvnet.sys

    2010/12/03 23:44:04.0850 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys

    2010/12/03 23:44:04.0867 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys

    2010/12/03 23:44:04.0882 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys

    2010/12/03 23:44:04.0925 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

    2010/12/03 23:44:04.0990 storflt (f9cee86f95372726a519e7d66006fc84) C:\Windows\system32\drivers\vmstorfl.sys

    2010/12/03 23:44:05.0025 storvsc (314b6b5bacee22637c8ad138ac7ae8fc) C:\Windows\system32\drivers\storvsc.sys

    2010/12/03 23:44:05.0042 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

    2010/12/03 23:44:05.0157 Tcpip (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\drivers\tcpip.sys

    2010/12/03 23:44:05.0197 TCPIP6 (ba2997f44bcc249f3c383f0bea7da673) C:\Windows\system32\DRIVERS\tcpip.sys

    2010/12/03 23:44:05.0230 tcpipreg (a371a6485743f7f1d753655869688c8c) C:\Windows\system32\drivers\tcpipreg.sys

    2010/12/03 23:44:05.0262 TDPIPE (a3578156a3682e938abfd5457f5318a8) C:\Windows\system32\drivers\tdpipe.sys

    2010/12/03 23:44:05.0277 TDTCP (d536c371fa5a43f2bee3b60b0857ee77) C:\Windows\system32\drivers\tdtcp.sys

    2010/12/03 23:44:05.0295 tdx (b6cb4ecc4142388ceb7c6c568f9e6cd1) C:\Windows\system32\DRIVERS\tdx.sys

    2010/12/03 23:44:05.0305 TermDD (5cab301fa1300f19dab769f18f05bd17) C:\Windows\system32\drivers\termdd.sys

    2010/12/03 23:44:05.0335 terminpt (e9fddf205210c265c9448f4eab0545a4) C:\Windows\system32\DRIVERS\terminpt.sys

    2010/12/03 23:44:05.0387 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys

    2010/12/03 23:44:05.0432 tssecsrv (14ac0bc654508bf98f9a501f402709cc) C:\Windows\system32\DRIVERS\tssecsrv.sys

    2010/12/03 23:44:05.0467 TsUsbFlt (d0a10ef0d435739a32eed44b6f4cfa21) C:\Windows\system32\drivers\tsusbflt.sys

    2010/12/03 23:44:05.0512 tunnel (ff8fb6c8b15dacfe71057d7b0e79b427) C:\Windows\system32\DRIVERS\tunnel.sys

    2010/12/03 23:44:05.0547 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

    2010/12/03 23:44:05.0575 udfs (00e6889653b8b7f220d3565c953bb185) C:\Windows\system32\DRIVERS\udfs.sys

    2010/12/03 23:44:05.0605 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

    2010/12/03 23:44:05.0667 umbus (b44b6c1f50daa3ed532aa1cfdfd2b192) C:\Windows\system32\drivers\umbus.sys

    2010/12/03 23:44:05.0690 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

    2010/12/03 23:44:05.0745 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

    2010/12/03 23:44:05.0767 usbccgp (76880d8312c4595a6a2909819a869010) C:\Windows\system32\DRIVERS\usbccgp.sys

    2010/12/03 23:44:05.0802 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

    2010/12/03 23:44:05.0822 usbehci (dfb8c7a7fdc1e90ab39f4874cc1aae32) C:\Windows\system32\drivers\usbehci.sys

    2010/12/03 23:44:05.0845 usbhub (b580202f0b982c6e8b7403fb7d285dfe) C:\Windows\system32\drivers\usbhub.sys

    2010/12/03 23:44:05.0865 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

    2010/12/03 23:44:05.0930 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

    2010/12/03 23:44:05.0972 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

    2010/12/03 23:44:05.0992 USBSTOR (251fae54062b021516ba4e538d1ecfb2) C:\Windows\system32\DRIVERS\USBSTOR.SYS

    2010/12/03 23:44:06.0032 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

    2010/12/03 23:44:06.0057 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

    2010/12/03 23:44:06.0090 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

    2010/12/03 23:44:06.0105 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

    2010/12/03 23:44:06.0140 vhdmp (63af903a647295d801163a166351c566) C:\Windows\system32\drivers\vhdmp.sys

    2010/12/03 23:44:06.0205 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

    2010/12/03 23:44:06.0220 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

    2010/12/03 23:44:06.0295 VIAHdAudAddService (ec1fdb8461acca4e34c2022e2b32cf5c) C:\Windows\system32\drivers\viahduaa.sys

    2010/12/03 23:44:06.0332 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

    2010/12/03 23:44:06.0372 vmbus (64d56d26b8d79c31584267ace105521a) C:\Windows\system32\drivers\vmbus.sys

    2010/12/03 23:44:06.0395 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

    2010/12/03 23:44:06.0407 volmgr (608cfc7d3b638ba5843be026951e03d3) C:\Windows\system32\drivers\volmgr.sys

    2010/12/03 23:44:06.0427 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

    2010/12/03 23:44:06.0447 volsnap (cc63437be17db71b356887736680e266) C:\Windows\system32\drivers\volsnap.sys

    2010/12/03 23:44:06.0487 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

    2010/12/03 23:44:06.0507 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

    2010/12/03 23:44:06.0530 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

    2010/12/03 23:44:06.0567 WANARP (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys

    2010/12/03 23:44:06.0575 Wanarpv6 (205ebf4773ffd5dd58a625555d97da1e) C:\Windows\system32\DRIVERS\wanarp.sys

    2010/12/03 23:44:06.0602 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

    2010/12/03 23:44:06.0632 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

    2010/12/03 23:44:06.0675 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

    2010/12/03 23:44:06.0695 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

    2010/12/03 23:44:06.0777 WinUsb (8be4eeaaed25e769c8b3b62df34420c6) C:\Windows\system32\DRIVERS\WinUsb.sys

    2010/12/03 23:44:06.0825 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

    2010/12/03 23:44:06.0855 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

    2010/12/03 23:44:06.0907 WudfPf (07c8005ad9feb4f050e8f83cb177e546) C:\Windows\system32\drivers\WudfPf.sys

    2010/12/03 23:44:06.0940 WUDFRd (59504d70479fdd577adee9ac760290d1) C:\Windows\system32\DRIVERS\WUDFRd.sys

    2010/12/03 23:44:06.0987 ================================================================================

    2010/12/03 23:44:06.0987 Scan finished

    2010/12/03 23:44:06.0987 ================================================================================

    BTW, thanks for the prompt reply. :D

  11. Hi there,

    Thanks in advance for your assistance! :D

    All my google links have been getting redirected since last month, and I've absolutely no idea why. Both IE and Opera seem to have the same problem. I can access most links by clicking on the 'cached' option, but I'm getting sick of having to resort to this.

    I've run multiple MBAM scans to no avail. The following is the most recent log.

    =========

    Malwarebytes' Anti-Malware 1.50

    www.malwarebytes.org

    Database version: 5214

    Windows 6.1.7601 Service Pack 1, v.178

    Internet Explorer 8.0.7601.16562

    3/12/2010 11:13:53 PM

    mbam-log-2010-12-03 (23-13-53).txt

    Scan type: Quick scan

    Objects scanned: 143562

    Time elapsed: 3 minute(s), 16 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 1

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    =========

    Here's the HJT log:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 11:17:48 PM, on 3/12/2010

    Platform: Windows 7 SP1, v.178 (WinNT 6.00.3505)

    MSIE: Internet Explorer v8.00 (8.00.7601.16562)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Microsoft IntelliType Pro\itype.exe

    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

    C:\Windows\framework.exe

    C:\Program Files\Rainmeter\Rainmeter.exe

    C:\Program Files\WordWeb\wweb32.exe

    C:\Users\Evan\AppData\Local\Temp\msconfig.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\NOTEPAD.EXE

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: [framework] framework.exe

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [msconfig] C:\Users\Evan\AppData\Local\Temp\msconfig.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

    O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

    O4 - Startup: Rainmeter.exe - Shortcut.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

    O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --

    End of file - 6983 bytes

    =========

    Thank you for your time. :)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.